From a11c148681d71ea39666076978c9df138c0ee9ab Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 22 Jun 1999 10:38:39 +0000 Subject: [PATCH] typos --- UPGRADE | 2 +- sudoers.cat | 118 ++++++++++++++++++++++++++-------------------------- sudoers.man | 34 ++++++++++----- sudoers.pod | 9 ++++ 4 files changed, 92 insertions(+), 71 deletions(-) diff --git a/UPGRADE b/UPGRADE index 1b15c0547..ba2bea7b2 100644 --- a/UPGRADE +++ b/UPGRADE @@ -26,7 +26,7 @@ o Upgrading from a version prior to 1.6: millert can run /usr/bin/whoami as daemon and /bin/ls and /sbin/dump as root. No password need be given for either - command. In other words, the "(root)" sets the dfault runas + command. In other words, the "(root)" sets the default runas user to root for the rest of the list. If we wanted to require a password for /bin/ls and /sbin/dump the line could be written thusly: diff --git a/sudoers.cat b/sudoers.cat index 207b6cfff..9adeec73b 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN -7/Apr/99 1.6 1 +22/Jun/1999 1.6 1 @@ -103,31 +103,31 @@ sudoers(5) FILE FORMATS sudoers(5) When a _r_u_n_a_s_-_l_i_s_t is specified for an _a_c_c_e_s_s___g_r_o_u_p, it affects all commands in the _a_c_c_e_s_s___g_r_o_u_p. For example, given: + oper bigserver = (root, sysadm) /usr/bin/kill, /bin/rm + User oper will be able to run /usr/bin/kill and /bin/rm as rrrrooooooootttt or ssssyyyyssssaaaaddddmmmm on the machine, bigserver. The _r_u_n_a_s_-_l_i_s_t is "sticky" across entries in the comma-separated _a_c_c_e_s_s___g_r_o_u_p. You can override the _r_u_n_a_s_-_l_i_s_t with another one, at which point the new _r_u_n_a_s_-_l_i_s_t becomes the default for that _a_c_c_e_s_s___g_r_o_u_p. For example, given: - oper bigserver = (root, sysadm) /usr/bin/kill, (root) - /bin/rm, \ /bin/rmdir User oper can still run - /usr/bin/kill as rrrrooooooootttt or ssssyyyyssssaaaaddddmmmm but can only run /bin/rm - and /bin/rmdir as rrrrooooooootttt. + + oper bigserver = (root, sysadm) /usr/bin/kill, (root) /bin/rm, \ + /bin/rmdir + + User oper can still run /usr/bin/kill as rrrrooooooootttt or ssssyyyyssssaaaaddddmmmm + but can only run /bin/rm and /bin/rmdir as rrrrooooooootttt. Similarly, the NNNNOOOOPPPPAAAASSSSSSSSWWWWDDDD modifier is also persistent across an _a_c_c_e_s_s___g_r_o_u_p. For example given: - oper bigserver = NOPASSWD: /usr/bin/kill, /bin/rm, - /bin/rmdir User oper will be able to run /usr/bin/kill, - /bin/rm, and /bin/rmdir as rrrrooooooootttt without a password. If we - change that to: - oper bigserver = NOPASSWD: /usr/bin/kill, PASSWD: - /bin/rm, /bin/rmdir User oper can still run /usr/bin/kill - without a password but must give a password to run /bin/rm + + oper bigserver = NOPASSWD: /usr/bin/kill, /bin/rm, /bin/rmdir + -7/Apr/99 1.6 2 +22/Jun/1999 1.6 2 @@ -136,7 +136,14 @@ sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5) - and /bin/rmdir. + User oper will be able to run /usr/bin/kill, /bin/rm, and + /bin/rmdir as rrrrooooooootttt without a password. If we change that + to: + + oper bigserver = NOPASSWD: /usr/bin/kill, PASSWD: /bin/rm, /bin/rmdir + + User oper can still run /usr/bin/kill without a password + but must give a password to run /bin/rm and /bin/rmdir. wwwwiiiillllddddccccaaaarrrrddddssss ((((aaaakkkkaaaa mmmmeeeettttaaaa cccchhhhaaaarrrraaaacccctttteeeerrrrssss)))):::: @@ -183,17 +190,10 @@ sudoers(5) FILE FORMATS sudoers(5) {Host,User,Cmnd}_Alias. DDDDOOOO NNNNOOOOTTTT define an alias of _A_L_L, it will NNNNOOOOTTTT be used. Note that _A_L_L implies the entire universe of hosts/users/commands. You can subtract - elements from the universe by using the syntax: - user host=ALL,!ALIAS1,!/sbin/halt... - Commands may have optional command line arguments. If - they do, then the arguments in the _s_u_d_o_e_r_s file must - exactly match those on the command line. It is also - possible to have a command's arguments span multiple lines - -7/Apr/99 1.6 3 +22/Jun/1999 1.6 3 @@ -202,6 +202,14 @@ sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5) + elements from the universe by using the syntax: + + user host=ALL,!ALIAS1,!