From: Todd C. Miller Date: Sat, 15 Feb 2014 23:04:07 +0000 (-0700) Subject: Remove some extraneous markup; from Ingo Schwarze X-Git-Tag: SUDO_1_8_10^2~25 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f909c0d13238c3c76faa3519dc2bf9ef53b77bc1;p=sudo Remove some extraneous markup; from Ingo Schwarze * No need to explicitly end a macro with No before | because | counts as middle punctuation and falls out of the macro, anyway. * No need to explicitly re-open in-line macros after | because | counts as middle punctuation and the macros resume afterwards, anyway. * Simplify the mnemonic remarks regarding the option letters, no need for manual font and spacing control with No and Ns. * Trim Ns No to just Ns, it already implies No. --- diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index d192995f2..8615bf3a5 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -397,7 +397,7 @@ debug flag syntax used by and the .Nm sudoers plugin is -.Em subsystem Ns No @ Ns Em priority +.Em subsystem Ns @ Ns Em priority but a plugin is free to use a different format so long as it does not include a comma .Pq Ql \&, . diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index 2dbb66f84..667080cd0 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -28,7 +28,7 @@ .Nd execute a command as another user .Sh SYNOPSIS .Nm sudo -.Fl h No | Fl K No | Fl k No | Fl V +.Fl h | K | k | V .Nm sudo .Fl v .Op Fl AknS @@ -59,7 +59,7 @@ .Op Fl t Ar type .Op Fl u Ar user .Op Ar VAR Ns = Ns Ar value -.Op Fl i No | Fl s +.Op Fl i | s .Op Ar command .Nm sudoedit .Op Fl AknS @@ -145,7 +145,7 @@ Normally, if .Nm sudo requires a password, it will read it from the user's terminal. If the -.Fl A No ( Em askpass Ns No ) +.Fl A Pq Em askpass option is specified, a (possibly graphical) helper program is executed to read the user's password and output the password to the standard output. @@ -166,7 +166,7 @@ Path askpass /usr/X11R6/bin/ssh-askpass If no askpass program is available, .Nm sudo will exit with an error. -.It Fl a Ar type , Fl -auth-type Ns No = Ns Ar type +.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type Use the specified BSD authentication .Ar type when validating the user, if allowed by @@ -184,7 +184,7 @@ background processes started by .Nm sudo . Most interactive commands will fail to work properly in background mode. -.It Fl C Ar num , Fl -close-from Ns No = Ns Ar num +.It Fl C Ar num , Fl -close-from Ns = Ns Ar num Close all file descriptors greater than or equal to .Ar num before executing a command. @@ -201,7 +201,7 @@ policy only permits use of the option when the administrator has enabled the .Em closefrom_override option. -.It Fl c Ar class , Fl -login-class Ns No = Ns Ar class +.It Fl c Ar class , Fl -login-class Ns = Ns Ar class Run the command with resource limits and scheduling priority of the specified login .Ar class . @@ -274,7 +274,7 @@ If, for some reason, is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. -.It Fl g Ar group , Fl -group Ns No = Ns Ar group +.It Fl g Ar group , Fl -group Ns = Ns Ar group Run the command with the primary group set to .Ar group instead of the primary group specified by the target @@ -305,7 +305,7 @@ user's password database entry. Depending on the policy, this may be the default behavior. .It Fl h , -help Display a short help message to the standard output and exit. -.It Fl h Ar host , Fl -host Ns No = Ns Ar host +.It Fl h Ar host , Fl -host Ns = Ns Ar host Run the command on the specified .Ar host if the security policy plugin supports remote commands. @@ -405,7 +405,7 @@ policy will initialize the group vector to the list of groups the target user is a member of. The real and effective group IDs, however, are still set to match the target user. -.It Fl p Ar prompt , Fl -prompt Ns No = Ns Ar prompt +.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt Use a custom password prompt with optional escape sequences. The following percent .Pq Ql % @@ -450,7 +450,7 @@ support PAM unless the .Em passprompt_override flag is disabled in .Em sudoers . -.It Fl r Ar role , Fl -role Ns No = Ns Ar role +.It Fl r Ar role , Fl -role Ns = Ns Ar role Run the command with an SELinux security context that includes the specified .Ar role . @@ -468,14 +468,14 @@ via the shell's .Fl c option. If no command is specified, an interactive shell is executed. -.It Fl t Ar type , Fl -type Ns No = Ns Ar type +.It Fl t Ar type , Fl -type Ns = Ns Ar type Run the command with an SELinux security context that includes the specified .Ar type . If no .Ar type