From: Todd C. Miller Date: Wed, 18 Apr 2018 20:14:47 +0000 (-0600) Subject: Describe the special handling of LOGNAME, USER and USERNAME. X-Git-Tag: SUDO_1_8_23^2~21 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1e26c6043e78ee6322b590ea5c2502ce6d719ee2;p=sudo Describe the special handling of LOGNAME, USER and USERNAME. Fix typos reported by aspell. --- diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 6ea4e2102..ed00cda73 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -93,7 +93,7 @@ DDEESSCCRRIIPPTTIIOONN ssuuddooeerrss uses per-user time stamp files for credential caching. Once a user has been authenticated, a record is written containing the user ID that was used to authenticate, the terminal session ID, the start time of - the session leader (or parent proccess) and a time stamp (using a + the session leader (or parent process) and a time stamp (using a monotonic clock if one is available). The user may then use ssuuddoo without a password for a short period of time (5 minutes unless overridden by the _t_i_m_e_s_t_a_m_p___t_i_m_e_o_u_t option). By default, ssuuddooeerrss uses a separate record @@ -129,10 +129,16 @@ DDEESSCCRRIIPPTTIIOONN PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in addition to variables from the invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This is effectively a whitelist for - environment variables. Environment variables with a value beginning with - () are removed unless both the name and value parts are matched by - _e_n_v___k_e_e_p or _e_n_v___c_h_e_c_k, as they may be interpreted as functions by the - bbaasshh shell. Prior to version 1.8.11, such variables were always removed. + environment variables. The environment variables LOGNAME, USER and + USERNAME are treated specially. If one or more variables are preserved + from the invoking process, any of the three remaining variables (that + were not explicitly preserved) will be set to the same value as the first + one in the list that was preserved. This avoids an inconsistent + environment where some of the variables describing the user name are set + to the invoking user and some are set to the target user. () are removed + unless both the name and value parts are matched by _e_n_v___k_e_e_p or + _e_n_v___c_h_e_c_k, as they may be interpreted as functions by the bbaasshh shell. + Prior to version 1.8.11, such variables were always removed. If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited @@ -952,13 +958,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS case_insensitive_group If enabled, group names in _s_u_d_o_e_r_s will be matched in a - case insentive manner. This may be necessary when + case insensitive manner. This may be necessary when users are stored in LDAP or AD. This flag is _o_n by default. case_insensitive_user If enabled, user names in _s_u_d_o_e_r_s will be matched in a - case insentive manner. This may be necessary when + case insensitive manner. This may be necessary when groups are stored in LDAP or AD. This flag is _o_n by default. @@ -1459,7 +1465,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS in the time stamp file for each terminal. If disabled, a single record is used for all login sessions. - This option has been superceded by the _t_i_m_e_s_t_a_m_p___t_y_p_e + This option has been superseded by the _t_i_m_e_s_t_a_m_p___t_y_p_e option. umask_override If set, ssuuddoo will set the umask as specified in the @@ -1478,7 +1484,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS use_netgroups If set, netgroups (prefixed with `+'), may be used in place of a user or host. For LDAP-based sudoers, - netgroup support requires an expensive substring match + netgroup support requires an expensive sub-string match on the server unless the NNEETTGGRROOUUPP__BBAASSEE directive is present in the _/_e_t_c_/_l_d_a_p_._c_o_n_f file. If netgroups are not needed, this option can be disabled to reduce the @@ -2913,4 +2919,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.23 April 17, 2018 Sudo 1.8.23 +Sudo 1.8.23 April 18, 2018 Sudo 1.8.23 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 12fecc8b7..360b88335 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -43,7 +43,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "5" "April 17, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "5" "April 18, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -240,7 +240,7 @@ uses per-user time stamp files for credential caching. Once a user has been authenticated, a record is written containing the user ID that was used to authenticate, the