From 2950b0c759e2cd07ebd76ff71055cfb124e5f139 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sat, 19 Sep 2009 18:26:38 +0000
Subject: [PATCH] More time and date examples
---
sudoreplay.cat | 152 +++++++++++++++++++++++++++++++++-------------
sudoreplay.man.in | 78 +++++++++++++++++++++++-
sudoreplay.pod | 63 +++++++++++++------
3 files changed, 231 insertions(+), 62 deletions(-)
diff --git a/sudoreplay.cat b/sudoreplay.cat
index 19f360686..15399c88d 100644
--- a/sudoreplay.cat
+++ b/sudoreplay.cat
@@ -44,32 +44,45 @@ O�OP�PT�TI�IO�ON�NS�S
regular expression support, a simple substring
match is performed instead.
+ cwd _�d_�i_�r_�e_�c_�t_�o_�r_�y
+ Evaluates to true if the command was run with the
+ specified current working directory.
+
+ fromdate _�d_�a_�t_�e
+ Evaluates to true if the command was run on or
+ after _�d_�a_�t_�e. See "Date and time format" for a
+ description of supported date and time formats.
+
group _�r_�u_�n_�a_�s_�__�g_�r_�o_�u_�p
Evaluates to true if the command was run with the
specified _�r_�u_�n_�a_�s_�__�g_�r_�o_�u_�p. Note that unless a
_�r_�u_�n_�a_�s_�__�g_�r_�o_�u_�p was explicitly specified when s�su�ud�do�o was
run this field will be empty in the log.
- runas _�r_�u_�n_�a_�s_�__�u_�s_�e_�r
- Evaluates to true if the command was run as the
- specified _�r_�u_�n_�a_�s_�__�u_�s_�e_�r. Note that s�su�ud�do�o runs commands
- as user _�r_�o_�o_�t by default.
- tty _�t_�t_�y Evaluates to true if the command was run on the
- specified terminal device. The _�t_�t_�y should be
- specified without the _�/_�d_�e_�v_�/ prefix, e.g. _�t_�t_�y_�0_�1
+1.7.2 September 19, 2009 1
-1.7.2 September 13, 2009 1
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+ runas _�r_�u_�n_�a_�s_�__�u_�s_�e_�r
+ Evaluates to true if the command was run as the
+ specified _�r_�u_�n_�a_�s_�__�u_�s_�e_�r. Note that s�su�ud�do�o runs commands
+ as user _�r_�o_�o_�t by default.
+ todate _�d_�a_�t_�e
+ Evaluates to true if the command was run on or
+ prior to _�d_�a_�t_�e. See "Date and time format" for a
+ description of supported date and time formats.
+ tty _�t_�t_�y Evaluates to true if the command was run on the
+ specified terminal device. The _�t_�t_�y should be
+ specified without the _�/_�d_�e_�v_�/ prefix, e.g. _�t_�t_�y_�0_�1
instead of _�/_�d_�e_�v_�/_�t_�t_�y_�0_�1.
user _�u_�s_�e_�r_�n_�a_�m_�e
@@ -106,6 +119,92 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-V The -�-V�V (version) option causes s�su�ud�do�or�re�ep�pl�la�ay�y to print its
version number and exit.
+ D�Da�at�te�e a�an�nd�d t�ti�im�me�e f�fo�or�rm�ma�at�t
+
+ The time and date may be specified multiple ways, common formats
+ include:
+
+
+
+
+1.7.2 September 19, 2009 2
+
+
+
+
+
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+
+
+ HH:MM:SS am MM/DD/CCYY timezone
+ 24 hour time may be used in place of am/pm.
+
+ HH:MM:SS am Month, Day Year timezone
+ 24 hour time may be used in place of am/pm, and month and day
+ names may be abbreviated. Note that month and day of the week
+ names must be specified in English.
+
+ CCYY-MM-DD HH:MM:SS
+ ISO time format
+
+ DD Month CCYY HH:MM:SS
+ The month name may be abbreviated.
+
+ Either time or date may be omitted, the am/pm and timezone are
+ optional. If no date is specified, the current day is assumed; if no
+ time is specified, the first second of the specified date is used. The
+ less significant parts of both time and date may also be omitted, in
+ which case zero is assumed. For example, the following are all valid:
+
+ The following are all valid time and date specifications:
+
+ now The current time and date.
+
+ tomorrow
+ Exactly one day from now.
+
+ yesterday
+ 24 hours ago.