/sbin/halt... + + Commands may have optional command line arguments. If + they do, then the arguments in the _s_u_d_o_e_r_s file must + exactly match those on the command line. It is also + possible to have a command's arguments span multiple lines as long as the line continuance character "\" is used. The following characters must be escaped with a "\" if used in command arguments: ",", ":", "=", "\". @@ -245,21 +253,13 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS steve CSNETS=(operator) /usr/op_commands/ - HHHHoooosssstttt AAAAlllliiiiaaaassss ssssppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnnssss:::: - The are four _h_o_s_t _a_l_i_a_s_e_s. The first actually contains - two _a_l_i_a_s_e_s. It sets HUB to be houdini and REMOTE to the - three machines merlin, kodiakthorn and spirit. Similarly, - SERVERS is set to the machines houdini, merlin, - kodiakthorn and spirit. The CSNETS alias will match any - host on the 128.138.243.0, 128.138.204.0, or - 128.138.205.192 nets. The CUNETS alias will match any - host on the 128.138.0.0 (class B) network. Note that - these are nnnneeeettttwwwwoooorrrrkkkk addresses, not ip addresses. Unless an -7/Apr/99 1.6 4 + + +22/Jun/1999 1.6 4 @@ -268,6 +268,17 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS sudoers(5) FILE FORMATS sudoers(5) + HHHHoooosssstttt AAAAlllliiiiaaaassss ssssppppeeeecccciiiiffffiiiiccccaaaattttiiiioooonnnnssss:::: + + The are four _h_o_s_t _a_l_i_a_s_e_s. The first actually contains + two _a_l_i_a_s_e_s. It sets HUB to be houdini and REMOTE to the + three machines merlin, kodiakthorn and spirit. Similarly, + SERVERS is set to the machines houdini, merlin, + kodiakthorn and spirit. The CSNETS alias will match any + host on the 128.138.243.0, 128.138.204.0, or + 128.138.205.192 nets. The CUNETS alias will match any + host on the 128.138.0.0 (class B) network. Note that + these are nnnneeeettttwwwwoooorrrrkkkk addresses, not ip addresses. Unless an explicit netmask is given, the local _n_e_t_m_a_s_k is used to determine whether or not the current host belongs to a network. @@ -310,22 +321,11 @@ sudoers(5) FILE FORMATS sudoers(5) root on the machines on CUNETS (which is explicitly listed as a class B network). - nieusma The user nieusma may run commands in the - SHUTDOWN alias as well as _/_s_b_i_n_/_r_e_b_o_o_t on - the SERVER machines and any command except - those in the SHELLS alias on the HUB - machines. - - jill The user jill may run /sbin/shutdown -h - now or /sbin/shutdown -r now as well as - the commands in the MISC alias on houdini. - markm The user markm may run any command on the - HUB machines except _/_s_b_i_n_/_s_h_u_t_d_o_w_n, -7/Apr/99 1.6 5 +22/Jun/1999 1.6 5 @@ -334,6 +334,18 @@ sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5) + nieusma The user nieusma may run commands in the + SHUTDOWN alias as well as _/_s_b_i_n_/_r_e_b_o_o_t on + the SERVER machines and any command except + those in the SHELLS alias on the HUB + machines. + + jill The user jill may run /sbin/shutdown -h + now or /sbin/shutdown -r now as well as + the commands in the MISC alias on houdini. + + markm The user markm may run any command on the + HUB machines except _/_s_b_i_n_/_s_h_u_t_d_o_w_n, _/_s_b_i_n_/_h_a_l_t, and commands listed in the MISC alias. @@ -379,19 +391,7 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO - - - - - - - - - - - - -7/Apr/99 1.6 6 +22/Jun/1999 1.6 6 @@ -457,6 +457,6 @@ sudoers(5) FILE FORMATS sudoers(5) -7/Apr/99 1.6 7 +22/Jun/1999 1.6 7 diff --git a/sudoers.man b/sudoers.man index b332be7ab..18aa96893 100644 --- a/sudoers.man +++ b/sudoers.man @@ -2,10 +2,8 @@ ''' $RCSfile$$Revision$$Date$ ''' ''' $Log$ -''' Revision 1.9 1999/04/07 23:18:51 millert -''' You can now specifiy a host list instead of just a host or alias. -''' Ie: user = host1,host2,ALIAS,!host3 my_command -''' now works. +''' Revision 1.10 1999/06/22 10:38:38 millert +''' typos ''' ''' .de Sh @@ -98,7 +96,7 @@ .nr % 0 .rr F .