From c0773d037ab2b328628ac636f05eace7515333b4 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 3 Mar 2008 00:27:07 +0000 Subject: [PATCH] regen --- sudo.cat | 194 +++++++++++++++++------------------ sudo.man.in | 27 +++-- sudoers.cat | 258 +++++++++++++++++++++++------------------------ sudoers.ldap.cat | 28 ++--- sudoers.man.in | 12 ++- visudo.cat | 10 +- 6 files changed, 277 insertions(+), 252 deletions(-) diff --git a/sudo.cat b/sudo.cat index 103731e62..e777d93f0 100644 --- a/sudo.cat +++ b/sudo.cat @@ -1,7 +1,7 @@ -SUDO(8) MAINTENANCE COMMANDS SUDO(8) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) NNAAMMEE @@ -10,13 +10,13 @@ NNAAMMEE SSYYNNOOPPSSIISS ssuuddoo --hh | --KK | --kk | --LL | --VV | --vv - ssuuddoo --ll[[ll]] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [_c_o_m_- - _m_a_n_d] + ssuuddoo --ll[[ll]] [--AASS] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] + [_c_o_m_m_a_n_d] - ssuuddoo [--bbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] + ssuuddoo [--AAbbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [{--ii | --ss] [<_c_o_m_m_a_n_d}] - ssuuddooeeddiitt [--SS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] + ssuuddooeeddiitt [--AASS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] file ... DDEESSCCRRIIPPTTIIOONN @@ -61,13 +61,13 @@ DDEESSCCRRIIPPTTIIOONN -1.7 February 18, 2008 1 +1.7 March 2, 2008 1 -SUDO(8) MAINTENANCE COMMANDS SUDO(8) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) via _s_y_s_l_o_g(3) but this is changeable at configure time or via the _s_u_d_o_- @@ -76,6 +76,14 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) OOPPTTIIOONNSS ssuuddoo accepts the following command line options: + -A Normally, if ssuuddoo requires a password, it will read it from + the current terminal. If the --AA (_a_s_k_p_a_s_s) option is speci- + fied, a helper program is executed to read the user's pass- + word and output the password to the standard output. If + the SUDO_ASKPASS environment variable is set, it specifies + the path to the helper program. Otherwise, the value spec- + ified by the _a_s_k_p_a_s_s option in _s_u_d_o_e_r_s(4) is used. + -a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the specified authentication type when validating the user, as allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The system administrator may @@ -94,7 +102,7 @@ OOPPTTIIOONNSS starting point above the standard error (file descriptor three). Values less than three are not permitted. This option is only available if the administrator has enabled - the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(5). + the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(4). -c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified com- mand with resources limited by the specified login class. @@ -109,33 +117,33 @@ OOPPTTIIOONNSS login classes. -E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will override the - _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(5)). It is only available when + _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)). It is only available when either the matching command has the SETENV tag or the - _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s(5). + _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s(4). -e The --ee (_e_d_i_t) option indicates that, instead of running a command, the user wishes to edit one or more files. In - lieu of a command, the string "sudoedit" is used when con- - sulting the _s_u_d_o_e_r_s file. If the user is authorized by - _s_u_d_o_e_r_s the following steps are taken: + lieu of a command, the string "sudoedit" is used when - 1. Temporary copies are made of the files to be edited - with the owner set to the invoking user. - 2. The editor specified by the VISUAL or EDITOR environ- - ment variables is run to edit the temporary files. If +1.7 March 2, 2008 2 -1.7 February 18, 2008 2 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(8) MAINTENANCE COMMANDS SUDO(8) + consulting the _s_u_d_o_e_r_s file. If the user is authorized by + _s_u_d_o_e_r_s the following steps are taken: + 1. Temporary copies are made of the files to be edited + with the owner set to the invoking user. + 2. The editor specified by the VISUAL or EDITOR environ- + ment variables is run to edit the temporary files. If neither VISUAL nor EDITOR are set, the program listed in the _e_d_i_t_o_r _s_u_d_o_e_r_s variable is used. @@ -163,15 +171,15 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) -H The --HH (_H_O_M_E) option sets the HOME environment variable to the homedir of the target user (root by default) as speci- - fied in _p_a_s_s_w_d(5). By default, ssuuddoo does not modify HOME - (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(5)). + fied in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify HOME + (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)). -h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message