+
+ 2 hours ago
+ 2 hours ago.
+
+ next Friday
+ The first second of the next Friday.
+
+ this week
+ The current time but the first day of the coming week.
+
+ a fortnight ago
+ The current time but 14 days ago.
+
+ 10:01 am 9/17/2009
+ 10:01 am, September 17, 2009.
+
+ 10:01 am
+ 10:01 am on the current day.
+
+ 10 10:00 am on the current day.
+
+ 9/17/2009
+ 00:00 am, September 17, 2009.
+
+
+
+
+
+1.7.2 September 19, 2009 3
+
+
+
+
+
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+
+
+ 10:01 am Sep 17, 2009
+ 10:01 am, September 17, 2009.
+
F�FI�IL�LE�ES�S
_�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�s_�e_�s_�s_�i_�o_�n The default session directory.
@@ -125,17 +224,6 @@ E�EX�XA�AM�MP�PL�LE�ES�S
List sessions run by user _�b_�o_�b with a command containing the string vi:
-
-
-1.7.2 September 13, 2009 2
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
sudoreplay -l user bob command vi
List sessions run by user _�j_�e_�f_�f that match a regular expression:
@@ -171,28 +259,6 @@ D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.7.2 September 13, 2009 3
+1.7.2 September 19, 2009 4
diff --git a/sudoreplay.man.in b/sudoreplay.man.in
index 7a286c3d1..6f49ff001 100644
--- a/sudoreplay.man.in
+++ b/sudoreplay.man.in
@@ -148,7 +148,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOREPLAY @mansectsu@"
-.TH SUDOREPLAY @mansectsu@ "September 13, 2009" "1.7.2" "MAINTENANCE COMMANDS"
+.TH SUDOREPLAY @mansectsu@ "September 19, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -192,6 +192,15 @@ Evaluates to true if the command run matches \fIcommand pattern\fR.
On systems with \s-1POSIX\s0 regular expression support, the pattern may
be an extended regular expression. On systems without \s-1POSIX\s0 regular
expression support, a simple substring match is performed instead.
+.IP "cwd \fIdirectory\fR" 8
+.IX Item "cwd directory"
+Evaluates to true if the command was run with the specified current
+working directory.
+.IP "fromdate \fIdate\fR" 8
+.IX Item "fromdate date"
+Evaluates to true if the command was run on or after \fIdate\fR.
+See \*(L"Date and time format\*(R" for a description of supported
+date and time formats.
.IP "group \fIrunas_group\fR" 8
.IX Item "group runas_group"
Evaluates to true if the command was run with the specified
@@ -201,6 +210,11 @@ specified when \fBsudo\fR was run this field will be empty in the log.
.IX Item "runas runas_user"
Evaluates to true if the command was run as the specified \fIrunas_user\fR.
Note that \fBsudo\fR runs commands as user \fIroot\fR by default.
+.IP "todate \fIdate\fR" 8
+.IX Item "todate date"
+Evaluates to true if the command was run on or prior to \fIdate\fR.
+See \*(L"Date and time format\*(R" for a description of supported
+date and time formats.
.IP "tty \fItty\fR" 8
.IX Item "tty tty"
Evaluates to true if the command was run on the specified terminal
@@ -241,6 +255,68 @@ a \fIspeed_factor\fR of <.5> would make the output twice as slow.
.IX Item "-V"
The \fB\-V\fR (version) option causes \fBsudoreplay\fR to print its version number
and exit.
+.Sh "Date and time format"
+.IX Subsection "Date and time format"
+The time and date may be specified multiple ways, common formats include:
+.IP "\s-1HH:MM:SS\s0 am \s-1MM/DD/CCYY\s0 timezone" 8
+.IX Item "HH:MM:SS am MM/DD/CCYY timezone"
+24 hour time may be used in place of am/pm.
+.IP "\s-1HH:MM:SS\s0 am Month, Day Year timezone" 8
+.IX Item "HH:MM:SS am Month, Day Year timezone"
+24 hour time may be used in place of am/pm, and month and day names
+may be abbreviated. Note that month and day of the week names must
+be specified in English.
+.IP "CCYY-MM-DD \s-1HH:MM:SS\s0" 8
+.IX Item "CCYY-MM-DD HH:MM:SS"
+\&\s-1ISO\s0 time format
+.IP "\s-1DD\s0 Month \s-1CCYY\s0 \s-1HH:MM:SS\s0" 8
+.IX Item "DD Month CCYY HH:MM:SS"
+The month name may be abbreviated.
