From: Todd C. Miller Date: Tue, 9 Nov 1999 00:00:29 +0000 (+0000) Subject: Mention what characters need to be escaped in names. X-Git-Tag: SUDO_1_6_0~11 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=afe809a31c0cbf8b41e4ca135d959c62c949f836;p=sudo Mention what characters need to be escaped in names. --- diff --git a/sudoers.cat b/sudoers.cat index cf256e305..8e177315d 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -1,7 +1,7 @@ -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) NNNNAAAAMMMMEEEE @@ -61,13 +61,13 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -11/Oct/1999 1.6 1 +8/Nov/1999 1.6 1 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) Host_Alias ::= NAME '=' Host_List @@ -127,13 +127,13 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 2 +8/Nov/1999 1.6 2 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) Host ::= '!'* hostname | @@ -181,7 +181,7 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a '\' if they are used in command - arguments: ',', ':', '=', '\\'. + arguments: ',', ':', '=', '\'. DDDDeeeeffffaaaauuuullllttttssss @@ -193,13 +193,13 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 3 +8/Nov/1999 1.6 3 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) there are conflicting values, the last value on a matching @@ -259,13 +259,13 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 4 +8/Nov/1999 1.6 4 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) shell_noargs @@ -325,13 +325,13 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 5 +8/Nov/1999 1.6 5 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) successfully @@ -391,13 +391,13 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 6 +8/Nov/1999 1.6 6 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) Runas_Spec in the user specification, a default Runas_Spec @@ -457,13 +457,13 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 7 +8/Nov/1999 1.6 7 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) [!...] Matches any character nnnnooootttt in the specified range. @@ -512,25 +512,28 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) allow a user to run "all but a few" commands rarely works as intended (see SECURITY NOTES below). - Long lines can be continued with a backslash ('\\') as the + Long lines can be continued with a backslash ('\') as the last character on the line. Whitespace between elements in a list as well as specicial syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':', '(', ')') is optional. + The following characters must be escaped with a backslash +8/Nov/1999 1.6 8 -11/Oct/1999 1.6 8 +sudoers(5) FILE FORMATS sudoers(5) -SUDOERS(5) FILE FORMATS SUDOERS(5) + ('\') when used as part of a word (eg. a username or + hostname): '@', '!', '=', ':', ',', '(', ')', '\'. EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of @@ -583,20 +586,20 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log - The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually - determines who may run what. +8/Nov/1999 1.6 9 -11/Oct/1999 1.6 9 +sudoers(5) FILE FORMATS sudoers(5) -SUDOERS(5) FILE FORMATS SUDOERS(5) + The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually + determines who may run what. root ALL = (ALL) ALL %wheel ALL = (ALL) ALL @@ -649,21 +652,21 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) assumes _p_a_s_s_w_d(1) does not take multiple usernames on the command line. - bob SPARC = (OP) ALL : SGI = (OP) ALL - The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I +8/Nov/1999 1.6 10 -11/Oct/1999 1.6 10 +sudoers(5) FILE FORMATS sudoers(5) -SUDOERS(5) FILE FORMATS SUDOERS(5) + bob SPARC = (OP) ALL : SGI = (OP) ALL + The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I machines as any user listed in the _O_P Runas_Alias (rrrrooooooootttt and ooooppppeeeerrrraaaattttoooorrrr). @@ -715,20 +718,19 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias (will, wendy, and wim), may run any command as user www - (which owns the web pages) or simply _s_u(1) to www. - +8/Nov/1999 1.6 11 -11/Oct/1999 1.6 11 +sudoers(5) FILE FORMATS sudoers(5) -SUDOERS(5) FILE FORMATS SUDOERS(5) + (which owns the web pages) or simply _s_u(1) to www. ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM @@ -785,15 +787,13 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO - - -11/Oct/1999 1.6 12 +8/Nov/1999 1.6 12 -SUDOERS(5) FILE FORMATS SUDOERS(5) +sudoers(5) FILE FORMATS sudoers(5) @@ -853,6 +853,6 @@ SUDOERS(5) FILE FORMATS SUDOERS(5) -11/Oct/1999 1.6 13 +8/Nov/1999 1.6 13 diff --git a/sudoers.html b/sudoers.html index 075ca36e1..c34f50e6a 100644 --- a/sudoers.html +++ b/sudoers.html @@ -214,7 +214,7 @@ any subdirectories therein). If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a '\' if they are used in command arguments: ',', ':', '=', -'\\'. +'\'.

