From ad9a51bd9d3462012db529be0db303552631687c Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sun, 9 Aug 2015 16:22:16 -0600
Subject: [PATCH] Document that sudo uses the real uid to map from uid to
 passwd file user name.

---
 doc/sudo.cat         | 6 ++++--
 doc/sudo.conf.cat    | 2 +-
 doc/sudo.conf.man.in | 2 +-
 doc/sudo.man.in      | 6 +++++-
 doc/sudo.mdoc.in     | 4 ++++
 5 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/doc/sudo.cat b/doc/sudo.cat
index 2b97e3790..17df9fd25 100644
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -16,7 +16,9 @@ SSYYNNOOPPSSIISS
 
 DDEESSCCRRIIPPTTIIOONN
      ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
-     another user, as specified by the security policy.
+     another user, as specified by the security policy.  The invoking user's
+     real (_n_o_t effective) user ID is used to determine the user name with
+     which to query the security policy.
 
      ssuuddoo supports a plugin architecture for security policies and
      input/output logging.  Third parties can develop and distribute their own
@@ -606,4 +608,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.15                     August 7, 2015                     Sudo 1.8.15
+Sudo 1.8.15                     August 9, 2015                     Sudo 1.8.15
diff --git a/doc/sudo.conf.cat b/doc/sudo.conf.cat
index 3f8246343..5ca2f30a4 100644
--- a/doc/sudo.conf.cat
+++ b/doc/sudo.conf.cat
@@ -410,4 +410,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.15                    December 4, 2014                    Sudo 1.8.15
+Sudo 1.8.15                     August 9, 2015                     Sudo 1.8.15
diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in
index d2b0257c5..7586b2fbf 100644
--- a/doc/sudo.conf.man.in
+++ b/doc/sudo.conf.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDO" "5" "December 4, 2014" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO" "5" "August 9, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
diff --git a/doc/sudo.man.in b/doc/sudo.man.in
index 3e032b44e..118177344 100644
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDO" "8" "August 7, 2015" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "8" "August 9, 2015" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -89,6 +89,10 @@ allows a permitted user to execute a
 \fIcommand\fR
 as the superuser or another user, as specified by the security
 policy.
+The invoking user's real
+(\fInot\fR
+effective) user ID is used to determine the user name with which
+to query the security policy.
 .PP
 \fBsudo\fR
 supports a plugin architecture for security policies and input/output
diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in
index 76ffeeee0..8cf2f22f3 100644
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -77,6 +77,10 @@ allows a permitted user to execute a
 .Ar command
 as the superuser or another user, as specified by the security
 policy.
+The invoking user's real
+.No ( Em not
+effective) user ID is used to determine the user name with which
+to query the security policy.
 .Pp
 .Nm
 supports a plugin architecture for security policies and input/output
-- 
2.40.0