From 760918cb89095fd23725b1ff813c96bccf7c3e68 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 23 May 2012 15:59:04 -0400 Subject: [PATCH] regen --HG-- branch : 1.7 --- sudo.cat | 20 ++++++++++++-------- sudo.man.in | 20 ++++++++++++-------- sudoers.cat | 8 ++++---- sudoers.ldap.cat | 10 +++++----- sudoers.ldap.man.in | 2 +- sudoers.man.in | 2 +- sudoreplay.cat | 11 ++++++----- sudoreplay.man.in | 9 +++++---- visudo.cat | 2 +- visudo.man.in | 2 +- 10 files changed, 48 insertions(+), 38 deletions(-) diff --git a/sudo.cat b/sudo.cat index 15c76e0a5..08520340b 100644 --- a/sudo.cat +++ b/sudo.cat @@ -324,11 +324,15 @@ SSEECCUURRIITTYY NNOOTTEESS There are two distinct ways to deal with environment variables. By default, the _e_n_v___r_e_s_e_t _s_u_d_o_e_r_s option is enabled. This causes commands - to be executed with a minimal environment containing the TERM, PATH, - HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in - addition to variables from the invoking process permitted by the - _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p _s_u_d_o_e_r_s options. This is effectively a - whitelist for environment variables. + to be executed with a new, minimal environment containing. On AIX (and + Linux systems without PAM), the environment is initialized with the + contents of the _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t file. On BSD systems, if the + _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the environment is initialized based + on the _p_a_t_h and _s_e_t_e_n_v settings in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The new + environment contains the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER, + USERNAME and SUDO_* variables in addition to variables from the + invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This + is effectively a whitelist for environment variables. If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, any variables not explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are @@ -456,8 +460,8 @@ FFIILLEESS _/_v_a_r_/_a_d_m_/_s_u_d_o Directory containing time stamps - _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on Linux and - AIX + _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on AIX and + Linux systems EEXXAAMMPPLLEESS Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries. @@ -547,4 +551,4 @@ DDIISSCCLLAAIIMMEERR -1.7.9 January 12, 2012 SUDO(1m) +1.7.10 May 23, 2012 SUDO(1m) diff --git a/sudo.man.in b/sudo.man.in index bfd9e6bec..efb7b9e37 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "May 23, 2012" "1.7.10" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -528,12 +528,16 @@ unreachable. .PP There are two distinct ways to deal with environment variables. By default, the \fIenv_reset\fR \fIsudoers\fR option is enabled. This causes -commands to be executed with a minimal environment containing the -\&\f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, -\&\f(CW\*(C`USERNAME\*(C'\fR and \f(CW\*(C`SUDO_*\*(C'\fR variables in addition to variables from -the invoking process permitted by the \fIenv_check\fR and \fIenv_keep\fR -\&\fIsudoers\fR options. This is effectively a whitelist for environment -variables. +commands to be executed with a new, minimal environment containing. +On \s-1AIX\s0 (and Linux systems without \s-1PAM\s0), the environment is initialized +with the contents of the \fI/etc/environment\fR file. On \s-1BSD\s0 systems, +if the \fIuse_loginclass\fR option is enabled, the environment is +initialized based on the \fIpath\fR and \fIsetenv\fR settings in +\&\fI/etc/login.conf\fR. The new environment contains the \f(CW\*(C`TERM\*(C'\fR, +\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, \f(CW\*(C`USERNAME\*(C'\fR +and \f(CW\*(C`SUDO_*\*(C'\fR variables in addition to variables from the invoking +process permitted by the \fIenv_check\fR and \fIenv_keep\fR options. This +is effectively a whitelist for environment variables. .PP If, however, the \fIenv_reset\fR option is disabled in \fIsudoers\fR, any variables not explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR @@ -694,7 +698,7 @@ List of who can run what Directory containing time stamps .IP "\fI/etc/environment\fR" 24 .IX Item "/etc/environment" -Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0 +Initial environment for \fB\-i\fR mode on \s-1AIX\s0 and Linux systems .SH "EXAMPLES" .IX Header "EXAMPLES" Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries. diff --git a/sudoers.cat b/sudoers.cat index 6e46dae8f..6c1c8f5ae 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -105,11 +105,11 @@ DDEESSCCRRIIPPTTIIOONN implementation. For instance, the QAS AD backend supports the following formats: - +o Group in the same domain: "Group Name" + o Group in the same domain: "Group Name" - +o Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN" + o Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN" - +o Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567" + o Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567" Note that quotes around