From 7c9aaa2f2fb2cdd4bca8ce3bcf4a5981dcb21617 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 25 Apr 2013 15:11:06 -0400
Subject: [PATCH] Document that sudoers will re-use existing I/O log paths
 unless they are mktemp-style with trailing X's.

---
 doc/sudoers.cat     | 10 ++++++++++
 doc/sudoers.man.in  | 19 +++++++++++++++++++
 doc/sudoers.mdoc.in | 19 +++++++++++++++++++
 3 files changed, 48 insertions(+)

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 2dd5eedf1..270e0c97e 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1337,6 +1337,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        unique combination of digits and letters, similar to
                        the mktemp(3) function.
 
+                       If the path created by concatenating _i_o_l_o_g___d_i_r and
+                       _i_o_l_o_g___f_i_l_e already exists, the existing I/O log file
+                       will be truncated and overwritten unless _i_o_l_o_g___f_i_l_e
+                       ends in six or more Xs.
+
      limitprivs        The default Solaris limit privileges to use when
                        constructing a new privilege set for a command.  This
                        bounds all privileges of the executing process.  The
@@ -1358,6 +1363,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        truncated to 2176782336.  The default value is
                        2176782336.
 
+                       Once the local sequence number reaches the value of
+                       _m_a_x_s_e_q, it will ``roll over'' to zero, after which
+                       ssuuddooeerrss will truncate and re-use any existing I/O log
+                       pathnames.
+
                        This setting is only supported by version 1.8.7 or
                        higher.
 
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 7e5c4042d..2c30be677 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -2782,6 +2782,17 @@ will have the
 replaced with a unique combination of digits and letters, similar to the
 mktemp(3)
 function.
+.sp
+If the path created by concatenating
+\fIiolog_dir\fR
+and
+\fIiolog_file\fR
+already exists, the existing I/O log file will be truncated and
+overwritten unless
+\fIiolog_file\fR
+ends in six or
+more
+\fRX\fRs.
 .PD
 .TP 18n
 limitprivs
@@ -2821,6 +2832,14 @@ base 36 sequence number
 will be silently truncated to 2176782336.
 The default value is 2176782336.
 .sp
+Once the local sequence number reaches the value of
+\fImaxseq\fR,
+it will
+``roll over''
+to zero, after which
+\fBsudoers\fR
+will truncate and re-use any existing I/O log pathnames.
+.sp
 This setting is only supported by version 1.8.7 or higher.
 .TP 18n
 noexec_file
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 9539afbeb..c02623552 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -2598,6 +2598,17 @@ will have the
 replaced with a unique combination of digits and letters, similar to the
 .Xr mktemp 3
 function.
+.Pp
+If the path created by concatenating
+.Em iolog_dir
+and
+.Em iolog_file
+already exists, the existing I/O log file will be truncated and
+overwritten unless
+.Em iolog_file
+ends in six or
+more
+.Li X Ns No s .
 .It limitprivs
 The default Solaris limit privileges to use when constructing a new
 privilege set for a command.
@@ -2633,6 +2644,14 @@ base 36 sequence number
 will be silently truncated to 2176782336.
 The default value is 2176782336.
 .Pp
+Once the local sequence number reaches the value of
+.Em maxseq ,
+it will
+.Dq roll over
+to zero, after which
+.Nm sudoers
+will truncate and re-use any existing I/O log pathnames.
+.Pp
 This setting is only supported by version 1.8.7 or higher.
 .It noexec_file
 As of
-- 
2.40.0