From: Todd C. Miller Date: Sat, 22 Apr 2000 18:15:15 +0000 (+0000) Subject: Use B<-Z> not C<-Z> for command line flags in all places. This is more X-Git-Tag: SUDO_1_6_4~278 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=30daa83259de74561e80c7c7d194f9acb180497e;p=sudo Use B<-Z> not C<-Z> for command line flags in all places. This is more consistent and works around a bug in Pod::Man. --- diff --git a/sudo.cat b/sudo.cat index 4964f70ba..bda189d18 100644 --- a/sudo.cat +++ b/sudo.cat @@ -26,17 +26,17 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN time (five minutes by default). ssssuuuuddddoooo determines who is an authorized user by consulting - the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the `-v' flag a - user can update the time stamp without running a _c_o_m_m_a_n_d_. - The password prompt itself will also time out if the - user's password is not entered with N minutes (again, this - is defined at configure time and defaults to 5 minutes). + the file _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssssuuuuddddoooo the ----vvvv flag a user + can update the time stamp without running a _c_o_m_m_a_n_d_. The + password prompt itself will also time out if the user's + password is not entered with N minutes (again, this is + defined at configure time and defaults to 5 minutes). If a user that is not listed in the _s_u_d_o_e_r_s file tries to run a command via ssssuuuuddddoooo, mail is sent to the proper author­ ities, as defined at configure time (defaults to root). Note that the mail will not be sent if an unauthorized - user tries to run sudo with the `-l' or `-v' flags. This + user tries to run sudo with the ----llll or ----vvvv flags. This allows users to determine for themselves whether or not they are allowed to use ssssuuuuddddoooo. @@ -48,20 +48,20 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN OOOOPPPPTTTTIIIIOOOONNNNSSSS ssssuuuuddddoooo accepts the following command line options: - -V The `-V' (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the - version number and exit. + -V The ----VVVV (_v_e_r_s_i_o_n) option causes ssssuuuuddddoooo to print the ver­ + sion number and exit. - -l The `-l' (_l_i_s_t) option will list out the allowed (and + -l The ----llll (_l_i_s_t) option will list out the allowed (and forbidden) commands for the user on the current host. - -L The `-L' (_l_i_s_t defaults) option will list out the - parameters that may be set in a _D_e_f_a_u_l_t_s line along - with a short description for each. This option is - useful in conjunction with _g_r_e_p(1). + -L The ----LLLL (_l_i_s_t defaults) option will list out the param­ + eters that may be set in a _D_e_f_a_u_l_t_s line along with a + short description for each. This option is useful in + conjunction with _g_r_e_p(1). -April 7, 2000 1.6.3 1 +April 22, 2000 1.6.3 1 @@ -70,44 +70,44 @@ April 7, 2000 1.6.3 1 sudo(1m) MAINTENANCE COMMANDS sudo(1m) - -h The `-h' (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage - message and exit. + -h The ----hhhh (_h_e_l_p) option causes ssssuuuuddddoooo to print a usage mes­ + sage and exit. - -v If given the `-v' (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update + -v If given the ----vvvv (_v_a_l_i_d_a_t_e) option, ssssuuuuddddoooo will update the user's timestamp, prompting for the user's pass­ word if necessary. This extends the ssssuuuuddddoooo timeout to for another N minutes (where N is defined at installa­ tion time and defaults to 5 minutes) but does not run a command. - -k The `-k' (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's + -k The ----kkkk (_k_i_l_l) option to ssssuuuuddddoooo invalidates the user's timestamp by setting the time on it to the epoch. The next time ssssuuuuddddoooo is run a password will be required. This option does not require a password and was added to allow a user to revoke ssssuuuuddddoooo permissions from a .logout file. - -K The `-K' (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's + -K The ----KKKK (sure _k_i_l_l) option to ssssuuuuddddoooo removes the user's timestamp entirely. This option does not require a password. - -b The `-b' (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the - given command in the background. Note that if you use - the `-b' option you cannot use shell job control to - manipulate the command. + -b The ----bbbb (_b_a_c_k_g_r_o_u_n_d) option tells ssssuuuuddddoooo to run the given + command in the background. Note that if you use the + ----bbbb option you cannot use shell job control to manipu­ + late the command. - -p The `-p' (_p_r_o_m_p_t) option allows you to override the + -p The ----pppp (_p_r_o_m_p_t) option allows you to override the default password prompt and use a custom one. If the password prompt contains the `%u' escape, `%u' will be replaced with the user's login name. Similarly, `%h' will be replaced with the local hostname. - -c The `-c' (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the speci­ - fied command with resources limited by the specified - login class. The _c_l_a_s_s argument can be either a class - name as defined in /etc/login.conf, or a single '-' - character. Specifying the _c_l_a_s_s as '-' means that the - command should be run restricted by the default login + -c The ----cccc (_c_l_a_s_s) option causes ssssuuuuddddoooo to run the specified + command with resources limited by the specified login + class. The _c_l_a_s_s argument can be either a class name + as defined in /etc/login.conf, or a single '-' charac­ + ter. Specifying the _c_l_a_s_s as '-' means that the com­ + mand should be run restricted by the default login capibilities of the user the command is run as. If the _c_l_a_s_s argument specifies an existing user class, the command must be run as root, or the ssssuuuuddddoooo command @@ -116,18 +116,18 @@ sudo(1m) MAINTENANCE COMMANDS sudo(1m) classes where ssssuuuuddddoooo has been configured with the --with-logincap option. - -u The `-u' (_u_s_e_r) option causes ssssuuuuddddoooo to run the speci­ - fied command as a user other than _r_o_o_t. To specify a - _u_i_d instead of a _u_s_e_r_n_a_m_e, use "#uid". + -u The ----uuuu (_u_s_e_r) option causes ssssuuuuddddoooo to run the specified + command as a user other than _r_o_o_t. To specify a _u_i_d + instead of a _u_s_e_r_n_a_m_e, use "#uid". - -s The `-s' (_s_h_e_l_l) option runs the shell specified by - the _S_H_E_L_L environment variable if it is set or the - shell as specified in _p_a_s_s_w_d(4). + -s The ----ssss (_s_h_e_l_l) option runs the shell specified by the + _S_H_E_L_L environment variable if it is set or the shell + as specified in _p_a_s_s_w_d(4). -April 7, 2000 1.6.3 2 +April 22, 2000 1.6.3 2 @@ -136,18 +136,17 @@ April 7, 2000 1.6.3 2 sudo(1m) MAINTENANCE