group names are optional. Unquoted strings must use a backslash (\) to escape spaces and special characters. See @@ -1483,4 +1483,4 @@ DDIISSCCLLAAIIMMEERR -1.7.9 January 12, 2012 SUDOERS(4) +1.7.10 May 23, 2012 SUDOERS(4) diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index 17a61cabc..0d686bba9 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -12,25 +12,25 @@ DDEESSCCRRIIPPTTIIOONN Using LDAP for _s_u_d_o_e_r_s has several benefits: - +o ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety. When LDAP is + o ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety. When LDAP is used, there are only two or three LDAP queries per invocation. This makes it especially fast and particularly usable in LDAP environments. - +o ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not + o ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not possible to load LDAP data into the server that does not conform to the sudoers schema, so proper syntax is guaranteed. It is still possible to have typos in a user or host name, but this will not prevent ssuuddoo from running. - +o It is possible to specify per-entry options that override the + o It is possible to specify per-entry options that override the global default options. _/_e_t_c_/_s_u_d_o_e_r_s only supports default options and limited options associated with user/host/commands/aliases. The syntax is complicated and can be difficult for users to understand. Placing the options directly in the entry is more natural. - +o The vviissuuddoo program is no longer needed. vviissuuddoo provides locking + o The vviissuuddoo program is no longer needed. vviissuuddoo provides locking and syntax checking of the _/_e_t_c_/_s_u_d_o_e_r_s file. Since LDAP updates are atomic, locking is no longer necessary. Because syntax is checked when the data is inserted into LDAP, there is no need for a @@ -746,4 +746,4 @@ DDIISSCCLLAAIIMMEERR -1.7.9 January 12, 2012 SUDOERS.LDAP(4) +1.7.10 May 23, 2012 SUDOERS.LDAP(4) diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index 7bea97f7d..1ae436998 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -140,7 +140,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "May 23, 2012" "1.7.10" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoers.man.in b/sudoers.man.in index 1247c0c2f..5d0a324b2 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "May 23, 2012" "1.7.10" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoreplay.cat b/sudoreplay.cat index be7a1e8dd..8daca0c1a 100644 --- a/sudoreplay.cat +++ b/sudoreplay.cat @@ -50,10 +50,11 @@ OOPPTTIIOONNSS -l [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n] Enable "list mode". In this mode, ssuuddoorreeppllaayy will list - available session IDs. If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is - specified, it will be used to restrict the IDs that are - displayed. An expression is composed of the following - predicates: + available sessions in a format similar to the ssuuddoo log file + format, sorted by file name (or sequence number). If a + _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is specified, it will be used to restrict + the IDs that are displayed. An expression is composed of + the following predicates: command _c_o_m_m_a_n_d _p_a_t_t_e_r_n Evaluates to true if the command run matches @@ -255,4 +256,4 @@ DDIISSCCLLAAIIMMEERR -1.7.9 January 12, 2012 SUDOREPLAY(1m) +1.7.10 May 23, 2012 SUDOREPLAY(1m) diff --git a/sudoreplay.man.in b/sudoreplay.man.in index 649e7d161..30851de8c 100644 --- a/sudoreplay.man.in +++ b/sudoreplay.man.in @@ -139,7 +139,7 @@ .\" ======================================================================== .\" .IX Title "SUDOREPLAY @mansectsu@" -.TH SUDOREPLAY @mansectsu@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS" +.TH SUDOREPLAY @mansectsu@ "May 23, 2012" "1.7.10" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -194,9 +194,10 @@ help message to the standard output and exit. .IP "\-l [\fIsearch expression\fR]" 12 .IX Item "-l [search expression]" Enable \*(L"list mode\*(R". In this mode, \fBsudoreplay\fR will list available -session IDs. If a \fIsearch expression\fR is specified, it will be -used to restrict the IDs that are displayed. An expression is -composed of the following predicates: +sessions in a format similar to the \fBsudo\fR log file format, sorted +by file name (or sequence number). If a \fIsearch expression\fR is +specified, it will be used to restrict the IDs that are displayed. +An expression is composed of the following predicates: .RS 12 .IP "command \fIcommand pattern\fR" 8 .IX Item "command command pattern" diff --git a/visudo.cat b/visudo.cat index 15541706d..804a26d18 100644 --- a/visudo.cat +++ b/visudo.cat @@ -143,4 +143,4 @@ DDIISSCCLLAAIIMMEERR -1.7.9 January 12, 2012 VISUDO(1m) +1.7.10 May 23, 2012 VISUDO(1m) diff --git a/visudo.man.in b/visudo.man.in index a1cc1db5f..08493748d 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "May 23, 2012" "1.7.10" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l -- 2.40.0