From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 11 Nov 2014 20:55:40 +0000 (-0700)
Subject: Document sudo.conf usage now that visudo will parse the sudoers arguments.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bc7cbcb55630714e2e751792f315c5a8f0d9c688;p=sudo

Document sudo.conf usage now that visudo will parse the sudoers arguments.
---

diff --git a/doc/visudo.cat b/doc/visudo.cat
index 640748751..b950f42bf 100644
--- a/doc/visudo.cat
+++ b/doc/visudo.cat
@@ -83,6 +83,41 @@ DDEESSCCRRIIPPTTIIOONN
                  The various values have explicit types which removes much of
                  the ambiguity of the _s_u_d_o_e_r_s format.
 
+   UUssiinngg ssuuddoo..ccoonnff wwiitthh vviissuuddoo
+     vviissuuddoo versions 1.8.4 and higher support a flexible debugging framework
+     that is configured via Debug lines in the sudo.conf(4) file.  Starting
+     with ssuuddoo 1.8.12, vviissuuddoo will also parse the arguments to the _s_u_d_o_e_r_s
+     plugin to override the default _s_u_d_o_e_r_s path name, UID, GID and file mode.
+     These arguments, if present, should be listed after the path to the
+     plugin (i.e. after _s_u_d_o_e_r_s_._s_o).  Multiple arguments may be specified,
+     separated by white space.  For example:
+
+           Plugin sudoers_policy sudoers.so sudoers_mode=0400
+
+     The following plugin arguments are supported:
+
+     sudoers_file=pathname
+               The _s_u_d_o_e_r_s___f_i_l_e argument can be used to override the default
+               path to the _s_u_d_o_e_r_s file.
+
+     sudoers_uid=uid
+               The _s_u_d_o_e_r_s___u_i_d argument can be used to override the default
+               owner of the sudoers file.  It should be specified as a numeric
+               user ID.
+
+     sudoers_gid=gid
+               The _s_u_d_o_e_r_s___g_i_d argument can be used to override the default
+               group of the sudoers file.  It must be specified as a numeric
+               group ID (not a group name).
+
+     sudoers_mode=mode
+               The _s_u_d_o_e_r_s___m_o_d_e argument can be used to override the default
+               file mode for the sudoers file.  It should be specified as an
+               octal value.
+
+     For more information on configuring sudo.conf(4), please refer to its
+     manual.
+
 EENNVVIIRROONNMMEENNTT
      The following environment variables may be consulted depending on the
      value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings:
@@ -92,6 +127,8 @@ EENNVVIIRROONNMMEENNTT
      EDITOR           Used by vviissuuddoo if VISUAL is not set
 
 FFIILLEESS
+     _/_e_t_c_/_s_u_d_o_._c_o_n_f            Sudo front end configuration
+
      _/_e_t_c_/_s_u_d_o_e_r_s              List of who can run what
 
