From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 29 Mar 2011 16:57:12 +0000 (-0400)
Subject: Document %#gid, and %:#nonunix_gid syntax.
X-Git-Tag: SUDO_1_7_6~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=43b1844f8941b361656e5c2d63b3f2a785279ee8;p=sudo

Document %#gid, and %:#nonunix_gid syntax.

--HG--
branch : 1.7
---

diff --git a/sudoers.pod b/sudoers.pod
index cc9e69d8b..d93cd60d7 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -112,25 +112,32 @@ The definitions of what constitutes a valid I<alias> member follow.
 	       User ',' User_List
 
  User ::= '!'* user name |
-	  '!'* '#'uid |
-	  '!'* '%'group |
-	  '!'* '+'netgroup |
-	  '!'* '%:'nonunix_group |
+	  '!'* #uid |
+	  '!'* %group |
+	  '!'* %#gid |
+	  '!'* +netgroup |
+	  '!'* %:nonunix_group |
+	  '!'* %:#nonunix_gid |
 	  '!'* User_Alias
 
-A C<User_List> is made up of one or more user names, uids (prefixed
-with '#'), system groups (prefixed with '%'), netgroups (prefixed
-with '+') and C<User_Alias>es.  Each list item may be prefixed with
-zero or more '!' operators.  An odd number of '!' operators negate
-the value of the item; an even number just cancel each other out.
-
-A C<user name>, C<group>, C<netgroup> or C<nonunix_group> may
-be enclosed in double quotes to avoid the need for escaping special
-characters.  Alternately, special characters may be specified in
-escaped hex mode, e.g. \x20 for space.
-
-The C<nonunix_group> syntax depends on the underlying implementation.
-For instance, the QAS AD backend supports the following formats:
+A C<User_List> is made up of one or more user names, user ids
+(prefixed with '#'), system group names and ids (prefixed with '%'
+and '%#' respectively), netgroups (prefixed with '+'), non-Unix
+group names and IDs (prefixed with '%:' and '%:#' respectively) and
+C<User_Alias>es.  Each list item may be prefixed with zero or more
+'!' operators.  An odd number of '!' operators negate the value of
+the item; an even number just cancel each other out.
+
+A C<user name>, C<uid>, C<group>, C<gid>, C<netgroup>, C<nonunix_group>
+or C<nonunix_gid> may be enclosed in double quotes to avoid the
+need for escaping special characters.  Alternately, special characters
+may be specified in escaped hex mode, e.g. \x20 for space.  When
+using double quotes, any prefix characters must be included inside
+the quotes.
+
+The C<nonunix_group> and C<nonunix_gid> syntax depends on the
+underlying implementation.  For instance, the QAS AD backend supports
+the following formats:
 
 =over 4
 
@@ -157,8 +164,11 @@ characters that need to be escaped.
 		Runas_Member ',' Runas_List
 
  Runas_Member ::= '!'* user name |
-	          '!'* '#'uid |
-	          '!'* '%'group |
+	          '!'* #uid |
+	          '!'* %group |
+	          '!'* %#gid |
+	          '!'* %:nonunix_group |
+	          '!'* %:#nonunix_gid |
 	          '!'* +netgroup |
 	          '!'* Runas_Alias
 
@@ -175,7 +185,7 @@ and toor), you can use a uid instead (#0 in the example given).
  Host ::= '!'* host name |
 	  '!'* ip_addr |
 	  '!'* network(/netmask)? |
-	  '!'* '+'netgroup |
+	  '!'* +netgroup |
 	  '!'* Host_Alias
 
 A C<Host_List> is made up of one or more host names, IP addresses,