is specified, the default type is derived from the role. -.It Fl U Ar user , Fl -other-user Ns No = Ns Ar user +.It Fl U Ar user , Fl -other-user Ns = Ns Ar user Used in conjunction with the .Fl l option to list the privileges for @@ -487,7 +487,7 @@ The policy only allows root or a user with the .Li ALL privilege on the current host to use this option. -.It Fl u Ar user , Fl -user Ns No = Ns Ar user +.It Fl u Ar user , Fl -user Ns = Ns Ar user Run the command as a user other than the default target user (usually .Em root ). @@ -544,9 +544,9 @@ should stop processing command line arguments. .Pp Environment variables to be set for the command may also be passed on the command line in the form of -.Ar VAR Ns No = Ns Ar value , +.Ar VAR Ns = Ns Ar value , e.g.\& -.Ev LD_LIBRARY_PATH Ns No = Ns Pa /usr/local/pkg/lib . +.Ev LD_LIBRARY_PATH Ns = Ns Pa /usr/local/pkg/lib . Variables passed on the command line are subject to restrictions imposed by the security policy plugin. The @@ -803,7 +803,7 @@ If a user runs a command such as or .Li sudo sh , subsequent commands run from that shell are not subject to -.Nm sudo Ns No 's +.Nm sudo Ns 's security policy. The same is true for commands that offer shell escapes (including most editors). @@ -1000,7 +1000,7 @@ if that user is allowed to run arbitrary commands via .Nm sudo . Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding -.Nm sudo Ns No 's +.Nm sudo Ns 's checks. However, on most systems it is possible to prevent shell escapes with the .Xr sudoers @mansectform@ diff --git a/doc/sudo_plugin.mdoc.in b/doc/sudo_plugin.mdoc.in index 7e3dea29c..f63eb6e87 100644 --- a/doc/sudo_plugin.mdoc.in +++ b/doc/sudo_plugin.mdoc.in @@ -139,7 +139,7 @@ function that can be used by the plugin to interact with the user (see below). Returns 0 on success and \-1 on failure. .It plugin_printf A pointer to a -.Fn printf Ns No -style +.Fn printf Ns -style function that may be used to display informational or error messages (see below). Returns the number of characters printed on success and \-1 on failure. @@ -188,7 +188,7 @@ The plugin may optionally pass this, or another value, back in the list. .It debug_flags=string A comma-separated list of debug flags that correspond to -.Nm sudo Ns No 's +.Nm sudo Ns 's .Li Debug entry in .Xr sudo.conf @mansectform@ , @@ -200,7 +200,7 @@ The syntax used by and the .Nm sudoers plugin is -.Em subsystem Ns No @ Ns Em priority +.Em subsystem Ns @ Ns Em priority but the plugin is free to use a different format so long as it does not include a comma .Pq Ql ,\& . @@ -417,7 +417,7 @@ Any (non-comment) strings immediately after the plugin path are passed as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated array of strings. If no arguments were specified, @@ -471,7 +471,7 @@ The name of the user invoking .El .It user_env The user's environment in the form of a -.Dv NULL Ns No -terminated vector of +.Dv NULL Ns -terminated vector of .Dq name=value strings. .Pp @@ -658,7 +658,7 @@ pointer. .It env_add Additional environment variables specified by the user on the command line in the form of a -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated vector of .Dq name=value strings. @@ -889,14 +889,14 @@ the invoking user's existing entry. Unsupported values will be ignored. .It argv_out The -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated argument vector to pass to the .Xr execve 2 system call when executing the command. The plugin is responsible for allocating and populating the vector. .It user_env_out The -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated environment vector to use when executing the command. The plugin is responsible for allocating and populating the vector. .El @@ -1046,7 +1046,7 @@ The .Em user_env argument points to the environment the command will run in, in the form of a -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated vector of .Dq name=value strings. @@ -1330,7 +1330,7 @@ The function returns 0 on success and \-1 on failure. .It plugin_printf A pointer to a -.Fn printf Ns No -style +.Fn printf Ns -style function that may be used by the .Fn show_version function to display version information (see @@ -1410,7 +1410,7 @@ wishes to run in the same form as what would be passed to the system call. .It user_env The user's environment in the form of a -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated vector of .Dq name=value strings. @@ -1432,7 +1432,7 @@ Any (non-comment) strings immediately after the plugin path are treated as arguments to the