From 4d04c5644bd3e6233567a8580865643c31fb478b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 11 Nov 2014 15:29:19 -0700 Subject: [PATCH] No need to keep specifying ".Nm foo" since the Nm macro remembers the argument it was first called with and uses it if none is specified. Also fix a few minor formatting errors and regen bulleted lists in the .man.in files. --- doc/sudo.conf.mdoc.in | 12 ++-- doc/sudo.man.in | 22 ++++---- doc/sudo.mdoc.in | 124 ++++++++++++++++++++--------------------- doc/sudo_plugin.man.in | 16 +++--- doc/sudoers.cat | 8 +-- doc/sudoers.man.in | 4 +- doc/sudoers.mdoc.in | 44 +++++++-------- doc/sudoreplay.mdoc.in | 30 +++++----- doc/visudo.cat | 2 +- doc/visudo.man.in | 2 +- doc/visudo.mdoc.in | 46 +++++++-------- 11 files changed, 155 insertions(+), 155 deletions(-) diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index 357ddda45..9957b63c3 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -30,7 +30,7 @@ It specifies the security policy and I/O logging plugins, debug flags as well as plugin-agnostic path names and settings. .Pp The -.Nm sudo.conf +.Nm file supports the following directives, described in detail below. .Bl -tag -width 8n .It Plugin @@ -73,7 +73,7 @@ or are silently ignored. .Pp The -.Nm sudo.conf +.Nm file is always parsed in the .Dq Li C locale. @@ -86,7 +86,7 @@ logging plugins to work seamlessly with the .Nm sudo front end. Plugins are dynamically loaded based on the contents of -.Nm sudo.conf . +.Nm . .Pp A .Li Plugin @@ -154,7 +154,7 @@ policy plugin may be specified. This limitation does not apply to I/O plugins. .Pp If no -.Nm sudo.conf +.Nm file is present, or if it contains no .Li Plugin lines, the @@ -235,7 +235,7 @@ The default value is .El .Ss Other settings The -.Nm sudo.conf +.Nm file also supports the following front end settings: .Bl -tag -width 8n .It disable_coredump @@ -247,7 +247,7 @@ To aid in debugging crashes, you may wish to re-enable core dumps by setting .Dq disable_coredump to false in -.Nm sudo.conf +.Nm as follows: .Bd -literal -offset indent Set disable_coredump false diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 9b77fb54d..770ce527e 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -636,37 +636,37 @@ option was specified). .PP The following parameters may be specified by security policy: .TP 4n -\fBo\fR +\fB\(bu\fR real and effective user ID .TP 4n -\fBo\fR +\fB\(bu\fR real and effective group ID .TP 4n -\fBo\fR +\fB\(bu\fR supplementary group IDs .TP 4n -\fBo\fR +\fB\(bu\fR the environment list .TP 4n -\fBo\fR +\fB\(bu\fR current working directory .TP 4n -\fBo\fR +\fB\(bu\fR file creation mode mask (umask) .TP 4n -\fBo\fR +\fB\(bu\fR SELinux role and type .TP 4n -\fBo\fR +\fB\(bu\fR Solaris project .TP 4n -\fBo\fR +\fB\(bu\fR Solaris privileges .TP 4n -\fBo\fR +\fB\(bu\fR BSD login class .TP 4n -\fBo\fR +\fB\(bu\fR scheduling priority (aka nice value) .SS "Process model" When diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index 2f69f0a38..8b440933c 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -72,18 +72,18 @@ .Op Fl u Ar user .Ar .Sh DESCRIPTION -.Nm sudo +.Nm allows a permitted user to execute a .Ar command as the superuser or another user, as specified by the security policy. .Pp -.Nm sudo +.Nm supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the -.Nm sudo +.Nm front end. The default security policy is .Em sudoers , @@ -96,11 +96,11 @@ section for more information. .Pp The security policy determines what privileges, if any, a user has to run -.Nm sudo . +.Nm . The policy may require that users authenticate themselves with a password or another authentication mechanism. If authentication is required, -.Nm sudo +.Nm will exit if the user's password is not entered within a configurable time limit. This limit is policy-specific; the default password prompt timeout @@ -112,7 +112,7 @@ minutes. .Pp Security policies may