@@ -562,13 +562,18 @@ An exclamation point ('!') can be used as a logical not operator both i intended (see SECURITY NOTES below).

-Long lines can be continued with a backslash ('\\') as the last character -on the line. +Long lines can be continued with a backslash ('\') as the last character on +the line.

Whitespace between elements in a list as well as specicial syntactic characters in a User Specification ('=', ':', '(', ')') is optional. +

+The following characters must be escaped with a backslash ('\') when used +as part of a word (eg. a username or hostname): '@', '!', '=', ':', ',', +'(', ')', '\'. +

EXAMPLES

diff --git a/sudoers.man b/sudoers.man index 9115a487f..46572187b 100644 --- a/sudoers.man +++ b/sudoers.man @@ -2,8 +2,8 @@ ''' $RCSfile$$Revision$$Date$ ''' ''' $Log$ -''' Revision 1.13 1999/10/20 15:23:42 millert -''' change ital to bold +''' Revision 1.14 1999/11/09 00:00:29 millert +''' Mention what characters need to be escaped in names. ''' ''' .de Sh @@ -96,7 +96,7 @@ .nr % 0 .rr F .\} -.TH SUDOERS 5 "1.6" "11/Oct/1999" "FILE FORMATS" +.TH sudoers 5 "1.6" "8/Nov/1999" "FILE FORMATS" .UC .if n .hy 0 .if n .na @@ -346,7 +346,7 @@ If a \f(CWCmnd\fR has associated command line arguments, then the arguments in the \f(CWCmnd\fR must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a \*(L'\e\*(R' if they are used in command -arguments: \*(L',\*(R', \*(L':\*(R', \*(L'=\*(R', \*(L'\e\e\*(R'. +arguments: \*(L',\*(R', \*(L':\*(R', \*(L'=\*(R', \*(L'\e\*(R'. .Sh "Defaults" Certain configuration options may be changed from their default values at runtime via one or more \f(CWDefault_Entry\fR lines. These @@ -577,11 +577,15 @@ conjunction with the built in \f(CWALL\fR alias to allow a user to run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0 \s-1NOTES\s0 below). .PP -Long lines can be continued with a backslash (\*(R'\e\e') as the last +Long lines can be continued with a backslash (\*(R'\e') as the last character on the line. .PP Whitespace between elements in a list as well as specicial syntactic characters in a \fIUser Specification\fR ('=\*(R', \*(L':\*(R', \*(L'(\*(R', \*(L')') is optional. +.PP +The following characters must be escaped with a backslash (\*(R'\e') when +used as part of a word (eg. a username or hostname): +\&'@\*(R', \*(L'!\*(R', \*(L'=\*(R', \*(L':\*(R', \*(L',\*(R', \*(L'(\*(R', \*(L')\*(R', \*(L'\e\*(R'. .SH "EXAMPLES" Below are example \fIsudoers\fR entries. Admittedly, some of these are a bit contrived. First, we define our \fIaliases\fR: @@ -798,7 +802,7 @@ will not run with a syntactically incorrect \fIsudoers\fR file. \fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3). .rn }` '' -.IX Title "SUDOERS 5" +.IX Title "sudoers 5" .IX Name "sudoers - list of which users may execute what" .IX Header "NAME" diff --git a/sudoers.pod b/sudoers.pod index 0bf596093..d7ad822dc 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -190,7 +190,7 @@ If a C has associated command line arguments, then the arguments in the C must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a '\' if they are used in command -arguments: ',', ':', '=', '\\'. +arguments: ',', ':', '=', '\'. =head2 Defaults @@ -532,12 +532,16 @@ conjunction with the built in C alias to allow a user to run "all but a few" commands rarely works as intended (see SECURITY NOTES below). -Long lines can be continued with a backslash ('\\') as the last +Long lines can be continued with a backslash ('\') as the last character on the line. Whitespace between elements in a list as well as specicial syntactic characters in a I ('=', ':', '(', ')') is optional. +The following characters must be escaped with a backslash ('\') when +used as part of a word (eg. a username or hostname): +'@', '!', '=', ':', ',', '(', ')', '\'. + =head1 EXAMPLES Below are example I entries. Admittedly, some of