terminal session ID, the start time of the session leader -(or parent proccess) and a time stamp +(or parent process) and a time stamp (using a monotonic clock if one is available). The user may then use \fBsudo\fR @@ -344,7 +344,19 @@ and options. This is effectively a whitelist for environment variables. -Environment variables with a value beginning with +The environment variables +\fRLOGNAME\fR, +\fRUSER\fR +and +\fRUSERNAME\fR +are treated specially. +If one or more variables are preserved from the invoking process, +any of the three remaining variables (that were not explicitly +preserved) will be set to the same value as the first one in the +list that was preserved. +This avoids an inconsistent environment where some of the variables +describing the user name are set to the invoking user and some are +set to the target user. \fR()\fR are removed unless both the name and value parts are matched by \fIenv_keep\fR @@ -2067,7 +2079,7 @@ by default. case_insensitive_group If enabled, group names in \fIsudoers\fR -will be matched in a case insentive manner. +will be matched in a case insensitive manner. This may be necessary when users are stored in LDAP or AD. This flag is \fIon\fR @@ -2076,7 +2088,7 @@ by default. case_insensitive_user If enabled, user names in \fIsudoers\fR -will be matched in a case insentive manner. +will be matched in a case insensitive manner. This may be necessary when groups are stored in LDAP or AD. This flag is \fIon\fR @@ -3066,7 +3078,7 @@ With this flag enabled, will use a separate record in the time stamp file for each terminal. If disabled, a single record is used for all login sessions. .sp -This option has been superceded by the +This option has been superseded by the \fItimestamp_type\fR option. .TP 18n @@ -3109,7 +3121,7 @@ If set, netgroups (prefixed with \(oq+\(cq), may be used in place of a user or host. For LDAP-based sudoers, netgroup support requires an expensive -substring match on the server unless the +sub-string match on the server unless the \fBNETGROUP_BASE\fR directive is present in the \fI@ldap_conf@\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index c63ba4b24..3f4ebe45e 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd April 17, 2018 +.Dd April 18, 2018 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -206,7 +206,7 @@ uses per-user time stamp files for credential caching. Once a user has been authenticated, a record is written containing the user ID that was used to authenticate, the terminal session ID, the start time of the session leader -(or parent proccess) and a time stamp +(or parent process) and a time stamp (using a monotonic clock if one is available). The user may then use .Nm sudo @@ -311,7 +311,19 @@ and options. This is effectively a whitelist for environment variables. -Environment variables with a value beginning with +The environment variables +.Ev LOGNAME , +.Ev USER +and +.Ev USERNAME +are treated specially. +If one or more variables are preserved from the invoking process, +any of the three remaining variables (that were not explicitly +preserved) will be set to the same value as the first one in the +list that was preserved. +This avoids an inconsistent environment where some of the variables +describing the user name are set to the invoking user and some are +set to the target user. .Li () are removed unless both the name and value parts are matched by .Em env_keep @@ -1914,7 +1926,7 @@ by default. .It case_insensitive_group If enabled, group names in .Em sudoers -will be matched in a case insentive manner. +will be matched in a case insensitive manner. This may be necessary when users are stored in LDAP or AD. This flag is .Em on @@ -1922,7 +1934,7 @@ by default. .It case_insensitive_user If enabled, user names in .Em sudoers -will be matched in a case insentive manner. +will be matched in a case insensitive manner. This may be necessary when groups are stored in LDAP or AD. This flag is .Em on @@ -2860,7 +2872,7 @@ With this flag enabled, will use a separate record in the time stamp file for each terminal. If disabled, a single record is used for all login sessions. .Pp -This option has been superceded by the +This option has been superseded by the .Em timestamp_type option. .It umask_override @@ -2900,7 +2912,7 @@ If set, netgroups (prefixed with .Ql + ) , may be used in place of a user or host. For LDAP-based sudoers, netgroup support requires an expensive -substring match on the server unless the +sub-string match on the server unless the .Sy NETGROUP_BASE directive is present in the .Pa @ldap_conf@