support credential caching to allow the user to run -.Nm sudo +.Nm again for a period of time without requiring authentication. The .Em sudoers @@ -121,7 +121,7 @@ policy caches credentials for minutes, unless overridden in .Xr sudoers @mansectform@ . By running -.Nm sudo +.Nm with the .Fl v option, a user can update the cached credentials without running a @@ -134,7 +134,7 @@ the option (described below), is implied. .Pp Security policies may log successful and failed attempts to use -.Nm sudo . +.Nm . If an I/O plugin is configured, the running command's input and output may be logged as well. .Pp @@ -142,7 +142,7 @@ The options are as follows: .Bl -tag -width Fl .It Fl A , -askpass Normally, if -.Nm sudo +.Nm requires a password, it will read it from the user's terminal. If the .Fl A Pq Em askpass @@ -164,7 +164,7 @@ Path askpass /usr/X11R6/bin/ssh-askpass .Ed .Pp If no askpass program is available, -.Nm sudo +.Nm will exit with an error. .It Fl a Ar type , Fl -auth-type Ns = Ns Ar type Use the specified BSD authentication @@ -181,7 +181,7 @@ This option is only available on systems that support BSD authentication. Run the given command in the background. Note that it is not possible to use shell job control to manipulate background processes started by -.Nm sudo . +.Nm . Most interactive commands will fail to work properly in background mode. .It Fl C Ar num , Fl -close-from Ns = Ns Ar num @@ -190,7 +190,7 @@ Close all file descriptors greater than or equal to before executing a command. Values less than three are not permitted. By default, -.Nm sudo +.Nm will close all open file descriptors other than standard input, standard output and standard error when executing a command. The security policy may restrict the user's ability to use this option. @@ -218,7 +218,7 @@ is .Cm - , the default login class of the target user will be used. Otherwise, the command must be run as the superuser (user ID 0), or -.Nm sudo +.Nm must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional .Pa /etc/login.conf @@ -270,7 +270,7 @@ Note that unlike most commands run by .Em sudo , the editor is run with the invoking user's environment unmodified. If, for some reason, -.Nm sudo +.Nm is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. @@ -328,7 +328,7 @@ via the shell's .Fl c option. If no command is specified, an interactive shell is executed. -.Nm sudo +.Nm attempts to change to that user's home directory before running the shell. The command is run with an environment similar to the one @@ -352,21 +352,21 @@ Not all security policies support credential caching. .It Fl k , -reset-timestamp When used without a command, invalidates the user's cached credentials. In other words, the next time -.Nm sudo +.Nm is run a password will be required. This option does not require a password and was added to allow a user to revoke -.Nm sudo +.Nm permissions from a .Pa .logout file. .Pp When used in conjunction with a command or an option that may require a password, this option will cause -.Nm sudo +.Nm to ignore the user's cached credentials. As a result, -.Nm sudo +.Nm will prompt for a password (if one is required by the security policy) and will not update the user's cached credentials. .Pp @@ -390,12 +390,12 @@ arguments. If .Ar command is specified but not allowed, -.Nm sudo +.Nm will exit with a status value of 1. .It Fl n , -non-interactive Avoid prompting the user for input of any kind. If a password is required for the command to run, -.Nm sudo +.Nm will display an error message and exit. .It Fl P , -preserve-groups Preserve the invoking user's group vector unaltered. @@ -514,13 +514,13 @@ option is not set. Other security policies may not support this. .It Fl V , -version Print the -.Nm sudo +.Nm version string as well as the version string of the security policy plugin and any I/O plugins. If the invoking user is already root the .Fl V option will