COMMANDS sudo(1m) - -H The `-H' (_H_O_M_E) option sets the _H_O_M_E environment vari­ + -H The ----HHHH (_H_O_M_E) option sets the _H_O_M_E environment vari­ able to the homedir of the target user (root by default) as specified in _p_a_s_s_w_d(4). By default, ssssuuuuddddoooo does not modify _H_O_M_E. - -S The `-S' (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the pass­ - word from standard input instead of the terminal - device. + -S The ----SSSS (_s_t_d_i_n) option causes ssssuuuuddddoooo to read the password + from standard input instead of the terminal device. - -- The `--' flag indicates that ssssuuuuddddoooo should stop process­ - ing command line arguments. It is most useful in con­ - junction with the `-s' flag. + -- The -------- flag indicates that ssssuuuuddddoooo should stop processing + command line arguments. It is most useful in conjunc­ + tion with the ----ssss flag. RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS Upon successful execution of a program, the return value @@ -189,11 +188,12 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE For security reasons, if your OS supports shared libraries and does not disable user-defined library search paths for setuid programs (most do), you should either use a linker - option that disables this behavior or link ssssuuuuddddoooo + option that disables this behavior or link ssssuuuuddddoooo stati­ + cally. -April 7, 2000 1.6.3 3 +April 22, 2000 1.6.3 3 @@ -202,8 +202,6 @@ April 7, 2000 1.6.3 3 sudo(1m) MAINTENANCE COMMANDS sudo(1m) - statically. - ssssuuuuddddoooo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con­ tents if it is not owned by root and only writable by @@ -256,19 +254,18 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS partition. Note that this runs the commands in a sub- shell to make the `cd' and file redirection work. + % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" -April 7, 2000 1.6.3 4 - +April 22, 2000 1.6.3 4 -sudo(1m) MAINTENANCE COMMANDS sudo(1m) - % sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" +sudo(1m) MAINTENANCE COMMANDS sudo(1m) EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT @@ -322,20 +319,20 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS If users have sudo `ALL' there is nothing to prevent them from creating their own program that gives them a root + shell regardless of any '!' elements in the user specifi­ + cation. -April 7, 2000 1.6.3 5 +April 22, 2000 1.6.3 5 -sudo(1m) MAINTENANCE COMMANDS sudo(1m) +sudo(1m) MAINTENANCE COMMANDS sudo(1m) - shell regardless of any '!' elements in the user specifi­ - cation. Running shell scripts via ssssuuuuddddoooo can expose the same kernel bugs that make setuid shell scripts unsafe on some operat­ @@ -391,6 +388,9 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 7, 2000 1.6.3 6 + + + +April 22, 2000 1.6.3 6 diff --git a/sudo.man.in b/sudo.man.in index 4e4fd4c5c..0fc99075b 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.02 -.\" Fri Apr 7 08:37:05 2000 +.\" Sat Apr 22 12:13:37 2000 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sudo @mansectsu@" -.TH sudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS" +.TH sudo @mansectsu@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudo \- execute a command as another user @@ -155,13 +155,13 @@ real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, \fBsudo\fR requires that users authenticate themselves with a password -(NOTE: this is the user's password, not the root password). Once +(\s-1NOTE:\s0 this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (five minutes by default). .PP \&\fBsudo\fR determines who is an authorized user by consulting the -file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \f(CW\*(C`\-v\*(C'\fR flag a user +file \fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user can update the time stamp without running a \fIcommand.\fR The password prompt itself will also time out if the user's password is not entered with N minutes (again, this is defined at configure @@ -171,7 +171,7 @@ If a user that is not listed in the \fIsudoers\fR file tries to run a command via \fBsudo\fR, mail is sent to the proper authorities, as defined at configure time (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo -with the \f(CW\*(C`\-l\*(C'\fR or \f(CW\*(C`\-v\*(C'\fR flags. This allows users to determine +with the \fB\-l\fR or \fB\-v\fR flags. This allows users to determine for themselves whether or not they are allowed to use \fBsudo\fR. .PP \&\fBsudo\fR can log both successful an unsuccessful attempts (as well @@ -182,53 +182,53 @@ will log via \fIsyslog\fR\|(3) but this is changeable at configure time. \&\fBsudo\fR accepts the following command line options: .Ip "\-V" 4 .IX Item "-V" -The \f(CW\*(C`\-V\*(C'\fR (\fIversion\fR) option causes \fBsudo\fR to print the +The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the version number and exit. .Ip "\-l" 4 .IX Item "-l" -The \f(CW\*(C`\-l\*(C'\fR (\fIlist\fR) option will list out the allowed (and +The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and forbidden) commands for the user on the current host. .Ip "\-L" 4 .IX Item "-L" -The \f(CW\*(C`\-L\*(C'\fR (\fIlist\fR defaults) option will list out the parameters +The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters that may be set in a \fIDefaults\fR line along with a short description for each. This option is useful in conjunction with \fIgrep\fR\|(1). .Ip "\-h" 4 .IX Item "-h" -The \f(CW\*(C`\-h\*(C'\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. +The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. .Ip "\-v" 4 .IX Item "-v" -If given the \f(CW\*(C`\-v\*(C'\fR (\fIvalidate\fR) option, \fBsudo\fR will update the +If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the user's timestamp, prompting for the user's password if necessary. This extends the \fBsudo\fR timeout to for another N minutes (where N is defined at installation time and defaults to 5 minutes) but does not run a command. .Ip "\-k" 4 .IX Item "-k" -The \f(CW\*(C`\-k\*(C'\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp +The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp by setting the time on it to the epoch. The next time \fBsudo\fR is run a password will be required. This option does not require a password and was added to allow a user to revoke \fBsudo\fR permissions from a .logout file. .Ip "\-K" 4 .IX Item "-K" -The \f(CW\*(C`\-K\*(C'\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp +The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp entirely. This option does not require a password. .Ip "\-b" 4 .IX Item "-b" -The \f(CW\*(C`\-b\*(C'\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given -command in the background. Note that if you use the \f(CW\*(C`\-b\*(C'\fR +The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given +command in the background. Note that if you use the \fB\-b\fR option you cannot use shell job control to manipulate the command. .Ip "\-p" 4 .IX Item "-p" -The \f(CW\*(C`\-p\*(C'\fR (\fIprompt\fR) option allows you to override the default +The \fB\-p\fR (\fIprompt\fR) option allows you to override the default password prompt and use a custom one. If the password prompt contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local hostname. .Ip "\-c" 4 .IX Item "-c" -The \f(CW\*(C`\-c\*(C'\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command +The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command with resources limited by the specified login class. The \fIclass\fR argument can be either a class name as defined in /etc/login.conf, or a single '\-' character. Specifying the \fIclass\fR as '\-' means @@ -236,30 +236,30 @@ that the command should be run restricted by the default login capibilities of the user the command is run as. If the \fIclass\fR argument specifies an existing user class, the command must be run as root, or the \fBsudo\fR command must be run from a shell that is already -root. This option is only available on systems with BSD login classes +root. This option is only available on systems with \s-1BSD\s0 login classes where \fBsudo\fR has been configured with the \-\-with-logincap option. .Ip "\-u" 4 .IX Item "-u" -The \f(CW\*(C`\-u\*(C'\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command +The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a \&\fIusername\fR, use \*(L"#uid\*(R". .Ip "\-s" 4 .IX Item "-s" -The \f(CW\*(C`\-s\*(C'\fR (\fIshell\fR) option runs the shell specified by the \fISHELL\fR +The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR environment variable if it is set or the shell as specified in \fIpasswd\fR\|(@mansectform@). .Ip "\-H" 4 .IX Item "-H" -The \f(CW\*(C`\-H\*(C'\fR (\fIHOME\fR) option sets the \fIHOME\fR environment variable +The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable to the homedir of the target user (root by default) as specified -in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fIHOME\fR. +in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \fI\s-1HOME\s0\fR. .Ip "\-S" 4 .IX Item "-S" -The \f(CW\*(C`\-S\*(C'\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from +The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from standard input instead of the terminal device. .Ip "\-\-" 4 -The \f(CW\*(C`\-\-\*(C'\fR flag indicates that \fBsudo\fR should stop processing command -line arguments. It is most useful in conjunction with the \f(CW\*(C`\-s\*(C'\fR flag. +The \fB\--\fR flag indicates that \fBsudo\fR should stop processing command +line arguments. It is most useful in conjunction with the \fB\-s\fR flag. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Upon successful execution of a program, the return value from \fBsudo\fR @@ -281,7 +281,7 @@ unreachable. \&\fBsudo\fR tries to be safe when executing external commands. Variables that control how dynamic loading and binding is done can be used to subvert the program that \fBsudo\fR runs. To combat this the -\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (HP-UX only), and \f(CW\*(C`LIBPATH\*(C'\fR (AIX +\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0 only) environment variables are removed from the environment passed on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR, \&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR, @@ -290,11 +290,11 @@ threat. .PP To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting current directory) last when searching for a command in the user's -PATH (if one or both are in the PATH). Note, however, that the +\&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0). Note, however, that the actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed unchanged to the program that \fBsudo\fR executes. .PP -For security reasons, if your OS supports shared libraries and does +For security reasons, if your \s-1OS\s0 supports shared libraries and does not disable user-defined library search paths for setuid programs (most do), you should either use a linker option that disables this behavior or link \fBsudo\fR statically. @@ -387,7 +387,7 @@ version consists of code written primarily by: \& Todd Miller \& Chris Jepeway .Ve -See the HISTORY file in the \fBsudo\fR distribution for a short history +See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution for a short history of \fBsudo\fR. .SH "BUGS" .IX Header "BUGS" @@ -395,10 +395,10 @@ If you feel you have found a bug in sudo, please submit a bug report at http://www.courtesan.com/sudo/bugs/ .SH "DISCLAIMER" .IX Header "DISCLAIMER" -\&\fBSudo\fR is provided ``AS IS'' and any express or implied warranties, +\&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with \fBsudo\fR for complete details. +See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. .SH "CAVEATS" .IX Header "CAVEATS" There is no easy way to prevent a user from gaining a root shell if @@ -410,7 +410,7 @@ elements in the user specification. .PP Running shell scripts via \fBsudo\fR can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems -(if your OS supports the /dev/fd/ directory, setuid shell scripts +(if your \s-1OS\s0 supports the /dev/fd/ directory, setuid shell scripts are generally safe). .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/sudo.pod b/sudo.pod index 7cbb65f1b..16ae36416 100644 --- a/sudo.pod +++ b/sudo.pod @@ -59,7 +59,7 @@ user may then use sudo without a password for a short period of time (five minutes by default). B determines who is an authorized user by consulting the -file F<@sysconfdir@/sudoers>. By giving B the C<-v> flag a user +file F<@sysconfdir@/sudoers>. By giving B the B<-v> flag a user can update the time stamp without running a I The password prompt itself will also time out if the user's password is not entered with N minutes (again, this is defined at configure @@ -69,7 +69,7 @@ If a user that is not listed in the I file tries to run a command via B, mail is sent to the proper authorities, as defined at configure time (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo -with the C<-l> or C<-v> flags. This allows users to determine +with the B<-l> or B<-v> flags. This allows users to determine for themselves whether or not they are allowed to use B. B can log both successful an unsuccessful attempts (as well @@ -84,27 +84,27 @@ B accepts the following command line options: =item -V -The C<-V> (I) option causes B to print the +The B<-V> (I) option causes B to print the version number and