+.PP
+Either time or date may be omitted, the am/pm and timezone are
+optional. If no date is specified, the current day is assumed; if
+no time is specified, the first second of the specified date is
+used. The less significant parts of both time and date may also
+be omitted, in which case zero is assumed. For example, the following
+are all valid:
+.PP
+The following are all valid time and date specifications:
+.IP "now" 8
+.IX Item "now"
+The current time and date.
+.IP "tomorrow" 8
+.IX Item "tomorrow"
+Exactly one day from now.
+.IP "yesterday" 8
+.IX Item "yesterday"
+24 hours ago.
+.IP "2 hours ago" 8
+.IX Item "2 hours ago"
+2 hours ago.
+.IP "next Friday" 8
+.IX Item "next Friday"
+The first second of the next Friday.
+.IP "this week" 8
+.IX Item "this week"
+The current time but the first day of the coming week.
+.IP "a fortnight ago" 8
+.IX Item "a fortnight ago"
+The current time but 14 days ago.
+.IP "10:01 am 9/17/2009" 8
+.IX Item "10:01 am 9/17/2009"
+10:01 am, September 17, 2009.
+.IP "10:01 am" 8
+.IX Item "10:01 am"
+10:01 am on the current day.
+.IP "10" 8
+.IX Item "10"
+10:00 am on the current day.
+.IP "9/17/2009" 8
+.IX Item "9/17/2009"
+00:00 am, September 17, 2009.
+.IP "10:01 am Sep 17, 2009" 8
+.IX Item "10:01 am Sep 17, 2009"
+10:01 am, September 17, 2009.
.SH "FILES"
.IX Header "FILES"
.IP "\fI/var/log/sudo\-session\fR" 24
diff --git a/sudoreplay.pod b/sudoreplay.pod
index 9ae513d26..46f9d0921 100644
--- a/sudoreplay.pod
+++ b/sudoreplay.pod
@@ -140,20 +140,42 @@ and exit.
=back
-=head2 "Date and time format"
+=head2 Date and time format
-The time and date may be specified multiple ways:
+The time and date may be specified multiple ways, common formats include:
=over 8
=item HH:MM:SS am MM/DD/CCYY timezone
-Note that the date portion uses US format, regardless of locale.
+24 hour time may be used in place of am/pm.
=item HH:MM:SS am Month, Day Year timezone
-The month and day names may be abbreviated. Note that Month and
-Day of the week names must currently be specified in English.
+24 hour time may be used in place of am/pm, and month and day names
+may be abbreviated. Note that month and day of the week names must
+be specified in English.
+
+=item CCYY-MM-DD HH:MM:SS
+
+ISO time format
+
+=item DD Month CCYY HH:MM:SS
+
+The month name may be abbreviated.
+
+=back
+
+Either time or date may be omitted, the am/pm and timezone are
+optional. If no date is specified, the current day is assumed; if
+no time is specified, the first second of the specified date is
+used. The less significant parts of both time and date may also
+be omitted, in which case zero is assumed. For example, the following
+are all valid:
+
+The following are all valid time and date specifications:
+
+=over 8
=item now
@@ -161,42 +183,47 @@ The current time and date.
=item tomorrow
-The current time but tomorrow's date.
+Exactly one day from now.
=item yesterday
-The current time but yesterday's date.
+24 hours ago.
+
+=item 2 hours ago
+
+2 hours ago.
=item next Friday
-The first second of the day, next Friday.
+The first second of the next Friday.
=item this week
The current time but the first day of the coming week.
-=back
+=item a fortnight ago
-Either time or date may be omitted, the am/pm and timezone are
-optional. If no date is specified, the current day is assumed; if
-no time is specified, the first second of the specified date is
-used. The less significant parts of both time and date may also
-be omitted, in which case zero is assumed. For example, the following
-are all valid:
+The current time but 14 days ago.
-=over 8
+=item 10:01 am 9/17/2009
-=item 10:01 am 9/17/2909
+10:01 am, September 17, 2009.
=item 10:01 am
+10:01 am on the current day.
+
=item 10
+10:00 am on the current day.
+
=item 9/17/2009
+00:00 am, September 17, 2009.
+
=item 10:01 am Sep 17, 2009
-=item Sep 17, 2009
+10:01 am, September 17, 2009.
=back
--
2.40.0