display the arguments passed to configure when -.Nm sudo +.Nm was built and plugins may display more verbose information such as default options. .It Fl v , -validate @@ -529,7 +529,7 @@ if necessary. For the .Em sudoers plugin, this extends the -.Nm sudo +.Nm timeout for another .Li @timeout@ minutes by default, but does not run a command. @@ -538,7 +538,7 @@ Not all security policies support cached credentials. The .Fl - option indicates that -.Nm sudo +.Nm should stop processing command line arguments. .El .Pp @@ -568,7 +568,7 @@ See for more information. .Sh COMMAND EXECUTION When -.Nm sudo +.Nm executes a command, the security policy specifies the execution environment for the command. Typically, the real and effective user and group and IDs are set to @@ -605,21 +605,21 @@ scheduling priority (aka nice value) .El .Ss Process model When -.Nm sudo +.Nm runs a command, it calls .Xr fork 2 , sets up the execution environment as described above, and calls the .Xr execve system call in the child process. The main -.Nm sudo +.Nm process waits until the command has completed, then passes the command's exit status to the security policy's close function and exits. If an I/O logging plugin is configured or if the security policy explicitly requests it, a new pseudo-terminal .Pq Dq pty is created and a second -.Nm sudo +.Nm process is used to relay job control signals between the user's existing pty and the new pty the command is being run in. This extra process makes it possible to, for example, suspend @@ -629,7 +629,7 @@ Without it, the command would be in what POSIX terms an and it would not receive any job control signals. As a special case, if the policy plugin does not define a close function and no pty is required, -.Nm sudo +.Nm will execute the command directly instead of calling .Xr fork 2 first. @@ -648,9 +648,9 @@ and are enabled by default on systems using PAM. .Ss Signal handling When the command is run as a child of the -.Nm sudo +.Nm process, -.Nm sudo +.Nm will relay signals it receives to the command. Unless the command is being run in a new pty, the .Dv SIGHUP , @@ -672,10 +672,10 @@ As a general rule, should be used instead of .Dv SIGSTOP when you wish to suspend a command being run by -.Nm sudo . +.Nm . .Pp As a special case, -.Nm sudo +.Nm will not relay signals that were sent by the command it is running. This prevents the command from accidentally killing itself. On some systems, the @@ -685,7 +685,7 @@ command sends to all non-system processes other than itself before rebooting the system. This prevents -.Nm sudo +.Nm from relaying the .Dv SIGTERM signal it received back to @@ -693,14 +693,14 @@ signal it received back to which might then exit before the system was actually rebooted, leaving it in a half-dead state similar to single user mode. Note, however, that this check only applies to the command run by -.Nm sudo +.Nm and not any other processes that the command may create. As a result, running a script that calls .Xr reboot @mansectsu@ or .Xr shutdown @mansectsu@ via -.Nm sudo +.Nm may cause the system to end up in this undefined state unless the .Xr reboot @mansectsu@ or @@ -716,7 +716,7 @@ defined a .Fn close function, set a command timeout or required that the command be run in a new pty, -.Nm sudo +.Nm may execute the command directly instead of running it as a child process. .Ss Plugins Plugins may be specified via @@ -726,14 +726,14 @@ directives in the file. They may be loaded as dynamic shared objects (on systems that support them), or compiled directly into the -.Nm sudo +.Nm binary. If no .Xr sudo.conf @mansectform@ file is present, or it contains no .Li Plugin lines, -.Nm sudo +.Nm will use the traditional .Em sudoers security policy and I/O logging. @@ -744,7 +744,7 @@ manual for details of the file and the .Xr sudo_plugin @mansectsu@ manual for more information about the -.Nm sudo +.Nm plugin