exit. =item -l -The C<-l> (I) option will list out the allowed (and +The B<-l> (I) option will list out the allowed (and forbidden) commands for the user on the current host. =item -L -The C<-L> (I defaults) option will list out the parameters +The B<-L> (I defaults) option will list out the parameters that may be set in a I line along with a short description for each. This option is useful in conjunction with grep(1). =item -h -The C<-h> (I) option causes B to print a usage message and exit. +The B<-h> (I) option causes B to print a usage message and exit. =item -v -If given the C<-v> (I) option, B will update the +If given the B<-v> (I) option, B will update the user's timestamp, prompting for the user's password if necessary. This extends the B timeout to for another N minutes (where N is defined at installation time and defaults to 5 @@ -112,7 +112,7 @@ minutes) but does not run a command. =item -k -The C<-k> (I) option to B invalidates the user's timestamp +The B<-k> (I) option to B invalidates the user's timestamp by setting the time on it to the epoch. The next time B is run a password will be required. This option does not require a password and was added to allow a user to revoke B permissions from a .logout @@ -120,18 +120,18 @@ file. =item -K -The C<-K> (sure I) option to B removes the user's timestamp +The B<-K> (sure I) option to B removes the user's timestamp entirely. This option does not require a password. =item -b -The C<-b> (I) option tells B to run the given -command in the background. Note that if you use the C<-b> +The B<-b> (I) option tells B to run the given +command in the background. Note that if you use the B<-b> option you cannot use shell job control to manipulate the command. =item -p -The C<-p> (I) option allows you to override the default +The B<-p> (I) option allows you to override the default password prompt and use a custom one. If the password prompt contains the C<%u> escape, C<%u> will be replaced with the user's login name. Similarly, C<%h> will be replaced with the local @@ -139,7 +139,7 @@ hostname. =item -c -The C<-c> (I) option causes B to run the specified command +The B<-c> (I) option causes B to run the specified command with resources limited by the specified login class. The I argument can be either a class name as defined in /etc/login.conf, or a single '-' character. Specifying the I as '-' means @@ -152,31 +152,31 @@ where B has been configured with the --with-logincap option. =item -u -The C<-u> (I) option causes B to run the specified command +The B<-u> (I) option causes B to run the specified command as a user other than I. To specify a I instead of a I, use "#uid". =item -s -The C<-s> (I) option runs the shell specified by the I +The B<-s> (I) option runs the shell specified by the I environment variable if it is set or the shell as specified in passwd(5). =item -H -The C<-H> (I) option sets the I environment variable +The B<-H> (I) option sets the I environment variable to the homedir of the target user (root by default) as specified in passwd(5). By default, B does not modify I. =item -S -The C<-S> (I) option causes B to read the password from +The B<-S> (I) option causes B to read the password from standard input instead of the terminal device. =item -- -The C<--> flag indicates that B should stop processing command -line arguments. It is most useful in conjunction with the C<-s> flag. +The B<--> flag indicates that B should stop processing command +line arguments. It is most useful in conjunction with the B<-s> flag. =back diff --git a/sudoers.cat b/sudoers.cat index 6fd0099da..e71b17eda 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -April 7, 2000 1.6.3 1 +April 22, 2000 1.6.3 1 @@ -127,7 +127,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 2 +April 22, 2000 1.6.3 2 @@ -193,7 +193,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 3 +April 22, 2000 1.6.3 3 @@ -259,7 +259,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 4 +April 22, 2000 1.6.3 4 @@ -312,20 +312,20 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) shell_noargs If set and ssssuuuuddddoooo is invoked with no arguments - it acts as if the `-s' flag had been given. + it acts as if the ----ssss flag had been given. That is, it runs a shell as root (the shell is determined by the `SHELL' environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is off by default. - set_home If set and ssssuuuuddddoooo is invoked with the `-s' flag + set_home If set and ssssuuuuddddoooo is invoked with the ----ssss flag the `HOME' environment variable will be set to the home directory of the target user (which -April 7, 2000 1.6.3 5 +April 22, 2000 1.6.3 5 @@ -334,9 +334,9 @@ April 7, 2000 1.6.3 5 sudoers(4) MAINTENANCE COMMANDS sudoers(4) - is root unless the `-u' option is used). This - effectively makes the `-s' flag imply `-H'. - This flag is off by default. + is root unless the ----uuuu option is used). This + effectively makes the ----ssss flag imply ----HHHH. This + flag is off by default. path_info Normally, ssssuuuuddddoooo will tell the user when a com­ mand could not be found in their `$PATH'. @@ -391,7 +391,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 6 +April 22, 2000 1.6.3 6 @@ -416,13 +416,13 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) default. targetpw If set, ssssuuuuddddoooo will prompt for the password of - the user specified by the `-u' flag (defaults - to root) instead of the password of the invok­ - ing user. This flag is off by default. + the user specified by the ----uuuu flag (defaults to + root) instead of the password of the invoking + user. This flag is off by default. set_logname Normally, ssssuuuuddddoooo will set the `LOGNAME' and `USER' environment variables to the name of - the target user (usually root unless the `-u' + the target user (usually root unless the ----uuuu flag is given). However, since some programs (including the RCS revision control system) use `LOGNAME' to determine the real identity @@ -457,7 +457,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 7 +April 22, 2000 1.6.3 7 @@ -498,17 +498,17 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) tamp files. The default is _/_v_a_r_/_r_u_n_/_s_u_d_o. passprompt The default prompt to use when asking for a - password; can be overridden via the `-p' - option or the `SUDO_PROMPT' environment vari­ - able. Supports two escapes: "%u" expands to - the user's login name and "%h" expands to the + password; can be overridden via the ----pppp option + or the `SUDO_PROMPT' environment variable. + Supports two escapes: "%u" expands to the + user's login name and "%h" expands to the local hostname. The default value is "Pass­ word:". runas_default - The default user to run