and exit. -i [command] The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell spec- - ified in the _p_a_s_s_w_d(5) entry of the target user as a login + ified in the _p_a_s_s_w_d(4) entry of the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a com- mand is specified, it is passed to the shell for execution. @@ -183,25 +191,24 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) on Linux and AIX systems. All other environment variables are removed. - -K The --KK (sure _k_i_l_l) option is like --kk except that it removes - the user's timestamp entirely. Like --kk, this option does - not require a password. - - -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's times- - tamp by setting the time on it to the Epoch. The next time - ssuuddoo is run a password will be required. This option does +1.7 March 2, 2008 3 -1.7 February 18, 2008 3 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(8) MAINTENANCE COMMANDS SUDO(8) + -K The --KK (sure _k_i_l_l) option is like --kk except that it removes + the user's timestamp entirely. Like --kk, this option does + not require a password. + -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's times- + tamp by setting the time on it to the Epoch. The next time + ssuuddoo is run a password will be required. This option does not require a password and was added to allow a user to revoke ssuuddoo permissions from a .logout file. @@ -250,28 +257,28 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) %% two consecutive % characters are collapsed into a sin- gle % character - The prompt specified by the --pp option will override the - system password prompt on systems that support PAM unless - the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. - -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from - the standard input instead of the terminal device. +1.7 March 2, 2008 4 -1.7 February 18, 2008 4 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(8) MAINTENANCE COMMANDS SUDO(8) + The prompt specified by the --pp option will override the + system password prompt on systems that support PAM unless + the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s. + -S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from + the standard input instead of the terminal device. -s [command] The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set or the shell as specified - in _p_a_s_s_w_d(5). If a command is specified, it is passed to + in _p_a_s_s_w_d(4). If a command is specified, it is passed to the shell for execution. Otherwise, an interactive shell is executed. @@ -285,7 +292,7 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as a _u_i_d, many shells require that the '#' be escaped with a back- slash ('\'). Note that if the _t_a_r_g_e_t_p_w Defaults option is - set (see _s_u_d_o_e_r_s(5)) it is not possible to run commands + set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands with a uid not listed in the password database. -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version @@ -311,29 +318,29 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) ables with one important exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would overwise be for- - bidden. See _s_u_d_o_e_r_s(5) for more information. + bidden. See _s_u_d_o_e_r_s(4) for more information. RREETTUURRNN VVAALLUUEESS Upon successful execution of a program, the return value from ssuuddoo will - simply be the return value of the program that was executed. - Otherwise, ssuuddoo quits with an exit value of 1 if there is a configura- - tion/permission problem or if ssuuddoo cannot execute the given command. - In the latter case the error string is printed to stderr. If ssuuddoo can- - not _s_t_a_t(2) one or more entries in the user's PATH an error is printed - on stderr. (If the directory does not exist or if it is not really a +1.7 March 2, 2008 5 -1.7 February 18, 2008 5 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(8) MAINTENANCE COMMANDS SUDO(8) + simply be the return value of the program that was executed. + Otherwise, ssuuddoo quits with an exit value of 1 if there is a configura- + tion/permission problem or if ssuuddoo cannot execute the given command. + In the latter case the error string is printed to stderr. If ssuuddoo can- + not _s_t_a_t(2) one or more entries in the user's PATH an error is printed + on stderr. (If the directory does not exist or if it is not really a directory, the entry is ignored and no error is printed.) This should not happen under normal circumstances. The most common reason for _s_t_a_t(2) to return "permission denied" is if you are running an auto- @@ -381,25 +388,25 @@ SSEECCUURRIITTYY NNOOTTEESS root or if it is writable by a user other than root. On systems that allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp directory is located in a directory writable by anyone (e.g., _/_t_m_p), it - is