architecture. .Sh EXIT VALUE Upon successful execution of a program, the exit status from @@ -752,14 +752,14 @@ Upon successful execution of a program, the exit status from will simply be the exit status of the program that was executed. .Pp Otherwise, -.Nm sudo +.Nm exits with a value of 1 if there is a configuration/permission problem or if -.Nm sudo +.Nm cannot execute the given command. In the latter case the error string is printed to the standard error. If -.Nm sudo +.Nm cannot .Xr stat 2 one or more entries in the user's @@ -777,11 +777,11 @@ your .Ev PATH is on a machine that is currently unreachable. .Sh SECURITY NOTES -.Nm sudo +.Nm tries to be safe when executing external commands. .Pp To prevent command spoofing, -.Nm sudo +.Nm checks "." and "" (both denoting current directory) last when searching for a command in the user's .Ev PATH @@ -792,11 +792,11 @@ Note, however, that the actual environment variable is .Em not modified and is passed unchanged to the program that -.Nm sudo +.Nm executes. .Pp Please note that -.Nm sudo +.Nm will normally only log the command it explicitly runs. If a user runs a command such as .Li sudo su @@ -810,7 +810,7 @@ most editors). If I/O logging is enabled, subsequent commands will have their input and/or output logged, but there will not be traditional logs for those commands. Because of this, care must be taken when giving users access to commands via -.Nm sudo +.Nm to verify that the command does not inadvertently give the user an effective root shell. For more information, please see the @@ -819,11 +819,11 @@ section in .Xr sudoers @mansectform@ . .Pp To prevent the disclosure of potentially sensitive information, -.Nm sudo +.Nm disables core dumps by default while it is executing (they are re-enabled for the command that is run). To aid in debugging -.Nm sudo +.Nm crashes, you may wish to re-enable core dumps by setting .Dq disable_coredump to false in the @@ -837,7 +837,7 @@ See the .Xr sudo.conf @mansectform@ manual for more information. .Sh ENVIRONMENT -.Nm sudo +.Nm utilizes the following environment variables. The security policy has control over the actual content of the command's environment. @@ -918,7 +918,7 @@ is not set. .Sh FILES .Bl -tag -width 24n .It Pa @sysconfdir@/sudo.conf -.Nm sudo +.Nm front end configuration .El .Sh EXAMPLES @@ -978,26 +978,26 @@ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" .Xr visudo @mansectsu@ .Sh HISTORY See the HISTORY file in the -.Nm sudo +.Nm distribution (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. .Sh AUTHORS Many people have worked on -.Nm sudo +.Nm over the years; this version consists of code written primarily by: .Bd -ragged -offset indent Todd C. Miller .Ed .Pp See the CONTRIBUTORS file in the -.Nm sudo +.Nm distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have contributed to -.Nm sudo . +.Nm . .Sh CAVEATS There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via -.Nm sudo . +.Nm . Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding .Nm sudo Ns 's @@ -1022,25 +1022,25 @@ Please see the section for more information. .Pp Running shell scripts via -.Nm sudo +.Nm can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, setuid shell scripts are generally safe). .Sh BUGS If you feel you have found a bug in -.Nm sudo , +.Nm , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER -.Nm sudo +.Nm is provided .Dq AS IS and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with -.Nm sudo +.Nm or http://www.sudo.ws/sudo/license.html for complete details. diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in index 251223f49..f9ab8d0f4 100644 --- a/doc/sudo_plugin.man.in +++ b/doc/sudo_plugin.man.in @@ -1924,29 +1924,29 @@ while the plugin functions are run. The following signals are trapped by default before the command is executed: .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGALRM\fR .PD 0 .