From: Todd C. Miller Date: Fri, 11 Dec 2015 17:04:17 +0000 (-0700) Subject: Document the names of the I/O log files and mention buffering. X-Git-Tag: SUDO_1_8_16^2~95 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a6f8994a593870e4ae3b614910bf06974840699c;p=sudo Document the names of the I/O log files and mention buffering. Document that I/O logs are in gzip format by default. --- diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 0faa7cb6c..273248c5d 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1045,7 +1045,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS log_host If set, the host name will be logged in the (non- syslog) ssuuddoo log file. This flag is _o_f_f by default. - log_input If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and + log_input If set, ssuuddoo will run the command in a _p_s_e_u_d_o_-_t_t_y and log all user input. If the standard input is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that input @@ -1057,7 +1057,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS unique session ID that is included in the normal ssuuddoo log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e option may be used to control the format of the session - ID. + ID. Input from the user's tty is logged to the _t_t_y_i_n + file. Input from a pipe or file is logged to the _s_t_d_i_n + file. These files are in gzip (compressed) format + unless the _c_o_m_p_r_e_s_s___i_o option has been disabled. Due + to buffering, the I/O log data will not be complete + until the ssuuddoo command has completed. Note that user input may contain sensitive information such as passwords (even if they are not echoed to the @@ -1065,7 +1070,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS unencrypted. In most cases, logging the command output via _l_o_g___o_u_t_p_u_t is all that is required. - log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and + log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o_-_t_t_y and log all output that is sent to the screen, similar to the script(1) command. If the standard output or standard error is not connected to the user's tty, due @@ -1078,7 +1083,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS unique session ID that is included in the normal ssuuddoo log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e option may be used to control the format of the session - ID. + ID. Output from the pseudo-tty is logged to the _t_t_y_o_u_t + file. Output to a pipe or redirected to a file is + logged to the either the _s_t_d_o_u_t or _s_t_d_e_r_r files. These + files are in gzip (compressed) format unless the + _c_o_m_p_r_e_s_s___i_o option has been disabled. Due to + buffering, the I/O log data will not be complete until + the ssuuddoo command has completed. Output logs may be viewed with the sudoreplay(1m) utility, which can also be used to list or search the @@ -2482,4 +2493,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.16 November 20, 2015 Sudo 1.8.16 +Sudo 1.8.16 December 11, 2015 Sudo 1.8.16 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index a4aa8c09e..a195a5a7e 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "5" "November 20, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "5" "December 11, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -2233,7 +2233,7 @@ log_input If set, \fBsudo\fR will run the command in a -\fIpseudo tty\fR +\fIpseudo-tty\fR and log all user input. If the standard input is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that @@ -2254,6 +2254,18 @@ log line, prefixed with The \fIiolog_file\fR option may be used to control the format of the session ID. +Input from the user's tty is logged to the +\fIttyin\fR +file. +Input from a pipe or file is logged to the +\fIstdin\fR +file. +These files are in gzip (compressed) format unless the +\fIcompress_io\fR +option has been disabled. +Due to buffering, the I/O log data will not be complete until the +\fBsudo\fR +command has completed. .sp Note that user input may contain sensitive information such as passwords (even if they are not echoed to the screen), which will @@ -2266,7 +2278,7 @@ log_output If set, \fBsudo\fR will run the command in a -\fIpseudo tty\fR +\fIpseudo-tty\fR and log all output that is sent to the screen, similar to the script(1) command. @@ -2290,6 +2302,20 @@ log line, prefixed with The \fIiolog_file\fR option may be used to control the format of the session ID. +Output from the pseudo-tty is logged to the +\fIttyout\fR +file. +Output to a pipe or redirected to a file is logged to the either the +\fIstdout\fR +or +\fIstderr\fR +files. +These files are in gzip (compressed) format unless the +\fIcompress_io\fR +option has been disabled. +Due to buffering, the I/O log data will not be complete until the +\fBsudo\fR +command has completed. .sp Output logs may be viewed with the sudoreplay(@mansectsu@) diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index a17e4b6f3..3c608363a 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd November 20, 2015 +.Dd December 11, 2015 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -2091,7 +2091,7 @@ by default. If set, .Nm sudo will run the command in a -.Em pseudo tty +.Em pseudo-tty and log all user input. If the standard input is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that @@ -2114,6 +2114,18 @@ log line, prefixed with The .Em iolog_file option may be used to control the format of the session ID. +Input from the user's tty is logged to the +.Pa ttyin +file. +Input from a pipe or file is logged to the +.Pa stdin +file. +These files are in gzip (compressed) format unless the +.Em compress_io +option has been disabled. +Due to buffering, the I/O log data will not be complete until the +.Nm sudo +command has completed. .Pp Note that user input may contain sensitive information such as passwords (even if they are not echoed to the screen), which will @@ -2125,7 +2137,7 @@ is all that is required. If set, .Nm sudo will run the command in a -.Em pseudo tty +.Em pseudo-tty and log all output that is sent to the screen, similar to the .Xr script 1 command. @@ -2151,6 +2163,20 @@ log line, prefixed with The .Em iolog_file option may be used to control the format of the session ID. +Output from the pseudo-tty is logged to the +.Pa ttyout +file. +Output to a pipe or redirected to a file is logged to the either the +.Pa stdout +or +.Pa stderr +files. +These files are in gzip (compressed) format unless the +.Em compress_io +option has been disabled. +Due to buffering, the I/O log data will not be complete until the +.Nm sudo +command has completed. .Pp Output logs may be viewed with the .Xr sudoreplay @mansectsu@