plugin. These arguments are split on a white space boundary and are passed to the plugin in the form of a -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated array of strings. If no arguments were specified, .Em plugin_options @@ -1926,7 +1926,7 @@ The caller must include a trailing newline in if one is to be printed. .Pp A -.Fn printf Ns No -style +.Fn printf Ns -style function is also available that can be used to display informational or error messages to the user, which is usually more convenient for simple messages where no use input is required. @@ -1960,7 +1960,7 @@ typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...); Pointers to the .Fn conversation and -.Fn printf Ns No -style +.Fn printf Ns -style functions are passed in to the plugin's .Fn open @@ -1994,7 +1994,7 @@ It is also useful as a maximum value for the function when clearing passwords filled in by the conversation function. .Pp The -.Fn printf Ns No -style +.Fn printf Ns -style function uses the same underlying mechanism as the .Fn conversation function but only supports @@ -2110,12 +2110,12 @@ major and minor version number of the group plugin API supported by .Nm sudoers . .It plugin_printf A pointer to a -.Fn printf Ns No -style +.Fn printf Ns -style function that may be used to display informational or error message to the user. Returns the number of characters printed on success and \-1 on failure. .It argv A -.Dv NULL Ns No -terminated +.Dv NULL Ns -terminated array of arguments generated from the .Em group_plugin option in diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in index 05162d0bc..891e3e1f9 100644 --- a/doc/sudoers.ldap.mdoc.in +++ b/doc/sudoers.ldap.mdoc.in @@ -76,18 +76,18 @@ is no need for a specialized tool to check syntax. Another major difference between LDAP and file-based .Em sudoers is that in LDAP, -.Nm sudo Ns No -specific +.Nm sudo Ns -specific Aliases are not supported. .Pp For the most part, there is really no need for -.Nm sudo Ns No -specific +.Nm sudo Ns -specific Aliases. Unix groups, non-Unix groups (via the .Em group_plugin ) or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. Since groups and netgroups can also be stored in LDAP there is no real need for -.Nm sudo Ns No -specific +.Nm sudo Ns -specific aliases. .Pp Cmnd_Aliases are not really required either since it is possible @@ -421,7 +421,7 @@ sudoHost: !web01 .Ed .Ss Sudoers schema In order to use -.Nm sudo Ns No 's +.Nm sudo Ns 's LDAP support, the .Nm sudo schema must be @@ -451,7 +451,7 @@ Sudo reads the file for LDAP-specific configuration. Typically, this file is shared between different LDAP-aware clients. As such, most of the settings are not -.Nm sudo Ns No -specific. +.Nm sudo Ns -specific. Note that .Nm sudo parses @@ -564,9 +564,9 @@ The parameter specifies the amount of time, in seconds, to wait while trying to connect to an LDAP server. If multiple -.Sy URI Ns No s +.Sy URI Ns s or -.Sy HOST Ns No s +.Sy HOST Ns s are specified, this is the amount of time to wait before trying the next one in the list. .It Sy NETWORK_TIMEOUT Ar seconds diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 54371cf78..2f00d4ac6 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -348,7 +348,7 @@ and, as such, it is not possible for to preserve them. .Pp As a special case, if -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl i option (initial login) is specified, @@ -533,7 +533,7 @@ non-Unix group names and IDs (prefixed with and .Ql %:# respectively) and -.Li User_Alias Ns No es. +.Li User_Alias Ns es. Each list item may be prefixed with zero or more .Ql \&! operators. @@ -607,9 +607,9 @@ is similar to a .Li User_List except that instead of -.Li User_Alias Ns No es +.Li User_Alias Ns es it can contain -.Li Runas_Alias Ns No es . +.Li Runas_Alias Ns es . Note that user names and groups are matched as strings. In other words, two @@ -875,7 +875,7 @@ may be run as. A fully-specified .Li Runas_Spec consists of two -.Li Runas_List Ns No s +.Li Runas_List Ns s (as defined above) separated by a colon .Pq Ql :\& and enclosed in a set of parentheses. @@ -883,18 +883,18 @@ The first .Li Runas_List indicates which users the command may be run as via -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl u option. The second defines a list of groups that can be specified via -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl g option. If both -.Li Runas_List Ns No s +.Li Runas_List Ns s are specified, the command may be run with any combination of users and groups listed in their