possible for a user to create the timestamp directory before ssuuddoo is - run. However, because ssuuddoo checks the ownership and mode of the direc- - tory and its contents, the only damage that can be done is to "hide" - files by putting them in the timestamp dir. This is unlikely to happen - since once the timestamp dir is owned by root and inaccessible by any - other user, the user placing files there would be unable to get them - back out. To get around this issue you can use a directory that is not -1.7 February 18, 2008 6 +1.7 March 2, 2008 6 -SUDO(8) MAINTENANCE COMMANDS SUDO(8) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + is possible for a user to create the timestamp directory before ssuuddoo is + run. However, because ssuuddoo checks the ownership and mode of the direc- + tory and its contents, the only damage that can be done is to "hide" + files by putting them in the timestamp dir. This is unlikely to happen + since once the timestamp dir is owned by root and inaccessible by any + other user, the user placing files there would be unable to get them + back out. To get around this issue you can use a directory that is not world-writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or cre- ate _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) and permissions (0700) in the system startup files. @@ -418,7 +425,7 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) when giving users access to commands via ssuuddoo to verify that the com- mand does not inadvertently give the user an effective root shell. For more information, please see the PREVENTING SHELL ESCAPES section in - _s_u_d_o_e_r_s(5). + _s_u_d_o_e_r_s(4). EENNVVIIRROONNMMEENNTT ssuuddoo utilizes the following environment variables: @@ -435,6 +442,10 @@ EENNVVIIRROONNMMEENNTT SHELL Used to determine shell to run with -s option + SUDO_ASKPASS Specifies the path to a helper program used to read the + password if no terminal is available or if the -A + option is specified. + SUDO_PROMPT Used as the default password prompt SUDO_COMMAND Set to the command run by sudo @@ -443,28 +454,29 @@ EENNVVIIRROONNMMEENNTT SUDO_UID Set to the uid of the user who invoked sudo - SUDO_GID Set to the gid of the user who invoked sudo - SUDO_PS1 If set, PS1 will be set to its value - USER Set to the target user (root unless the --uu option is - specified) - VISUAL Default editor to use in --ee (sudoedit) mode +1.7 March 2, 2008 7 -FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what -1.7 February 18, 2008 7 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + SUDO_GID Set to the gid of the user who invoked sudo + SUDO_PS1 If set, PS1 will be set to its value -SUDO(8) MAINTENANCE COMMANDS SUDO(8) + USER Set to the target user (root unless the --uu option is + specified) + VISUAL Default editor to use in --ee (sudoedit) mode + +FFIILLEESS + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps @@ -472,7 +484,7 @@ SUDO(8) MAINTENANCE COMMANDS SUDO(8) AIX EEXXAAMMPPLLEESS - Note: the following examples assume suitable _s_u_d_o_e_r_s(5) entries. + Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries. To get a file listing of an unreadable directory: @@ -498,7 +510,8 @@ EEXXAAMMPPLLEESS $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" SSEEEE AALLSSOO - _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(5), _s_u_d_o_e_r_s(5), _v_i_s_u_d_o(8) + _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(5), + _v_i_s_u_d_o(1m) AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this version consists @@ -507,30 +520,31 @@ AAUUTTHHOORRSS Todd C. Miller See the HISTORY file in the ssuuddoo distribution or visit - http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo. -CCAAVVEEAATTSS - There is no easy way to prevent a user from gaining a root shell if - that user is allowed to run arbitrary commands via ssuuddoo. Also, many - programs (such as editors) allow the user to run commands via shell - escapes, thus avoiding ssuuddoo's checks. However, on most systems it is - possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. - See the _s_u_d_o_e_r_s(5) manual for details. - It is not meaningful to run the cd command directly via sudo, e.g., - $ sudo cd /usr/local/protected +1.7 March 2, 2008 8 -1.7 February 18, 2008 8 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo. + +CCAAVVEEAATTSS + There is no easy way to prevent a user from gaining a root shell if + that user is allowed to run arbitrary commands via ssuuddoo. Also, many + programs (such as editors) allow the user to run commands via shell + escapes, thus avoiding ssuuddoo's checks. However, on most systems it is + possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. + See the _s_u_d_o_e_r_s(4) manual for details. -SUDO(8) MAINTENANCE COMMANDS SUDO(8) + It is not meaningful to run the cd command directly via sudo, e.g., + $ sudo cd /usr/local/protected since when the command