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGHUP\fR .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGINT\fR .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGQUIT\fR .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGTERM\fR .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGTSTP\fR .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGUSR1\fR .TP 4n -\fBo\fR +\fB\(bu\fR \fRSIGUSR2\fR .PD .PP diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 9bafd87e6..5a76da85b 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -4,7 +4,7 @@ NNAAMMEE ssuuddooeerrss - default sudo security policy plugin DDEESSCCRRIIPPTTIIOONN - The _s_u_d_o_e_r_s policy plugin determines a user's ssuuddoo privileges. It is the + The ssuuddooeerrss policy plugin determines a user's ssuuddoo privileges. It is the default ssuuddoo policy plugin. The policy is driven by the _/_e_t_c_/_s_u_d_o_e_r_s file or, optionally in LDAP. The policy format is described in detail in the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s @@ -155,9 +155,9 @@ DDEESSCCRRIIPPTTIIOONN variables in the PAM environment may be merged in to the environment. If a variable in the PAM environment is already present in the user's environment, the value will only be overridden if the variable was not - preserved by ssuuddooeerrss.. When _e_n_v___r_e_s_e_t is enabled, variables preserved from - the invoking user's environment by the _e_n_v___k_e_e_p list take precedence over - those in the PAM environment. When _e_n_v___r_e_s_e_t is disabled, variables + preserved by ssuuddooeerrss. When _e_n_v___r_e_s_e_t is enabled, variables preserved + from the invoking user's environment by the _e_n_v___k_e_e_p list take precedence + over those in the PAM environment. When _e_n_v___r_e_s_e_t is disabled, variables present the invoking user's environment take precedence over those in the PAM environment unless they match a pattern in the _e_n_v___d_e_l_e_t_e list. diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 1ee84ede7..aa273ffba 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -29,7 +29,7 @@ \- default sudo security policy plugin .SH "DESCRIPTION" The -\fIsudoers\fR +\fBsudoers\fR policy plugin determines a user's \fBsudo\fR privileges. @@ -375,7 +375,7 @@ variables in the PAM environment may be merged in to the environment. If a variable in the PAM environment is already present in the user's environment, the value will only be overridden if the variable was not preserved by -\fBsudoers.\fR +\fBsudoers\fR. When \fIenv_reset\fR is enabled, variables preserved from the invoking user's environment diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 9534630b9..24f5121eb 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -27,7 +27,7 @@ .Nd default sudo security policy plugin .Sh DESCRIPTION The -.Em sudoers +.Nm policy plugin determines a user's .Nm sudo privileges. @@ -56,12 +56,12 @@ If no file is present, or if it contains no .Li Plugin lines, -.Nm sudoers +.Nm will be used for policy decisions and I/O logging. To explicitly configure .Xr sudo.conf @mansectform@ to use the -.Nm sudoers +.Nm plugin, the following configuration can be used. .Bd -literal -offset indent Plugin sudoers_policy sudoers.so @@ -71,7 +71,7 @@ Plugin sudoers_io sudoers.so Starting with .Nm sudo 1.8.5, it is possible to specify optional arguments to the -.Nm sudoers +.Nm plugin in the .Xr sudo.conf @mansectform@ file. @@ -361,7 +361,7 @@ variables in the PAM environment may be merged in to the environment. If a variable in the PAM environment is already present in the user's environment, the value will only be overridden if the variable was not preserved by -.Nm sudoers. +.Nm . When .Em env_reset is enabled, variables preserved from the invoking user's environment @@ -1906,7 +1906,7 @@ In the file, the first host name of the entry is considered to be the .Dq canonical name; subsequent names are