respective -.Li Runas_List Ns No s. +.Li Runas_List Ns s. If only the first is specified, the command may be run as any user in the list but no .Fl g @@ -907,7 +907,7 @@ second is specified, the command may be run as the invoking user with the group set to any listed in the .Li Runas_List . If both -.Li Runas_List Ns No s +.Li Runas_List Ns s are empty, the command may only be run as the invoking user. If no .Li Runas_Spec @@ -930,7 +930,7 @@ may run .Pa /bin/ls , .Pa /bin/kill , and -.Pa /usr/bin/lprm Ns No \(em Ns but +.Pa /usr/bin/lprm Ns \(em Ns but only as .Sy operator . E.g., @@ -1087,7 +1087,7 @@ and Once a tag is set on a .Li Cmnd , subsequent -.Li Cmnd Ns No s +.Li Cmnd Ns s in the .Li Cmnd_Spec_List , inherit the tag unless it is overridden by the opposite tag (in other words, @@ -1579,7 +1579,7 @@ when used as part of a word (e.g.\& a user name or host name): .Ql )\& , .Ql \e . .Sh SUDOERS OPTIONS -.Nm sudo Ns No 's +.Nm sudo Ns 's behavior can be modified by .Li Default_Entry lines, as explained earlier. @@ -1628,7 +1628,7 @@ This flag is by default. .It closefrom_override If set, the user may use -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl C option which overrides the default starting point at which .Nm sudo @@ -2637,9 +2637,9 @@ escape sequences. .Pp In addition to the escape sequences, path names that end in six or more -.Li X Ns No s +.Li X Ns s will have the -.Li X Ns No s +.Li X Ns s replaced with a unique combination of digits and letters, similar to the .Xr mktemp 3 function. @@ -2653,7 +2653,7 @@ overwritten unless .Em iolog_file ends in six or more -.Li X Ns No s . +.Li X Ns s . .It lecture_status_dir The directory in which .Nm sudo @@ -3150,7 +3150,7 @@ Environment variables to be preserved in the user's environment when the .Em env_reset option is in effect. This allows fine-grained control over the environment -.Nm sudo Ns No -spawned +.Nm sudo Ns -spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. @@ -3328,7 +3328,7 @@ failed attempts and the value of the .Em passwd_tries option. .It a password is required -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl n option was specified but a password was required. .It sorry, you are not allowed to set the following environment variables @@ -3998,7 +3998,7 @@ executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass -.Nm sudo Ns No 's +.Nm sudo Ns 's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs. @@ -4024,7 +4024,7 @@ variable (usually .Ev LD_PRELOAD ) to an alternate shared library. On such systems, -.Nm sudo Ns No 's +.Nm sudo Ns 's .Em noexec functionality can be used to prevent a program run by .Nm sudo @@ -4209,7 +4209,7 @@ The plugin uses the same debug flag format as the .Nm sudo front-end: -.Em subsystem Ns No @ Ns Em priority . +.Em subsystem Ns @ Ns Em priority . .Pp The priorities used by .Nm sudoers , diff --git a/doc/sudoreplay.mdoc.in b/doc/sudoreplay.mdoc.in index b1d47b05b..004a17aff 100644 --- a/doc/sudoreplay.mdoc.in +++ b/doc/sudoreplay.mdoc.in @@ -67,7 +67,7 @@ log file. The .Em ID may also be determined using -.Nm sudoreplay Ns No 's +.Nm sudoreplay Ns 's list mode. .Pp In list mode, @@ -81,7 +81,7 @@ will act on the following keys: .Bl -tag -width 12n .It So Li \en Sc No or So Li \er Sc Skip to the next replay event; useful for long pauses. -.It So Li \ Sc No (space) +.It So Li \ Sc Pq space Pause output; press any key to resume. .It Ql < Reduce the playback speed by one half. @@ -91,12 +91,12 @@ Double the playback speed. .Pp The options are as follows: .Bl -tag -width Fl -.It Fl d Ar dir , Fl -directory Ns No = Ns Ar dir +.It Fl d Ar dir , Fl -directory Ns = Ns Ar dir Store session logs in .Ar dir instead of the default, .Pa @iolog_dir@ . -.It Fl f Ar filter , Fl -filter Ns No = Ns Ar filter +.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter Select which I/O type(s) to display. By default, .Nm sudoreplay diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in index b4254fb42..cc89a1241 100644 --- a/doc/visudo.mdoc.in +++ b/doc/visudo.mdoc.in @@ -140,7 +140,7 @@ will exit with a value of 0. If an error is encountered, .Nm visudo will exit with a value of 1. -.It Fl f Ar sudoers , Fl -file Ns No = Ns Ar sudoers +.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers Specify an alternate .Em sudoers file location. @@ -196,7 +196,7 @@ Print the and .Em sudoers grammar versions and exit. -.It Fl x Ar file , Fl -export Ns No = Ns Ar file +.It Fl x Ar file , Fl -export Ns = Ns Ar file Export .Em sudoers in JSON format and write it to