      _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p          Lock file for visudo
@@ -161,4 +198,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.11                      July 12, 2014                     Sudo 1.8.11
+Sudo 1.8.12                    November 11, 2014                   Sudo 1.8.12
diff --git a/doc/visudo.man.in b/doc/visudo.man.in
index ee95287f2..a463259d6 100644
--- a/doc/visudo.man.in
+++ b/doc/visudo.man.in
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "VISUDO" "@mansectsu@" "July 12, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "8" "November 11, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -233,6 +233,65 @@ The various values have explicit types which removes much of the
 ambiguity of the
 \fIsudoers\fR
 format.
+.SS "Using sudo.conf with visudo"
+\fBvisudo\fR
+versions 1.8.4 and higher support a flexible debugging framework
+that is configured via
+\fRDebug\fR
+lines in the
+sudo.conf(@mansectform@)
+file.
+Starting with
+\fBsudo\fR
+1.8.12,
+\fBvisudo\fR
+will also parse the arguments to the
+\fIsudoers\fR
+plugin to override the default
+\fIsudoers\fR
+path name, UID, GID and file mode.
+These arguments, if present, should be listed after the path to the plugin
+(i.e.\& after
+\fIsudoers.so\fR).
+Multiple arguments may be specified, separated by white space.
+For example:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so sudoers_mode=0400
+.RE
+.fi
+.PP
+The following plugin arguments are supported:
+.TP 10n
+sudoers_file=pathname
+The
+\fIsudoers_file\fR
+argument can be used to override the default path to the
+\fIsudoers\fR
+file.
+.TP 10n
+sudoers_uid=uid
+The
+\fIsudoers_uid\fR
+argument can be used to override the default owner of the sudoers file.
+It should be specified as a numeric user ID.
+.TP 10n
+sudoers_gid=gid
+The
+\fIsudoers_gid\fR
+argument can be used to override the default group of the sudoers file.
+It must be specified as a numeric group ID (not a group name).
+.TP 10n
+sudoers_mode=mode
+The
+\fIsudoers_mode\fR
+argument can be used to override the default file mode for the sudoers file.
+It should be specified as an octal value.
+.PP
+For more information on configuring
+sudo.conf(@mansectform@),
+please refer to its manual.
 .SH "ENVIRONMENT"
 The following environment variables may be consulted depending on
 the value of the
@@ -255,6 +314,9 @@ if
 is not set
 .SH "FILES"
 .TP 26n
+\fI@sysconfdir@/sudo.conf\fR
+Sudo front end configuration
+.TP 26n
 \fI@sysconfdir@/sudoers\fR
 List of who can run what
 .TP 26n
diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in
index 7408266c1..0de0fa03d 100644
--- a/doc/visudo.mdoc.in
+++ b/doc/visudo.mdoc.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd July 12, 2014
+.Dd November 11, 2014
 .Dt VISUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -225,6 +225,60 @@ ambiguity of the
 .Em sudoers
 format.
 .El
+.Ss Using sudo.conf with visudo
+.Nm visudo
+versions 1.8.4 and higher support a flexible debugging framework
+that is configured via
+.Li Debug
+lines in the
+.Xr sudo.conf @mansectform@
+file.
+Starting with
+.Nm sudo
+1.8.12,
+.Nm visudo
+will also parse the arguments to the
+.Em sudoers
+plugin to override the default
+.Em sudoers
+path name, UID, GID and file mode.
+These arguments, if present, should be listed after the path to the plugin
+(i.e.\& after
+.Pa sudoers.so ) .
+Multiple arguments may be specified, separated by white space.
+For example:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so sudoers_mode=0400
+.Ed
+.Pp
+The following arguments are supported:
+.Bl -tag -width 8n
+.It sudoers_file=pathname
+The
+.Em sudoers_file
+argument can be used to override the default path to the
+.Em sudoers
+file.
+.It sudoers_uid=uid
+The
+.Em sudoers_uid
+argument can be used to override the default owner of the sudoers file.
+It should be specified as a numeric user ID.
+.It sudoers_gid=gid
+The
+.Em sudoers_gid
+argument can be used to override the default group of the sudoers file.
+It must be specified as a numeric group ID (not a group name).
+.It sudoers_mode=mode
+The
+.Em sudoers_mode
+argument can be used to override the default file mode for the sudoers file.
+It should be specified as an octal value.
+.El
+.Pp
+For more information on configuring
+.Xr sudo.conf @mansectform@ ,
+please refer to its manual.
 .Sh ENVIRONMENT
 The following environment variables may be consulted depending on
 the value of the
@@ -247,6 +301,8 @@ is not set
 .El
 .Sh FILES
 .Bl -tag -width 24n
+.It Pa @sysconfdir@/sudo.conf
+Sudo front end configuration
 .It Pa @sysconfdir@/sudoers
 List of who can run what
 .It Pa @sysconfdir@/sudoers.tmp