From 59302128dfff7558eac7241d83a3e0110760ebc1 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 15 Nov 2008 18:34:01 +0000 Subject: [PATCH] standardize on the term 'option' for command line options (not flag) --- sudo.pod | 24 ++++++++++++------------ sudoers.pod | 38 +++++++++++++++++++------------------- visudo.pod | 4 ++-- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/sudo.pod b/sudo.pod index bc413865c..a8543a796 100644 --- a/sudo.pod +++ b/sudo.pod @@ -68,17 +68,17 @@ When invoked as B, the B<-e> option (described below), is implied. B determines who is an authorized user by consulting the file -F<@sysconfdir@/sudoers>. By giving B the B<-v> flag, a user -can update the time stamp without running a I. The password -prompt itself will also time out if the user's password is not -entered within C<@password_timeout@> minutes (unless overridden via -I). +F<@sysconfdir@/sudoers>. By running B with the B<-v> option, +a user can update the time stamp without running a I. The +password prompt itself will also time out if the user's password +is not entered within C<@password_timeout@> minutes (unless overridden +via I). If a user who is not listed in the I file tries to run a command via B, mail is sent to the proper authorities, as defined at configure time or in the I file (defaults to C<@mailto@>). Note that the mail will not be sent if an unauthorized -user tries to run sudo with the B<-l> or B<-v> flags. This allows +user tries to run sudo with the B<-l> or B<-v> option. This allows users to determine for themselves whether or not they are allowed to use B. @@ -86,7 +86,7 @@ If B is run by root and the C environment variable is set, B will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the B<-e> -flag to remain useful even when being run via a sudo-run script or +option to remain useful even when being run via a sudo-run script or program. Note however, that the sudoers lookup is still done for root, not the user specified by C. @@ -256,7 +256,7 @@ user specified by the B<-U> option) on the current host. If a I is specified and is permitted by I, the fully-qualified path to the command is displayed along with any command line arguments. If I is specified but not allowed, -B will exit with a return value of 1. If the B<-l> flag is +B will exit with a status value of 1. If the B<-l> option is specified with an B argument (i.e. B<-ll>), or if B<-l> is specified multiple times, a longer list format is used. @@ -373,8 +373,8 @@ a command. =item -- -The B<--> flag indicates that B should stop processing command -line arguments. It is most useful in conjunction with the B<-s> flag. +The B<--> option indicates that B should stop processing command +line arguments. It is most useful in conjunction with the B<-s> option. =back @@ -389,8 +389,8 @@ that would overwise be forbidden. See L for more information. =head1 RETURN VALUES -Upon successful execution of a program, the return value from B -will simply be the return value of the program that was executed. +Upon successful execution of a program, the exit status from B +will simply be the exit status of the program that was executed. Otherwise, B quits with an exit value of 1 if there is a configuration/permission problem or if B cannot execute the diff --git a/sudoers.pod b/sudoers.pod index a962bdb46..5aec5b99e 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -192,7 +192,7 @@ in the C must match exactly those given by the user on the command line (or match the wildcards if there are any). Note that the following characters must be escaped with a '\' if they are used in command arguments: ',', ':', '=', '\'. The special command C<"sudoedit"> -is used to permit a user to run B with the B<-e> flag (or +is used to permit a user to run B with the B<-e> option (or as B). It may take command line arguments just as a normal command does. @@ -267,12 +267,12 @@ A C determines the user and/or the group that a command may be run as. A fully-specified C consists of two Cs (as defined above) separated by a colon (':') and enclosed in a set of parentheses. The first C indicates -which users the command may be run as via B's B<-u> flag. +which users the command may be run as via B's B<-u> option. The second defines a list of groups that can be specified via -B's B<-g> flag. If both Cs are specified, the +B's B<-g> option. If both Cs are specified, the command may be run with any combination of users and groups listed in their respective Cs. If only the first is specified, -the command may be run as any user in the list but no B<-g> flag +the command may be run as any user in the list but no B<-g> option may be specified. If the first C is empty but the second is specified, the command may be run as the invoking user with the group set to any listed in the C. If no @@ -504,7 +504,7 @@ B: If set, B will set the C environment