commands as if the - `-u' flag is not specified on the command - line. This defaults to "root". + The default user to run commands as if the ----uuuu + flag is not specified on the command line. + This defaults to "root". syslog_goodpri Syslog priority to use when user authenticates @@ -523,7 +523,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 8 +April 22, 2000 1.6.3 8 @@ -553,7 +553,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) at configure time. mailerflags Flags to use when invoking mailer. Defaults to - `-t'. + ----tttt. mailto Address to send warning and erorr mail to. Defaults to "root". @@ -571,8 +571,8 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) the "user path." This is not set by default. verifypw This option controls when a password will be - required when a user runs ssssuuuuddddoooo with the ----vvvv. - It has the following possible values: + required when a user runs ssssuuuuddddoooo with the ----vvvv + flag. It has the following possible values: all All the user's I entries for the current host must have the C @@ -589,7 +589,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 9 +April 22, 2000 1.6.3 9 @@ -655,7 +655,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 10 +April 22, 2000 1.6.3 10 @@ -712,8 +712,8 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) By default, if the `NOPASSWD' tag is applied to any of the entries for a user on the current host, he or she will be - able to run `sudo -l' without a password. Additionally, a - user may only run `sudo -v' without a password if the + able to run `sudo \-l' without a password. Additionally, + a user may only run `sudo \-v' without a password if the `NOPASSWD' tag is present for all a user's entries that pertain to the current host. This behavior may be over­ ridden via the verifypw and listpw options. @@ -721,7 +721,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 11 +April 22, 2000 1.6.3 11 @@ -787,7 +787,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 12 +April 22, 2000 1.6.3 12 @@ -853,7 +853,7 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS -April 7, 2000 1.6.3 13 +April 22, 2000 1.6.3 13 @@ -919,7 +919,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 14 +April 22, 2000 1.6.3 14 @@ -985,7 +985,7 @@ sudoers(4) MAINTENANCE COMMANDS sudoers(4) -April 7, 2000 1.6.3 15 +April 22, 2000 1.6.3 15 @@ -1051,7 +1051,7 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS -April 7, 2000 1.6.3 16 +April 22, 2000 1.6.3 16 @@ -1117,6 +1117,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 7, 2000 1.6.3 17 +April 22, 2000 1.6.3 17 diff --git a/sudoers.man.in b/sudoers.man.in index 5f37e06ed..62c06e033 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.02 -.\" Fri Apr 7 08:37:06 2000 +.\" Sat Apr 22 12:13:37 2000 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sudoers @mansectform@" -.TH sudoers @mansectform@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS" +.TH sudoers @mansectform@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudoers \- list of which users may execute what @@ -147,19 +147,19 @@ sudoers \- list of which users may execute what The \fIsudoers\fR file is composed two types of entries: aliases (basically variables) and user specifications (which specify who may run what). The grammar of \fIsudoers\fR -will be described below in Extended Backus-Naur Form (EBNF). -Don't despair if you don't know what EBNF is, it is fairly +will be described below in Extended Backus-Naur Form (\s-1EBNF\s0). +Don't despair if you don't know what \s-1EBNF\s0 is, it is fairly simple and the definitions below are annotated. -.Sh "Quick guide to EBNF" +.Sh "Quick guide to \s-1EBNF\s0" .IX Subsection "Quick guide to EBNF" -EBNF is a concise and exact way of describing the grammar of a language. -Each EBNF definition is made up of \fIproduction rules\fR. Eg. +\&\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language. +Each \s-1EBNF\s0 definition is made up of \fIproduction rules\fR. Eg. .PP .Vb 1 \& symbol ::= definition | alternate1 | alternate2 ... .Ve Each \fIproduction rule\fR references others and thus makes up a -grammar for the language. EBNF also contains the following +grammar for the language. \s-1EBNF\s0 also contains the following operators, which many readers will recognize from regular expressions. Do not, however, confuse them with \*(L"wildcard\*(R" characters, which have different meanings. @@ -265,13 +265,13 @@ instead of a \f(CW\*(C`User_Alias\*(C'\fR. \& '!'* '+'netgroup | \& '!'* Host_Alias .Ve -A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, IP addresses, +A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, \s-1IP\s0 addresses, network numbers, netgroups (prefixed with '+') and other aliases. Again, the value of an item may be negated with the '!' operator. If you do not specify a netmask with a network number, the netmask of the host's ethernet \fIinterface\fR\|(s) will be used when matching. The netmask may be specified either in dotted quad notation (eg. -255.255.255.0) or CIDR notation (number of bits, eg. 24). A hostname +255.255.255.0) or \s-1CIDR\s0 notation (number of bits, eg. 24). A hostname may include shell-style wildcards (see `Wildcards' section below), but unless the \f(CW\*(C`hostname\*(C'\fR command on your machine returns the fully qualified hostname, you'll need to use the \fIfqdn\fR option for wildcards @@ -338,7 +338,7 @@ be escaped with a backslash (\f(CW\*(C`\e\*(C'\fR). \&\fBFlags\fR: .Ip "long_otp_prompt" 12 .IX Item "long_otp_prompt" -When validating with a One Time Password scheme (\fBS/Key\fR or \fBOPIE\fR), +When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR), a two-line prompt is used to make it easier to cut and paste the challenge to a local window. It's not as pretty as the default but some people find it more convenient. This flag is off by default. @@ -398,16 +398,16 @@ This flag is off by default. .Ip "shell_noargs" 12 .IX Item "shell_noargs" If set and \fBsudo\fR is invoked with no arguments it acts as if the -\&\f(CW\*(C`\-s\*(C'\fR flag had been given. That is, it runs a shell as root (the +\&\fB\-s\fR flag had been given. That is, it runs a shell as root (the shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is off by default. .Ip "set_home" 12 .IX Item "set_home" -If set and \fBsudo\fR is invoked with the \f(CW\*(C`\-s\*(C'\fR flag the \f(CW\*(C`HOME\*(C'\fR +If set and \fBsudo\fR is invoked with the \fB\-s\fR flag the \f(CW\*(C`HOME\*(C'\fR environment variable will be set to the home directory of the target -user (which is root unless the \f(CW\*(C`\-u\*(C'\fR option is used). This effectively -makes the \f(CW\*(C`\-s\*(C'\fR flag imply \f(CW\*(C`\-H\*(C'\fR. This flag is off by default. +user (which is root unless the \fB\-u\fR option is used). This effectively +makes the \fB\-s\fR flag imply \fB\-H\fR. This flag is off by default. .Ip "path_info" 12 .IX Item "path_info" Normally, \fBsudo\fR will tell the user when a command could not be @@ -422,13 +422,13 @@ be confusing. This flag is off by default. Set this flag if you want to put fully qualified hostnames in the \&\fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu. You may still use the short form if you wish (and even mix the two). -Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make DNS lookups -which may make \fBsudo\fR unusable if DNS stops working (for example +Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups +which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example if the machine is not plugged into the network). Also note that -you must use the host's official name as DNS knows it. That is, +you must use the host's official name as \s-1DNS\s0 knows it. That is, you may not use a host alias (\f(CW\*(C`CNAME\*(C'\fR entry) due to performance issues and the fact that there is no way to get all aliases from -DNS. If your machine's hostname (as returned by the \f(CW\*(C`hostname\*(C'\fR +\&\s-1DNS\s0. If your machine's hostname (as returned by the \f(CW\*(C`hostname\*(C'\fR command) is already fully qualified you shouldn't need to set \&\fIfqfn\fR. This flag is off by default. .Ip "insults" 12 @@ -445,12 +445,12 @@ this flag to prevent a user from entering a visible password. This flag is off by default. .Ip "env_editor" 12 .IX Item "env_editor" -If set, \fBvisudo\fR will use the value of the EDITOR or VISUAL +If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environment variables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the \f(CW\*(C`editor\*(C'\fR -variable. \fBvisudo\fR will then only use the EDITOR or VISUAL if +variable. \fBvisudo\fR will then only use the \s-1EDITOR\s0 or \s-1VISUAL\s0 if they match a value specified in \f(CW\*(C`editor\*(C'\fR. This flag is off by default. .Ip "rootpw" 12 @@ -465,13 +465,13 @@ of the invoking user. This flag is off by default. .Ip "targetpw" 12 .IX Item "targetpw" If set, \fBsudo\fR will prompt for the password of the user specified by -the \f(CW\*(C`\-u\*(C'\fR flag (defaults to root) instead of the password of the +the \fB\-u\fR flag (defaults to root) instead of the password of the invoking user. This flag is off by default. .Ip "set_logname" 12 .IX Item "set_logname" Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR and \f(CW\*(C`USER\*(C'\fR environment variables -to the name of the target user (usually root unless the \f(CW\*(C`\-u\*(C'\fR flag is given). -However, since some programs (including the RCS revision control system) +to the name of the target user (usually root unless the \fB\-u\fR flag is given). +However, since some programs (including the \s-1RCS\s0 revision control system) use \f(CW\*(C`LOGNAME\*(C'\fR to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. .Ip "use_loginclass" 12 @@ -511,7 +511,7 @@ not override the user's umask. The default is 0022. .IX Item "mailsub" Subject of the mail sent to the \fImailto\fR user. The escape \f(CW\*(C`%h\*(C'\fR will expand to the hostname of the machine. -Default is \*(L"*** SECURITY information for \f(CW%h\fR ***\*(R". +Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R". .Ip "badpass_message" 12 .IX Item "badpass_message" Message that is displayed if a user enters an incorrect password. @@ -523,12 +523,12 @@ The default is \fI@TIMEDIR@\fR. .Ip "passprompt" 12 .IX Item "passprompt" The default prompt to use when asking for a password; can be overridden -via the \f(CW\*(C`\-p\*(C'\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable. Supports +via the \fB\-p\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable. Supports two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands to the local hostname. The default value is \*(L"Password:\*(R". .Ip "runas_default" 12 .IX Item "runas_default" -The default user to run commands as if the \f(CW\*(C`\-u\*(C'\fR flag is not specified +The default user to run commands as if the \fB\-u\fR flag is not specified on the command line. This defaults to \*(L"root\*(R". .Ip "syslog_goodpri" 12 .IX Item "syslog_goodpri" @@ -542,7 +542,7 @@ Defaults to \*(L"alert\*(R". .IX Item "editor" A colon (':') separated list of editors allowed to be used with \&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's -USER environment variable if possible, or the first editor in the +\&\s-1USER\s0 environment variable if possible, or the first editor in the list that exists and is executable. The default is the path to vi on your system. .PP @@ -561,13 +561,13 @@ Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. .Ip "mailerflags" 12 .IX Item "mailerflags" -Flags to use when invoking mailer. Defaults to \f(CW\*(C`\-t\*(C'\fR. +Flags to use when invoking mailer. Defaults to \fB\-t\fR. .Ip "mailto" 12 .IX Item "mailto" Address to send warning and erorr mail to. Defaults to \*(L"root\*(R". .Ip "exempt_group" 12 .IX Item "exempt_group" -Users in this group are exempt from password and PATH requirements. +Users in this group are exempt from password and \s-1PATH\s0 requirements. This is not set by default. .Ip "secure_path" 12 .IX Item "secure_path" @@ -577,8 +577,8 @@ want to use this. Another use is if you want to have the \*(L"root path\*(R" be separate from the \*(L"user path.\*(R" This is not set by default. .Ip "verifypw" 12 .IX Item "verifypw" -This option controls when a password will be required when a -user runs \fBsudo\fR with the \fB\-v\fR. It has the following possible values: +This option controls when a password will be required when a user runs +\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values: .Sp .Vb 3 \& all All the user's I entries for the @@ -627,7 +627,7 @@ user runs \fBsudo\fR with the \fB\-l\fR. It has the following possible values: The default value is `any'. .PP When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values for the syslog -facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your OS +facility (the value of the \fBsyslog\fR Parameter): \fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR, \fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \&\fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR, \fBlocal6\fR, and \fBlocal7\fR. The following syslog priorities are supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, @@ -678,7 +678,7 @@ entry. If we modify the entry like so: .Ve Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR, but \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR. -.Sh "NOPASSWD and PASSWD" +.Sh "\s-1NOPASSWD\s0 and \s-1PASSWD\s0" .IX Subsection "NOPASSWD and