aliases that are not used by -.Nm sudoers . +.Nm . For example, the following hosts file line for the machine .Dq xyzzy has the fully-qualified domain name as the @@ -1922,7 +1922,7 @@ option will not be effective if it is queried before DNS. Beware that when using DNS for host name resolution, turning on .Em fqdn requires -.Nm sudoers +.Nm to make DNS lookups which renders .Nm sudo unusable if DNS stops working (for example if the machine is disconnected @@ -2766,7 +2766,7 @@ Once the local sequence number reaches the value of it will .Dq roll over to zero, after which -.Nm sudoers +.Nm will truncate and re-use any existing I/O log path names. .Pp This setting is only supported by version 1.8.7 or higher. @@ -3229,7 +3229,7 @@ option. .El .Sh GROUP PROVIDER PLUGINS The -.Nm sudoers +.Nm plugin supports its own plugin interface to allow non-Unix group lookups which can query a group source other than the standard Unix group database. @@ -3283,7 +3283,7 @@ Defaults group_plugin=system_group.so The group provider plugin API is described in detail in .Xr sudo_plugin @mansectsu@ . .Sh LOG FORMAT -.Nm sudoers +.Nm can log events using either .Xr syslog 3 or a simple log file. @@ -3397,13 +3397,13 @@ were not allowed by .El .Ss Error log entries If an error occurs, -.Nm sudoers +.Nm will log a message and, in most cases, send a message to the administrator via email. Possible errors include: .Bl -tag -width 4 .It parse error in @sysconfdir@/sudoers near line N -.Nm sudoers +.Nm encountered an error when parsing the specified file. In some cases, the actual error may be one line above or below the line number listed, depending on the type of error. @@ -3430,7 +3430,7 @@ This can happen when the file is located on a remote file system that maps user ID 0 to a different value. Normally, -.Nm sudoers +.Nm tries to open .Em sudoers using group permissions to avoid this problem. @@ -3443,7 +3443,7 @@ or adding an argument like is the user ID that owns the .Em sudoers file) to the end of the -.Nm sudoers +.Nm .Li Plugin line in the .Xr sudo.conf @mansectform@ @@ -3469,7 +3469,7 @@ file owner, please add is the user ID that owns the .Em sudoers file) to the -.Nm sudoers +.Nm .Li Plugin line in the .Xr sudo.conf @mansectform@ @@ -3485,7 +3485,7 @@ is 0440 (readable by owner and group, writable by none). The default mode may be changed via the .Dq sudoers_mode option to the -.Nm sudoers +.Nm .Li Plugin line in the .Xr sudo.conf @mansectform@ @@ -3503,7 +3503,7 @@ file group ownership, please add is the group ID that owns the .Em sudoers file) to the -.Nm sudoers +.Nm .Li Plugin line in the .Xr sudo.conf @mansectform@ @@ -3556,7 +3556,7 @@ On most systems, .Xr syslog 3 has a relatively small log buffer. To prevent the command line arguments from being truncated, -.Nm sudoers +.Nm will split up log messages that are larger than 960 characters (not including the date, hostname, and the string .Dq sudo ) . @@ -4256,7 +4256,7 @@ without entering a password when logging out and back in again on the same terminal. .Sh DEBUGGING Versions 1.8.4 and higher of the -.Nm sudoers +.Nm plugin support a flexible debugging framework that can help track down what the plugin is doing internally if there is a problem. This can be configured in the @@ -4264,14 +4264,14 @@ This can be configured in the file. .Pp The -.Nm sudoers +.Nm plugin uses the same debug flag format as the .Nm sudo front-end: .Em subsystem Ns @ Ns Em priority . .Pp The priorities used by -.Nm sudoers , +.Nm , in order of decreasing severity, are: .Em crit , err , warn , notice , diag , info , trace @@ -4286,7 +4286,7 @@ would include debug messages logged at and higher. .Pp The following subsystems are used by the -.Nm sudoers +.Nm plugin: .Bl -tag -width 8n .It Em alias diff --git a/doc/sudoreplay.mdoc.in b/doc/sudoreplay.mdoc.in index b29bc1b90..6abe2e95d 100644 --- a/doc/sudoreplay.mdoc.in +++ b/doc/sudoreplay.mdoc.in @@ -29,17 +29,17 @@ .Op Fl s Ar num ID .Pp -.Nm sudoreplay +.Nm .Op Fl h .Op Fl d Ar dir .Fl l .Op search expression .Sh DESCRIPTION -.Nm sudoreplay +.Nm plays back or lists the output logs created by .Nm sudo . When replaying, -.Nm sudoreplay +.Nm can play the session back in real-time, or the playback speed may be adjusted (faster or slower) based on the command line options. .Pp @@ -71,12 +71,12 @@ may also be determined using list mode. .Pp In list mode, -.Nm sudoreplay +.Nm can be used to find the ID of a session based on a number of criteria such as the user, tty or command run. .Pp In replay mode, if the standard output has not been redirected, -.Nm sudoreplay +.Nm will act on the following keys: .Bl -tag -width 12n .It So Li \en Sc No or So Li \er Sc @@ -99,7 +99,7 @@ instead of the default, .It Fl f Ar filter , Fl -filter Ns = Ns Ar filter Select which I/O type(s) to display. By default, -.Nm sudoreplay +.Nm will display the command's standard output, standard error and tty output. The .Ar filter @@ -114,7 +114,7 @@ Display a short help message to the standard output and exit. Enable .Dq list mode . In this mode, -.Nm sudoreplay +.Nm will list available sessions in a format similar to the .Nm sudo log file format, sorted by file name (or sequence number). @@ -198,13 +198,13 @@ unless separated by an .It Fl m , -max-wait Ar max_wait Specify an upper bound on how long to wait between key presses or output data. By default, -.Nm sudoreplay +.Nm will accurately reproduce the delays between key presses or program output. However, this can be tedious when the session includes long pauses. When the .Fl m option is specified, -.Nm sudoreplay +.Nm will limit these pauses to at most .Em max_wait seconds. @@ -212,7 +212,7 @@ The value may be specified as a floating point number, e.g.\& .Em 2.5 . .It Fl s , -speed Ar speed_factor This option causes -.Nm sudoreplay +.Nm to adjust the number of seconds it will wait between key presses or program output. This can be used to slow down or speed up the display. @@ -227,7 +227,7 @@ of would make the output twice as slow. .It Fl V , -version Print the -.Nm sudoreplay +.Nm versions version number and exit. .El .Ss Date and time format @@ -296,9 +296,9 @@ For example, will result in a time exactly two weeks from now, which is probably not what was intended. This will be addressed in a future version of -.Nm sudoreplay . +.Nm . .Ss Debugging sudoreplay -.Nm sudoreplay +.Nm versions 1.8.4 and higher support a flexible debugging framework that is configured via .Li Debug @@ -372,14 +372,14 @@ List sessions run by jeff or bob on the console: Todd C. Miller .Sh BUGS If you feel you have found a bug in -.Nm sudoreplay , +.Nm , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER -.Nm sudoreplay +.Nm is provided .Dq AS IS and any express or implied warranties, including, but not limited diff --git a/doc/visudo.cat b/doc/visudo.cat index 3aadd7765..6ff54e498 100644 --- a/doc/visudo.cat +++ b/doc/visudo.cat @@ -30,7 +30,7 @@ DDEESSCCRRIIPPTTIIOONN may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the changes, or `Q' to quit and save changes. The `Q' option should be used with extreme care because if vviissuuddoo believes there to be a parse error, - so will ssuuddoo and no one will be able to ssuuddoo again until the error is + so will ssuuddoo and no one will be able to run ssuuddoo again until the error is fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature). diff --git a/doc/visudo.man.in b/doc/visudo.man.in index f679b27da..8269ab897 100644 --- a/doc/visudo.man.in +++ b/doc/visudo.man.in @@ -112,7 +112,7 @@ option should be used with extreme care because if believes there to be a parse error, so will \fBsudo\fR and no one -will be able to +will be able to run \fBsudo\fR again until the error is fixed. If diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in index 