exits the parent process (your shell) will still be the same. Please see the EXAMPLES section for more information. @@ -575,20 +589,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - - - - - - -1.7 February 18, 2008 9 +1.7 March 2, 2008 9 diff --git a/sudo.man.in b/sudo.man.in index 51b3984cf..66f6f3400 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -150,17 +150,17 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "February 18, 2008" "1.7" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "March 2, 2008" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR .PP -\&\fBsudo\fR \fB\-l[l]\fR [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR] +\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AS\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR] .PP -\&\fBsudo\fR [\fB\-bEHPS\fR] +\&\fBsudo\fR [\fB\-AbEHPS\fR] @BAMAN@[\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] @LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] @@ -169,7 +169,7 @@ sudo, sudoedit \- execute a command as another user [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}] .PP -\&\fBsudoedit\fR [\fB\-S\fR] +\&\fBsudoedit\fR [\fB\-AS\fR] @BAMAN@[\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] @LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] @@ -224,6 +224,15 @@ or via the \fIsudoers\fR file. .SH "OPTIONS" .IX Header "OPTIONS" \&\fBsudo\fR accepts the following command line options: +.IP "\-A" 12 +.IX Item "-A" +Normally, if \fBsudo\fR requires a password, it will read it from the +current terminal. If the \fB\-A\fR (\fIaskpass\fR) option is specified, +a helper program is executed to read the user's password and output +the password to the standard output. If the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR +environment variable is set, it specifies the path to the helper +program. Otherwise, the value specified by the \fIaskpass\fR option +in \fIsudoers\fR\|(@mansectform@) is used. @BAMAN@.IP "\-a \fItype\fR" 12 @BAMAN@.IX Item "-a type" @BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the @@ -567,6 +576,11 @@ Set to a sane value if the \fIsecure_path\fR sudoers option is set. .el .IP "\f(CW\*(C`SHELL\*(C'\fR" 16 .IX Item "SHELL" Used to determine shell to run with \f(CW\*(C`\-s\*(C'\fR option +.ie n .IP "\*(C`SUDO_ASKPASS\*(C'" 16 +.el .IP "\f(CW\*(C`SUDO_ASKPASS\*(C'\fR" 16 +.IX Item "SUDO_ASKPASS" +Specifies the path to a helper program used to read the password +if no terminal is available or if the \f(CW\*(C`\-A\*(C'\fR option is specified. .ie n .IP "\*(C`SUDO_PROMPT\*(C'" 16 .el .IP "\f(CW\*(C`SUDO_PROMPT\*(C'\fR" 16 .IX Item "SUDO_PROMPT" @@ -648,8 +662,9 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIpasswd\fR\|(@mansectform@), -\&\fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@) +\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), +@LCMAN@\&\fIlogin_cap\fR\|(3), +\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(5), \fIvisudo\fR\|(@mansectsu@) .SH "AUTHORS" .IX Header "AUTHORS" Many people have worked on \fBsudo\fR over the years; this diff --git a/sudoers.cat b/sudoers.cat index 19d5533ad..71f866eb0 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -1,7 +1,7 @@ -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) NNAAMMEE @@ -61,13 +61,13 @@ DDEESSCCRRIIPPTTIIOONN -1.7 February 18, 2008 1 +1.7 March 2, 2008 1 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Host_Alias ::= NAME '=' Host_List @@ -127,13 +127,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 2 +1.7 March 2, 2008 2 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Host ::= '!'* hostname | @@ -193,13 +193,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 3 +1.7 March 2, 2008 3 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) users on any host, all users on a specific host, a specific user, a @@ -259,13 +259,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 4 +1.7 March 2, 2008 4 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Let's break that down into its constituent parts: @@ -325,13 +325,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 5 +1.7 March 2, 2008 5 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Cmnd_Spec_List, inherit the tag unless it is overridden by the opposite @@ -391,13 +391,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 6 +1.7 March 2, 2008 6 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) WWiillddccaarrddss @@ -457,13 +457,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 7 +1.7 March 2, 2008 7 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss @@ -523,13 +523,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7 February 18, 2008 8 +1.7 March 2, 2008 8 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) env_editor If set, vviissuuddoo will use the value of the EDITOR or @@ -589,13 +589,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 9 +1.7 March 2, 2008 9 