PASSWD" By default, \fBsudo\fR requires that a user authenticate him or herself before running a command. This behavior can be modified via the @@ -703,15 +703,15 @@ in the group specified by the exempt_group option. .PP By default, if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is applied to any of the entries for a user on the current host, he or she will be able to run -\&\f(CW\*(C`sudo \-l\*(C'\fR without a password. Additionally, a user may only run -\&\f(CW\*(C`sudo \-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present +\&\f(CW\*(C`sudo \e-l\*(C'\fR without a password. Additionally, a user may only run +\&\f(CW\*(C`sudo \e-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present for all a user's entries that pertain to the current host. This behavior may be overridden via the verifypw and listpw options. .Sh "Wildcards (aka meta characters):" .IX Subsection "Wildcards (aka meta characters):" \&\fBsudo\fR allows shell-style \fIwildcards\fR to be used in pathnames as well as command line arguments in the \fIsudoers\fR file. Wildcard -matching is done via the \fBPOSIX\fR \f(CW\*(C`fnmatch(3)\*(C'\fR routine. Note that +matching is done via the \fB\s-1POSIX\s0\fR \f(CW\*(C`fnmatch(3)\*(C'\fR routine. Note that these are \fInot\fR regular expressions. .Ip "\f(CW\*(C`*\*(C'\fR" 8 .IX Item "*" @@ -756,20 +756,20 @@ more digits, in which case it is treated as a uid). Both the comment character and any text after it, up to the end of the line, are ignored. .PP -The reserved word \fBALL\fR is a built in \fIalias\fR that always causes +The reserved word \fB\s-1ALL\s0\fR is a built in \fIalias\fR that always causes a match to succeed. It can be used wherever one might otherwise use a \f(CW\*(C`Cmnd_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, or \f(CW\*(C`Host_Alias\*(C'\fR. -You should not try to define your own \fIalias\fR called \fBALL\fR as the +You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the built in alias will be used in preference to your own. Please note -that using \fBALL\fR can be dangerous since in a command context, it +that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it allows the user to run \fBany\fR command on the system. .PP An exclamation point ('!') can be used as a logical \fInot\fR operator both in an \fIalias\fR and in front of a \f(CW\*(C`Cmnd\*(C'\fR. This allows one to exclude certain values. Note, however, that using a \f(CW\*(C`!\*(C'\fR in conjunction with the built in \f(CW\*(C`ALL\*(C'\fR alias to allow a user to -run \*(L"all but a few\*(R" commands rarely works as intended (see SECURITY -NOTES below). +run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0 +\&\s-1NOTES\s0 below). .PP Long lines can be continued with a backslash ('\e') as the last character on the line. @@ -825,7 +825,7 @@ Here we override some of the compiled in default values. We want \&\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all cases. We don't want to subject the full time staff to the \fBsudo\fR lecture, and user \fBmillert\fR need not give a password. In addition, on the -machines in the \fISERVERS\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional +machines in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional local log file and make sure we log the year in each log line since the log entries will be kept around for several years. .PP @@ -862,17 +862,17 @@ command on any host but they must authenticate themselves first .Vb 1 \& jack CSNETS = ALL .Ve -The user \fBjack\fR may run any command on the machines in the \fICSNETS\fR alias +The user \fBjack\fR may run any command on the machines in the \fI\s-1CSNETS\s0\fR alias (the networks \f(CW\*(C`128.138.243.0\*(C'\fR, \f(CW\*(C`128.138.204.0\*(C'\fR, and \f(CW\*(C`128.138.242.0\*(C'\fR). Of those networks, only <128.138.204.0> has an explicit netmask (in -CIDR notation) indicating it is a class C network. For the other -networks in \fICSNETS\fR, the local machine's netmask will be used +\&\s-1CIDR\s0 notation) indicating it is a class C network. For the other +networks in \fI\s-1CSNETS\s0\fR, the local machine's netmask will be used during matching. .PP .Vb 1 \& lisa CUNETS = ALL .Ve -The user \fBlisa\fR may run any command on any host in the \fICUNETS\fR alias +The user \fBlisa\fR may run any command on any host in the \fI\s-1CUNETS\s0\fR alias (the class B network \f(CW\*(C`128.138.0.0\*(C'\fR). .PP .Vb 2 @@ -893,14 +893,14 @@ The user \fBjoe\fR may only \fIsu\fR\|(1) to operator. \& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root .Ve The user \fBpete\fR is allowed to change anyone's password except for -root on the \fIHPPA\fR machines. Note that this assumes \fIpasswd\fR\|(1) +root on the \fI\s-1HPPA\s0\fR machines. Note that this assumes \fIpasswd\fR\|(1) does not take multiple usernames on the command line. .PP .Vb 1 \& bob SPARC = (OP) ALL : SGI = (OP) ALL .Ve -The user \fBbob\fR may run anything on the \fISPARC\fR and \fISGI\fR machines -as any user listed in the \fIOP\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBroot\fR and \fBoperator\fR). +The user \fBbob\fR may run anything on the \fI\s-1SPARC\s0\fR and \fI\s-1SGI\s0\fR machines +as any user listed in the \fI\s-1OP\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBroot\fR and \fBoperator\fR). .PP .Vb 1 \& jim +biglab = ALL @@ -918,27 +918,27 @@ commands on all machines. .Vb 1 \& fred ALL = (DB) NOPASSWD: ALL .Ve -The user \fBfred\fR can run commands as any user in the \fIDB\fR \f(CW\*(C`Runas_Alias\*(C'\fR +The user \fBfred\fR can run commands as any user in the \fI\s-1DB\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBoracle\fR or \fBsybase\fR) without giving a password. .PP .Vb 1 \& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* .Ve -On the \fIALPHA\fR machines, user \fBjohn\fR may su to anyone except root +On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root but he is not allowed to give \fIsu\fR\|(1) any flags. .PP .Vb 1 \& jen ALL, !SERVERS = ALL .Ve The user \fBjen\fR may run any command on any machine except for those -in the \fISERVERS\fR \f(CW\*(C`Host_Alias\*(C'\fR (master, mail, www and ns). +in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR (master, mail, www and ns). .PP .Vb 1 \& jill SERVERS = /usr/bin/, !SU, !SHELLS .Ve -For any machine in the \fISERVERS\fR \f(CW\*(C`Host_Alias\*(C'\fR, \fBjill\fR may run +For any machine in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, \fBjill\fR may run any commands in the directory /usr/bin/ except for those commands -belonging to the \fISU\fR and \fISHELLS\fR \f(CW\*(C`Cmnd_Aliases\*(C'\fR. +belonging to the \fI\s-1SU\s0\fR and \fI\s-1SHELLS\s0\fR \f(CW\*(C`Cmnd_Aliases\*(C'\fR. .PP .Vb 1 \& steve CSNETS = (operator) /usr/local/op_commands/ @@ -955,7 +955,7 @@ kill hung processes. .Vb 1 \& WEBMASTERS www = (www) ALL, (root) /usr/bin/su www .Ve -On the host www, any user in the \fIWEBMASTERS\fR \f(CW\*(C`User_Alias\*(C'\fR (will, +On the host www, any user in the \fI\s-1WEBMASTERS\s0\fR \f(CW\*(C`User_Alias\*(C'\fR (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply \fIsu\fR\|(1) to www. .PP @@ -963,7 +963,7 @@ web pages) or simply \fIsu\fR\|(1) to www. \& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e \& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM .Ve -Any user may mount or unmount a CD-ROM on the machines in the CDROM +Any user may mount or unmount a \s-1CD-ROM\s0 on the machines in the \s-1CDROM\s0 \&\f(CW\*(C`Host_Alias\*(C'\fR (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candiate for encapsulating in a shell script. @@ -978,7 +978,7 @@ executing that. For example: \& bill ALL = ALL, !SU, !SHELLS .Ve Doesn't really prevent \fBbill\fR from running the commands listed in -\&\fISU\fR or \fISHELLS\fR since he can simply copy those commands to a +\&\fI\s-1SU\s0\fR or \fI\s-1SHELLS\s0\fR since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). diff --git a/sudoers.pod b/sudoers.pod index 92d051182..5b80d0a7c 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -299,17 +299,17 @@ This flag is off by default. =item shell_noargs If set and B is invoked with no arguments it acts as if the -C<-s> flag had been given. That is, it runs a shell as root (the +B<-s> flag had been given. That is, it runs a shell as root (the shell is determined by the C environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is off by default. =item set_home -If set and B is invoked with the C<-s> flag the C +If set and B is invoked with the B<-s> flag the C environment variable will be set to the home directory of the target -user (which is root unless the C<-u> option is used). This effectively -makes the C<-s> flag imply C<-H>. This flag is off by default. +user (which is root unless the B<-u> option is used). This effectively +makes the B<-s> flag imply B<-H>. This flag is off by default. =item path_info @@ -375,13 +375,13 @@ of the invoking user. This flag is off by default. =item targetpw If set, B will prompt for the password of the user specified by -the C<-u> flag (defaults to root) instead of the password of the +the B<-u> flag (defaults to root) instead of the password of the invoking user. This flag is off by default. =item set_logname Normally, B will set the C and C environment variables -to the name of the target user (usually root unless the C<-u> flag is given). +to the name of the target user (usually root unless the B<-u> flag is given). However, since some programs (including the RCS revision control system) use C to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname option. @@ -456,13 +456,13 @@ The default is F<@TIMEDIR@>. =item passprompt The default prompt to use when asking for a password; can be overridden -via the C<-p> option or the C environment variable. Supports +via the B<-p> option or the C environment variable. Supports two escapes: "%u" expands to the user's login name and "%h" expands to the local hostname. The default value is "Password:". =item runas_default -The default user to run commands as if the C<-u> flag is not specified +The default user to run commands as if the B<-u> flag is not specified on the command line. This defaults to "root". =item syslog_goodpri @@ -506,7 +506,7 @@ Defaults to the path to sendmail found at configure time. =item mailerflags -Flags to use when invoking mailer. Defaults to C<-t>. +Flags to use when invoking mailer. Defaults to B<-t>. =item mailto @@ -526,8 +526,8 @@ be separate from the "user path." This is not set by default. =item verifypw -This option controls when a password will be required when a -user runs B with the B<-v>. It has the following possible values: +This option controls when a password will be required when a user runs +B with the B<-v> flag. It has the following possible values: all All the user's I entries for the current host must have the C diff --git a/visudo.cat b/visudo.cat index 98fe5b419..051381d90 100644 --- a/visudo.cat +++ b/visudo.cat @@ -47,7 +47,7 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS or username that consists solely of upper case let­ ters, digits, and the underscore ('_') character. - -V The `-V' (version) option causes vvvviiiissssuuuuddddoooo to print the + -V The ----VVVV (version) option causes vvvviiiissssuuuuddddoooo to print the version number and exit. EEEERRRRRRRROOOORRRRSSSS @@ -61,7 +61,7 @@ EEEERRRRRRRROOOORRRRSSSS -April 7, 2000 1.6.3 1 +April 22, 2000 1.6.3 1 @@ -127,6 +127,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO -April 7, 2000 1.6.3 2 +April 22, 2000 1.6.3 2 diff --git a/visudo.man.in b/visudo.man.in index 715a5adb8..0cda55f8f 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.02 -.\" Fri Apr 7 08:37:07 2000 +.\" Sat Apr 22 12:13:38 2000 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "visudo @mansectsu@" -.TH visudo @mansectsu@ "1.6.3" "April 7, 2000" "MAINTENANCE COMMANDS" +.TH visudo @mansectsu@ "1.6.3" "April 22, 2000" "MAINTENANCE COMMANDS" .UC .SH "NAME" visudo \- edit the sudoers file @@ -182,7 +182,7 @@ alias and a hostname or username that consists solely of upper case letters, digits, and the underscore ('_') character. .Ip "\-V" 4 .IX Item "-V" -The \f(CW\*(C`\-V\*(C'\fR (version) option causes \fBvisudo\fR to print the version number +The \fB\-V\fR (version) option causes \fBvisudo\fR to print the version number and exit. .SH "ERRORS" .IX Header "ERRORS" @@ -226,17 +226,17 @@ Many people have worked on \fIsudo\fR over the years, this version of .Vb 1 \& Todd Miller .Ve -See the HISTORY file in the sudo distribution for more details. +See the \s-1HISTORY\s0 file in the sudo distribution for more details. .SH "BUGS" .IX Header "BUGS" If you feel you have found a bug in sudo, please submit a bug report at http://www.courtesan.com/sudo/bugs/ .SH "DISCLAIMER" .IX Header "DISCLAIMER" -\&\fBVisudo\fR is provided ``AS IS'' and any express or implied warranties, +\&\fBVisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with \fBsudo\fR for complete details. +See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. .SH "CAVEATS" .IX Header "CAVEATS" There is no easy way to prevent a user from gaining a root shell if diff --git a/visudo.pod b/visudo.pod index 6924cb161..d261e32fc 100644 --- a/visudo.pod +++ b/visudo.pod @@ -85,7 +85,7 @@ letters, digits, and the underscore ('_') character. =item -V -The C<-V> (version) option causes B to print the version number +The B<-V> (version) option causes B to print the version number and exit. =back