748c26a2d..d90891037 100644 --- a/doc/visudo.mdoc.in +++ b/doc/visudo.mdoc.in @@ -31,12 +31,12 @@ .Op Fl f Ar sudoers .Op Fl x Ar output_file .Sh DESCRIPTION -.Nm visudo +.Nm edits the .Em sudoers file in a safe fashion, analogous to .Xr vipw @mansectsu@ . -.Nm visudo +.Nm locks the .Em sudoers file against multiple simultaneous edits, provides basic sanity checks, @@ -46,7 +46,7 @@ If the file is currently being edited you will receive a message to try again later. .Pp There is a hard-coded list of one or more editors that -.Nm visudo +.Nm will use set at compile-time that may be overridden via the .Em editor .Em sudoers @@ -55,7 +55,7 @@ variable. This list defaults to .Li "@editor@" . Normally, -.Nm visudo +.Nm does not honor the .Ev VISUAL or @@ -63,7 +63,7 @@ or environment variables unless they contain an editor in the aforementioned editors list. However, if -.Nm visudo +.Nm is configured with the .Li --with-env-editor option or the @@ -71,7 +71,7 @@ option or the .Li Default variable is set in .Em sudoers , -.Nm visudo +.Nm will use any the editor defines by .Ev VISUAL or @@ -82,13 +82,13 @@ execute any program they wish simply by setting or .Ev EDITOR . .Pp -.Nm visudo +.Nm parses the .Em sudoers file after the edit and will not save the changes if there is a syntax error. Upon finding an error, -.Nm visudo +.Nm will print a message stating the line number(s) where the error occurred and the user will receive the .Dq What now? @@ -105,11 +105,11 @@ to quit and save changes. The .Ql Q option should be used with extreme care because if -.Nm visudo +.Nm believes there to be a parse error, so will .Nm sudo and no one -will be able to +will be able to run .Nm sudo again until the error is fixed. If @@ -135,17 +135,17 @@ unless the .Fl q option was specified. If the check completes successfully, -.Nm visudo +.Nm will exit with a value of 0. If an error is encountered, -.Nm visudo +.Nm will exit with a value of 1. .It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers Specify an alternate .Em sudoers file location. With this option, -.Nm visudo +.Nm will edit (or check) the .Em sudoers file of your choice, @@ -183,7 +183,7 @@ checking of the .Em sudoers file. If an alias is used before it is defined, -.Nm visudo +.Nm will consider this a parse error. Note that it is not possible to differentiate between an alias and a host name or user name that consists solely of uppercase @@ -192,7 +192,7 @@ letters, digits, and the underscore character. .It Fl V , -version Print the -.Nm visudo +.Nm and .Em sudoers grammar versions and exit. @@ -226,7 +226,7 @@ ambiguity of the format. .El .Ss Debugging and sudoers plugin arguments -.Nm visudo +.Nm versions 1.8.4 and higher support a flexible debugging framework that is configured via .Li Debug @@ -237,7 +237,7 @@ file. Starting with .Nm sudo 1.8.12, -.Nm visudo +.Nm will also parse the arguments to the .Em sudoers plugin to override the default @@ -291,11 +291,11 @@ settings: .Bl -tag -width 15n .It Ev VISUAL Invoked by -.Nm visudo +.Nm as the editor to use .It Ev EDITOR Used by -.Nm visudo +.Nm if .Ev VISUAL is not set @@ -317,7 +317,7 @@ Someone else is currently editing the file. .It Li @sysconfdir@/sudoers.tmp: Permission denied You didn't run -.Nm visudo +.Nm as root. .It Li Can't find you in the passwd database Your user ID does not appear in the system passwd file. @@ -379,18 +379,18 @@ exhaustive list of people who have contributed to .Sh CAVEATS There is no easy way to prevent a user from gaining a root shell if the editor used by -.Nm visudo +.Nm allows shell escapes. .Sh BUGS If you feel you have found a bug in -.Nm visudo , +.Nm , please submit a bug report at http://www.sudo.ws/sudo/bugs/ .Sh SUPPORT Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives. .Sh DISCLAIMER -.Nm visudo +.Nm is provided .Dq AS IS and any express or implied warranties, including, but not limited -- 2.50.1