variable to the home directory of the target user (which is root unless the B<-u> option is used). -This effectively means that the B<-H> flag is always implied. +This effectively means that the B<-H> option is always implied. This flag is I by default. =item authenticate @@ -689,16 +689,16 @@ password of the invoking user. This flag is I by default. =item set_home -If set and B is invoked with the B<-s> flag the C +If set and B is invoked with the B<-s> option the C environment variable will be set to the home directory of the target user (which is root unless the B<-u> option is used). This effectively -makes the B<-s> flag imply B<-H>. This flag is I by default. +makes the B<-s> option imply B<-H>. This flag is I by default. =item set_logname Normally, B will set the C, C and C environment variables to the name of the target user (usually root -unless the B<-u> flag is given). However, since some programs +unless the B<-u> option is given). However, since some programs (including the RCS revision control system) use C to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname @@ -718,7 +718,7 @@ by default. =item shell_noargs If set and B is invoked with no arguments it acts as if the -B<-s> flag had been given. That is, it runs a shell as root (the +B<-s> option had been given. That is, it runs a shell as root (the shell is determined by the C environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is I by default. @@ -737,9 +737,9 @@ function. This flag is I by default. =item targetpw If set, B will prompt for the password of the user specified by -the B<-u> flag (defaults to C) instead of the password of the +the B<-u> option (defaults to C) instead of the password of the invoking user. Note that this precludes the use of a uid not listed -in the passwd database as an argument to the B<-u> flag. +in the passwd database as an argument to the B<-u> option. This flag is I by default. =item tty_tickets @@ -902,7 +902,7 @@ This option is only available whe B is built with SELinux support. =item runas_default -The default user to run commands as if the B<-u> flag is not specified +The default user to run commands as if the B<-u> option is not specified on the command line. This defaults to C<@runas_default@>. Note that if I is set it B occur before any C specifications. @@ -1004,7 +1004,7 @@ By default, B uses a built-in lecture. =item listpw This option controls when a password will be required when a -user runs B with the B<-l> flag. It has the following possible values: +user runs B with the B<-l> option. It has the following possible values: =over 8 @@ -1015,7 +1015,7 @@ the C flag set to avoid entering a password. =item always -The user must always enter a password to use the B<-l> flag. +The user must always enter a password to use the B<-l> option. =item any @@ -1024,7 +1024,7 @@ must have the C flag set to avoid entering a password. =item never -The user need never enter a password to use the B<-l> flag. +The user need never enter a password to use the B<-l> option. =back @@ -1077,7 +1077,7 @@ disable syslog logging). Defaults to C<@logfac@>. =item verifypw This option controls when a password will be required when a user runs -B with the B<-v> flag. It has the following possible values: +B with the B<-v> option. It has the following possible values: =over 8 @@ -1088,7 +1088,7 @@ the C flag set to avoid entering a password. =item always -The user must always enter a password to use the B<-v> flag. +The user must always enter a password to use the B<-v> option. =item any @@ -1097,7 +1097,7 @@ must have the C flag set to avoid entering a password. =item never -The user need never enter a password to use the B<-v> flag. +The user need never enter a password to use the B<-v> option. =back @@ -1311,7 +1311,7 @@ The user B can run commands as any user in the I C john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* On the I machines, user B may su to anyone except root -but he is not allowed to give L any flags. +but he is not allowed to specify any options to the L command. jen ALL, !SERVERS = ALL diff --git a/visudo.pod b/visudo.pod index 088f79dc8..2f82746e2 100644 --- a/visudo.pod +++ b/visudo.pod @@ -44,7 +44,7 @@ your system, as determined by the I script. Normally, B does not honor the C or C environment variables unless they contain an editor in the aforementioned editors list. However, if B is configured with the I<--with-enveditor> -flag or the I C variable is set in I, +option or the I C variable is set in I, B will use any the editor defines by C or C. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting C or C. @@ -89,7 +89,7 @@ is the specified I file with ".tmp" appended to it. Enable B mode. In this mode details about syntax errors are not printed. This option is only useful when combined with -the B<-c> flag. +the B<-c> option. =item -s -- 2.40.0