\} -.TH sudoers 5 "1.6" "7/Apr/99" "FILE FORMATS" +.TH sudoers 5 "1.6" "22/Jun/1999" "FILE FORMATS" .UC .if n .hy 0 .if n .na @@ -274,24 +272,36 @@ will be allowed to run the command. .Sh "persistence of modifiers" When a \fIrunas-list\fR is specified for an \fIaccess_group\fR, it affects all commands in the \fIaccess_group\fR. For example, given: - oper bigserver = (root, sysadm) /usr/bin/kill, /bin/rm +.PP +.Vb 1 +\& oper bigserver = (root, sysadm) /usr/bin/kill, /bin/rm +.Ve User \f(CWoper\fR will be able to run \f(CW/usr/bin/kill\fR and \f(CW/bin/rm\fR as \fBroot\fR or \fBsysadm\fR on the machine, \f(CWbigserver\fR. The \fIrunas-list\fR is \*(L"sticky\*(R" across entries in the comma-separated \fIaccess_group\fR. You can override the \fIrunas-list\fR with another one, at which point the new \fIrunas-list\fR becomes the default for that \fIaccess_group\fR. For example, given: - oper bigserver = (root, sysadm) /usr/bin/kill, (root) /bin/rm, \e - /bin/rmdir +.PP +.Vb 2 +\& oper bigserver = (root, sysadm) /usr/bin/kill, (root) /bin/rm, \e +\& /bin/rmdir +.Ve User \f(CWoper\fR can still run \f(CW/usr/bin/kill\fR as \fBroot\fR or \fBsysadm\fR but can only run \f(CW/bin/rm\fR and \f(CW/bin/rmdir\fR as \fBroot\fR. .PP Similarly, the \fB\s-1NOPASSWD\s0\fR modifier is also persistent across an \fIaccess_group\fR. For example given: - oper bigserver = \s-1NOPASSWD\s0: /usr/bin/kill, /bin/rm, /bin/rmdir +.PP +.Vb 1 +\& oper bigserver = NOPASSWD: /usr/bin/kill, /bin/rm, /bin/rmdir +.Ve User \f(CWoper\fR will be able to run \f(CW/usr/bin/kill\fR, \f(CW/bin/rm\fR, and \f(CW/bin/rmdir\fR as \fBroot\fR without a password. If we change that to: - oper bigserver = \s-1NOPASSWD\s0: /usr/bin/kill, \s-1PASSWD\s0: /bin/rm, /bin/rmdir +.PP +.Vb 1 +\& oper bigserver = NOPASSWD: /usr/bin/kill, PASSWD: /bin/rm, /bin/rmdir +.Ve User \f(CWoper\fR can still run \f(CW/usr/bin/kill\fR without a password but must give a password to run \f(CW/bin/rm\fR and \f(CW/bin/rmdir\fR. .Sh "wildcards (aka meta characters):" @@ -331,8 +341,10 @@ The reserved alias \fI\s-1ALL\s0\fR can be used for both {Host,User,Cmnd}_Alias. \fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used. Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands. You can subtract elements from the universe by using the syntax: - user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/sbin/halt... .PP +.Vb 1 +\& user host=ALL,!ALIAS1,!/sbin/halt... +.Ve Commands may have optional command line arguments. If they do, then the arguments in the \fIsudoers\fR file must exactly match those on the command line. It is also possible to have a command's diff --git a/sudoers.pod b/sudoers.pod index c003c8e56..deb901c55 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -77,24 +77,32 @@ will be allowed to run the command. When a I is specified for an I, it affects all commands in the I. For example, given: + oper bigserver = (root, sysadm) /usr/bin/kill, /bin/rm + User C will be able to run C and C as B or B on the machine, C. The I is "sticky" across entries in the comma-separated I. You can override the I with another one, at which point the new I becomes the default for that I. For example, given: + oper bigserver = (root, sysadm) /usr/bin/kill, (root) /bin/rm, \ /bin/rmdir + User C can still run C as B or B but can only run C and C as B. Similarly, the B modifier is also persistent across an I. For example given: + oper bigserver = NOPASSWD: /usr/bin/kill, /bin/rm, /bin/rmdir + User C will be able to run C, C, and C as B without a password. If we change that to: + oper bigserver = NOPASSWD: /usr/bin/kill, PASSWD: /bin/rm, /bin/rmdir + User C can still run C without a password but must give a password to run C and C. @@ -160,6 +168,7 @@ The reserved alias I can be used for both {Host,User,Cmnd}_Alias. B define an alias of I, it will B be used. Note that I implies the entire universe of hosts/users/commands. You can subtract elements from the universe by using the syntax: + user host=ALL,!ALIAS1,!/sbin/halt... Commands may have optional command line arguments. If they do, -- 2.40.0