From: Todd C. Miller Date: Wed, 14 Sep 2016 16:29:18 +0000 (-0600) Subject: Document negated sudoHost entries. X-Git-Tag: SUDO_1_8_18^2~17 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7fd6edb6dfa34329c5eba7b906b6937cd744ff59;p=sudo Document negated sudoHost entries. --- diff --git a/doc/sudoers.ldap.cat b/doc/sudoers.ldap.cat index 6f0e75f00..3f57e3159 100644 --- a/doc/sudoers.ldap.cat +++ b/doc/sudoers.ldap.cat @@ -80,7 +80,9 @@ DDEESSCCRRIIPPTTIIOONN with a `+'). The special value ALL will match any host. Host netgroups are matched using the host (both qualified and unqualified) and domain members only; the user member is not used - when matching. + when matching. If a sudoHost entry is preceded by an exclamation + point, `!', and the entry matches, the sudoRole in which it resides + will be ignored. ssuuddooCCoommmmaanndd A fully-qualified Unix command name with optional command line diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in index 5737f0453..1c6b9b7e3 100644 --- a/doc/sudoers.ldap.man.in +++ b/doc/sudoers.ldap.man.in @@ -167,6 +167,13 @@ The special value will match any host. Host netgroups are matched using the host (both qualified and unqualified) and domain members only; the user member is not used when matching. +If a +\fRsudoHost\fR +entry is preceded by an exclamation point, +\(oq\&!\(cq, +and the entry matches, the +\fRsudoRole\fR +in which it resides will be ignored. .TP 6n \fBsudoCommand\fR A fully-qualified Unix command name with optional command line arguments, diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in index 47721bdf9..4b6ca4afe 100644 --- a/doc/sudoers.ldap.mdoc.in +++ b/doc/sudoers.ldap.mdoc.in @@ -159,6 +159,13 @@ The special value will match any host. Host netgroups are matched using the host (both qualified and unqualified) and domain members only; the user member is not used when matching. +If a +.Li sudoHost +entry is preceded by an exclamation point, +.Ql \&! , +and the entry matches, the +.Li sudoRole +in which it resides will be ignored. .It Sy sudoCommand A fully-qualified Unix command name with optional command line arguments, potentially including globbing characters (aka wild cards).