From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 12 Jan 2012 16:35:56 +0000 (-0500)
Subject: Make the env_reset descriptions consistent.
X-Git-Tag: SUDO_1_7_9~51
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e0d0b4a8fbbbfa74e93a0c2ed80413c4589d9f25;p=sudo

Make the env_reset descriptions consistent.

--HG--
branch : 1.7
---

diff --git a/sudo.pod b/sudo.pod
index 555274cf2..76755d004 100644
--- a/sudo.pod
+++ b/sudo.pod
@@ -426,13 +426,14 @@ unreachable.
 
 B<sudo> tries to be safe when executing external commands.
 
-There are two distinct ways to deal with environment variables.
-By default, the I<env_reset> I<sudoers> option is enabled.
-This causes commands to be executed with a minimal environment
-containing C<TERM>, C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER>
-and C<USERNAME> in addition to variables from the invoking process
-permitted by the I<env_check> and I<env_keep> I<sudoers> options.
-There is effectively a whitelist for environment variables.
+There are two distinct ways to deal with environment variables.  By
+default, the I<env_reset> I<sudoers> option is enabled.  This causes
+commands to be executed with a minimal environment containing the
+C<TERM>, C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER>,
+C<USERNAME> and C<SUDO_*> variables in addition to variables from
+the invoking process permitted by the I<env_check> and I<env_keep>
+I<sudoers> options.  This is effectively a whitelist for environment
+variables.
 
 If, however, the I<env_reset> option is disabled in I<sudoers>, any
 variables not explicitly denied by the I<env_check> and I<env_delete>
diff --git a/sudoers.pod b/sudoers.pod
index 5a84a40f3..156b1421e 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -683,14 +683,17 @@ default.
 
 =item env_reset
 
-If set, B<sudo> will reset the environment to only contain the
-LOGNAME, MAIL, SHELL, USER, USERNAME and the C<SUDO_*> variables.  Any
+If set, B<sudo> will run the command in a minimal environment
+containing the C<TERM>, C<PATH>, C<HOME>, C<MAIL>, C<SHELL>,
+C<LOGNAME>, C<USER>, C<USERNAME> and C<SUDO_*> variables.  Any
 variables in the caller's environment that match the C<env_keep>
-and C<env_check> lists are then added.  The default contents of the
-C<env_keep> and C<env_check> lists are displayed when B<sudo> is
-run by root with the I<-V> option.  If the I<secure_path> option
-is set, its value will be used for the C<PATH> environment variable.
-This flag is I<@env_reset@> by default.
+and C<env_check> lists are then added, followed by any variables
+present in the file specified by the I<env_file> option (if any).
+The default contents of the C<env_keep> and C<env_check> lists are
+displayed when B<sudo> is run by root with the I<-V> option.  If
+the I<secure_path> option is set, its value will be used for the
+C<PATH> environment variable.  This flag is I<@env_reset@> by
+default.
 
 =item fast_glob
 
@@ -1204,7 +1207,7 @@ environment variable.
 
 =item env_file
 
-The I<env_file> options specifies the fully qualified path to a
+The I<env_file> option specifies the fully qualified path to a
 file containing variables to be set in the environment of the program
 being run.  Entries in this file should either be of the form
 C<VARIABLE=value> or C<export VARIABLE=value>.  The value may