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) log_host If set, the hostname will be logged in the (non-syslog) @@ -655,13 +655,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 10 +1.7 March 2, 2008 10 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) normally only be used if the passwod prompt provided by @@ -721,13 +721,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 11 +1.7 March 2, 2008 11 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) setenv Allow the user to disable the _e_n_v___r_e_s_e_t option from the @@ -787,13 +787,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 12 +1.7 March 2, 2008 12 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) password before ssuuddoo logs the failure and exits. The @@ -853,13 +853,13 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) -1.7 February 18, 2008 13 +1.7 March 2, 2008 13 -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) environment variable. The following percent (`%') @@ -905,28 +905,40 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: - exempt_group - Users in this group are exempt from password and PATH - requirements. This is not set by default. + askpass The _a_s_k_p_a_s_s option specifies the fully-qualilfy path to a + helper program used to read the user's password when no + terminal is available. This may be the case when ssuuddoo is + executed from a graphical (as opposed to text-based) appli- + cation. The program specified by _a_s_k_p_a_s_s should display + the argument passed to it as the prompt and write the + user's password to the standard output. The value of + _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment + variable. - lecture This option controls when a short lecture will be printed - along with the password prompt. It has the following pos- - sible values: - always Always lecture the user. - never Never lecture the user. + + +1.7 March 2, 2008 14 -1.7 February 18, 2008 14 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + exempt_group + Users in this group are exempt from password and PATH + requirements. This is not set by default. + + lecture This option controls when a short lecture will be printed + along with the password prompt. It has the following pos- + sible values: -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) + always Always lecture the user. + never Never lecture the user. once Only lecture the user the first time they run ssuuddoo. @@ -970,29 +982,29 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) mailerpath Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. - mailto Address to send warning and error mail to. The address - should be enclosed in double quotes (") to protect against - ssuuddoo interpreting the @ sign. Defaults to root. - secure_path Path used for every command run from ssuuddoo. If you don't - trust the people running ssuuddoo to have a sane PATH environ- - ment variable you may want to use this. Another use is if - you want to have the "root path" be separate from the "user - path." Users in the group specified by the _e_x_e_m_p_t___g_r_o_u_p - option are not affected by _s_e_c_u_r_e___p_a_t_h. This is not set by - default. +1.7 March 2, 2008 15 -1.7 February 18, 2008 15 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) + mailto Address to send warning and error mail to. The address + should be enclosed in double quotes (") to protect against + ssuuddoo interpreting the @ sign. Defaults to root. + secure_path Path used for every command run from ssuuddoo. If you don't + trust the people running ssuuddoo to have a sane PATH environ- + ment variable you may want to use this. Another use is if + you want to have the "root path" be separate from the "user + path." Users in the group specified by the _e_x_e_m_p_t___g_r_o_u_p + option are not affected by _s_e_c_u_r_e___p_a_t_h. This is not set by + default. syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to local2. @@ -1036,6 +1048,18 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) environment variables to check is displayed when ssuuddoo is run by root with the _-_V option. + + + +1.7 March 2, 2008 16 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + env_delete Environment variables to be removed from the user's environment. The argument may be a double-quoted, space-separated list or a single value without dou- @@ -1048,18 +1072,6 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) from the environment of any setuid process (such as ssuuddoo). - - - -1.7 February 18, 2008 16 - - - - - -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) - - env_keep Environment variables to be preserved in the user's environment when the _e_n_v___r_e_s_e_t option is in effect. This allows fine-grained control over the environment @@ -1098,17 +1110,6 @@ EEXXAAMMPPLLEESS Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase - # Host alias specification - Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ - SGI = grolsch, dandelion, black :\ - ALPHA = widget, thalamus, foobar :\ - HPPA = boa, nag, python - Host_Alias CUNETS = 128.138.0.0/255.255.0.0 - Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 - Host_Alias SERVERS = master, mail, www, ns - Host_Alias CDROM = orion, perseus, hercules - - @@ -1116,15 +1117,24 @@ EEXXAAMMPPLLEESS +1.7 March 2, 2008 17 -1.7 February 18, 2008 17 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) + # Host alias specification + Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ + SGI = grolsch, dandelion, black :\ + ALPHA = widget, thalamus, foobar :\ + HPPA = boa, nag, python + Host_Alias CUNETS = 128.138.0.0/255.255.0.0 + Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 + Host_Alias SERVERS = master, mail, www, ns + Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ @@ -1170,27 +1180,28 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) FULLTIMERS ALL = NOPASSWD: ALL - Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on - any host without authenticating themselves. - PARTTIMERS ALL = ALL - Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on - any host but they must authenticate themselves first (since the entry - lacks the NOPASSWD tag). - jack CSNETS = ALL +1.7 March 2, 2008 18 -1.7 February 18, 2008 18 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on + any host without authenticating themselves. + + PARTTIMERS ALL = ALL -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) + Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on + any host but they must authenticate themselves first (since the entry + lacks the NOPASSWD tag). + jack CSNETS = ALL The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of @@ -1235,28 +1246,29 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) Users in the sseeccrreettaarriieess netgroup need to help manage the printers as well as add and remove users, so they are allowed to run those commands - on all machines. - fred ALL = (DB) NOPASSWD: ALL - The user ffrreedd can run commands as any user in the _D_B Runas_Alias (oorraa-- - ccllee or ssyybbaassee) without giving a password. - john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +1.7 March 2, 2008 19 - On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is - not allowed to give _s_u(1) any flags. -1.7 February 18, 2008 19 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + on all machines. + fred ALL = (DB) NOPASSWD: ALL + + The user ffrreedd can run commands as any user in the _D_B Runas_Alias (oorraa-- + ccllee or ssyybbaassee) without giving a password. -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) + john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* + On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is + not allowed to give _s_u(1) any flags. jen ALL, !SERVERS = ALL @@ -1301,6 +1313,17 @@ SSEECCUURRIITTYY NNOOTTEESS bill ALL = ALL, !SU, !SHELLS + + +1.7 March 2, 2008 20 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + Doesn't really prevent bbiillll from running the commands listed in _S_U or _S_H_E_L_L_S since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these @@ -1312,18 +1335,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass ssuuddoo's access control and logging. Common programs - - - -1.7 February 18, 2008 20 - - - - - -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) - - that permit shell escapes include shells (obviously), editors, pagina- tors, mail and terminal programs. @@ -1367,28 +1378,29 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see if LD_PRELOAD is supported. - To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as docu- - mented in the User Specification section above. Here is that - example again: - aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi - This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and _/_u_s_r_/_b_i_n_/_v_i - with _n_o_e_x_e_c enabled. This will prevent those two commands - from executing other commands (such as a shell). If you are - unsure whether or not your system is capable of supporting - _n_o_e_x_e_c you can always just try it out and see if it works. +1.7 March 2, 2008 21 -1.7 February 18, 2008 21 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) + To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as docu- + mented in the User Specification section above. Here is that + example again: + aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi + + This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and _/_u_s_r_/_b_i_n_/_v_i + with _n_o_e_x_e_c enabled. This will prevent those two commands + from executing other commands (such as a shell). If you are + unsure whether or not your system is capable of supporting + _n_o_e_x_e_c you can always just try it out and see if it works. Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations @@ -1397,7 +1409,7 @@ SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5) approach is to give the user permission to run ssuuddooeeddiitt. SSEEEE AALLSSOO - _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(8), _v_i_s_u_d_o(8) + _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which @@ -1435,18 +1447,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - - - - -1.7 February 18, 2008 22 +1.7 March 2, 2008 22 diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index 007b37e75..eac467157 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -1,7 +1,7 @@ -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) NNAAMMEE @@ -67,7 +67,7 @@ DDEESSCCRRIIPPTTIIOONN -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s. In the following @@ -133,7 +133,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) dn: cn=%wheel,ou=SUDOers,dc=example,dc=com @@ -199,7 +199,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) # LDAP equivalent of puddles @@ -251,7 +251,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) Typically, this file is shared amongst different LDAP-aware clients. As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from - those described in the _l_d_a_p_._c_o_n_f(5) manual. + those described in the _l_d_a_p_._c_o_n_f(4) manual. Also note that on systems using the OpenLDAP libraries, default values specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are @@ -265,7 +265,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) Only those options explicitly listed in _/_e_t_c_/_l_d_a_p_._c_o_n_f that are sup- @@ -331,7 +331,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) BBIINNDDDDNN DN @@ -397,7 +397,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) OpenLDAP libraries. @@ -463,7 +463,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SSAASSLL__SSEECCPPRROOPPSS none/properties @@ -529,7 +529,7 @@ EEXXAAMMPPLLEESS -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) # Either specify one or more URIs or one or more host:port pairs. @@ -595,7 +595,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) #tls_cacertfile /etc/certs/trusted_signers.pem @@ -661,7 +661,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) attributetype ( 1.3.6.1.4.1.15953.9.1.2 @@ -715,7 +715,7 @@ SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) SSEEEE AALLSSOO - _l_d_a_p_._c_o_n_f(5), _s_u_d_o_e_r_s(5) + _l_d_a_p_._c_o_n_f(4), _s_u_d_o_e_r_s(5) @@ -727,7 +727,7 @@ SSEEEE AALLSSOO -SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5) +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) CCAAVVEEAATTSS diff --git a/sudoers.man.in b/sudoers.man.in index 7803ef05b..41be6c5cb 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "February 18, 2008" "1.7" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "March 2, 2008" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -1026,6 +1026,16 @@ The default is \f(CW\*(C`root\*(C'\fR. @SEMAN@This option is only available whe \fBsudo\fR is built with SELinux support. .PP \&\fBStrings that can be used in a boolean context\fR: +.IP "askpass" 12 +.IX Item "askpass" +The \fIaskpass\fR option specifies the fully-qualilfy path to a helper +program used to read the user's password when no terminal is +available. This may be the case when \fBsudo\fR is executed from a +graphical (as opposed to text\-based) application. The program +specified by \fIaskpass\fR should display the argument passed to it +as the prompt and write the user's password to the standard output. +The value of \fIaskpass\fR may be overridden by the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR +environment variable. .IP "exempt_group" 12 .IX Item "exempt_group" Users in this group are exempt from password and \s-1PATH\s0 requirements. diff --git a/visudo.cat b/visudo.cat index 490036a98..3faffc3e5 100644 --- a/visudo.cat +++ b/visudo.cat @@ -1,7 +1,7 @@ -VISUDO(8) MAINTENANCE COMMANDS VISUDO(8) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) NNAAMMEE @@ -11,7 +11,7 @@ SSYYNNOOPPSSIISS vviissuuddoo [--cc] [--qq] [--ss] [--VV] [--ff _s_u_d_o_e_r_s] DDEESSCCRRIIPPTTIIOONN - vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(8). + vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m). vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, pro- vides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s file is currently being edited you will receive a message to try again @@ -67,7 +67,7 @@ OOPPTTIIOONNSS -VISUDO(8) MAINTENANCE COMMANDS VISUDO(8) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) combined with the --cc flag. @@ -119,7 +119,7 @@ DDIIAAGGNNOOSSTTIICCSS --ss (strict) mode this is an error, not a warning. SSEEEE AALLSSOO - _v_i(1), _s_u_d_o_e_r_s(5), _s_u_d_o(8), _v_i_p_w(8) + _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) AAUUTTHHOORR Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo @@ -133,7 +133,7 @@ AAUUTTHHOORR -VISUDO(8) MAINTENANCE COMMANDS VISUDO(8) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) Todd Miller -- 2.40.0