From d1a43dbe38e08e88d8b7563552c77868971779d6 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 15 Nov 2008 18:34:26 +0000 Subject: [PATCH] regen --- sudo.cat | 42 +++++++++++----------- sudo.man.in | 26 +++++++------- sudoers.cat | 96 +++++++++++++++++++++++++------------------------- sudoers.man.in | 40 ++++++++++----------- visudo.cat | 10 +++--- visudo.man.in | 8 ++--- 6 files changed, 111 insertions(+), 111 deletions(-) diff --git a/sudo.cat b/sudo.cat index c4f2e7840..07290ee23 100644 --- a/sudo.cat +++ b/sudo.cat @@ -36,22 +36,22 @@ DDEESSCCRRIIPPTTIIOONN When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied. ssuuddoo determines who is an authorized user by consulting the file - _/_e_t_c_/_s_u_d_o_e_r_s. By giving ssuuddoo the --vv flag, a user can update the time - stamp without running a _c_o_m_m_a_n_d. The password prompt itself will also - time out if the user's password is not entered within 5 minutes (unless - overridden via _s_u_d_o_e_r_s). + _/_e_t_c_/_s_u_d_o_e_r_s. By running ssuuddoo with the --vv option, a user can update + the time stamp without running a _c_o_m_m_a_n_d. The password prompt itself + will also time out if the user's password is not entered within 5 + minutes (unless overridden via _s_u_d_o_e_r_s). If a user who is not listed in the _s_u_d_o_e_r_s file tries to run a command via ssuuddoo, mail is sent to the proper authorities, as defined at configure time or in the _s_u_d_o_e_r_s file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo - with the --ll or --vv flags. This allows users to determine for themselves - whether or not they are allowed to use ssuuddoo. + with the --ll or --vv option. This allows users to determine for + themselves whether or not they are allowed to use ssuuddoo. If ssuuddoo is run by root and the SUDO_USER environment variable is set, ssuuddoo will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell - has been invoked. It also allows the --ee flag to remain useful even + has been invoked. It also allows the --ee option to remain useful even when being run via a sudo-run script or program. Note however, that the sudoers lookup is still done for root, not the user specified by SUDO_USER. @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.0 October 24, 2008 1 +1.7.0 November 15, 2008 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7.0 October 24, 2008 2 +1.7.0 November 15, 2008 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.0 October 24, 2008 3 +1.7.0 November 15, 2008 3 @@ -229,7 +229,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) _s_u_d_o_e_r_s, the fully-qualified path to the command is displayed along with any command line arguments. If _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a - return value of 1. If the --ll flag is specified with an ll + status value of 1. If the --ll option is specified with an ll argument (i.e. --llll), or if --ll is specified multiple times, a longer list format is used. @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.0 October 24, 2008 4 +1.7.0 November 15, 2008 4 @@ -317,15 +317,15 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but does not run a command. - -- The ---- flag indicates that ssuuddoo should stop processing + -- The ---- option indicates that ssuuddoo should stop processing command line arguments. It is most useful in conjunction - with the --ss flag. + with the --ss option. Environment variables to be set for the command may also be passed on -1.7.0 October 24, 2008 5 +1.7.0 November 15, 2008 5 @@ -343,8 +343,8 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) forbidden. See _s_u_d_o_e_r_s(4) for more information. RREETTUURRNN VVAALLUUEESS - Upon successful execution of a program, the return value from ssuuddoo will - simply be the return value of the program that was executed. + Upon successful execution of a program, the exit status from ssuuddoo will + simply be the exit status of the program that was executed. Otherwise, ssuuddoo quits with an exit value of 1 if there is a configuration/permission problem or if ssuuddoo cannot execute the given @@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7.0 October 24, 2008 6 +1.7.0 November 15, 2008 6 @@ -457,7 +457,7 @@ EENNVVIIRROONNMMEENNTT -1.7.0 October 24, 2008 7 +1.7.0 November 15, 2008 7 @@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS -1.7.0 October 24, 2008 8 +1.7.0 November 15, 2008 8 @@ -589,6 +589,6 @@ DDIISSCCLLAAIIMMEERR -1.7.0 October 24, 2008 9 +1.7.0 November 15, 2008 9 diff --git a/sudo.man.in b/sudo.man.in index aa04489a4..73b06d01a 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "October 24, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "November 15, 2008" "1.7.0" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -202,17 +202,17 @@ When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below), is implied. .PP \&\fBsudo\fR determines who is an authorized user by consulting the file -\&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag, a user -can update the time stamp without running a \fIcommand\fR. The password -prompt itself will also time out if the user's password is not -entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via -\&\fIsudoers\fR). +\&\fI@sysconfdir@/sudoers\fR. By running \fBsudo\fR with the \fB\-v\fR option, +a user can update the time stamp without running a \fIcommand\fR. The +password prompt itself will also time out if the user's password +is not entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden +via \fIsudoers\fR). .PP If a user who is not listed in the \fIsudoers\fR file tries to run a command via \fBsudo\fR, mail is sent to the proper authorities, as defined at configure time or in the \fIsudoers\fR file (defaults to \&\f(CW\*(C`@mailto@\*(C'\fR). Note that the mail will not be sent if an unauthorized -user tries to run sudo with the \fB\-l\fR or \fB\-v\fR flags. This allows +user tries to run sudo with the \fB\-l\fR or \fB\-v\fR option. This allows users to determine for themselves whether or not they are allowed to use \fBsudo\fR. .PP @@ -220,7 +220,7 @@ If \fBsudo\fR is run by root and the \f(CW\*(C`SUDO_USER\*(C'\fR environment var is set, \fBsudo\fR will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the \fB\-e\fR -flag to remain useful even when being run via a sudo-run script or +option to remain useful even when being run via a sudo-run script or program. Note however, that the sudoers lookup is still done for root, not the user specified by \f(CW\*(C`SUDO_USER\*(C'\fR. .PP @@ -366,7 +366,7 @@ user specified by the \fB\-U\fR option) on the current host. If a \&\fIcommand\fR is specified and is permitted by \fIsudoers\fR, the fully-qualified path to the command is displayed along with any command line arguments. If \fIcommand\fR is specified but not allowed, -\&\fBsudo\fR will exit with a return value of 1. If the \fB\-l\fR flag is +\&\fBsudo\fR will exit with a status value of 1. If the \fB\-l\fR option is specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR is specified multiple times, a longer list format is used. .IP "\-n" 12 @@ -470,8 +470,8 @@ This extends the \fBsudo\fR timeout for another \f(CW\*(C`@timeout@\*(C'\fR minu (or whatever the timeout is set to in \fIsudoers\fR) but does not run a command. .IP "\-\-" 12 -The \fB\-\-\fR flag indicates that \fBsudo\fR should stop processing command -line arguments. It is most useful in conjunction with the \fB\-s\fR flag. +The \fB\-\-\fR option indicates that \fBsudo\fR should stop processing command +line arguments. It is most useful in conjunction with the \fB\-s\fR option. .PP Environment variables to be set for the command may also be passed on the command line in the form of \fB\s-1VAR\s0\fR=\fIvalue\fR, e.g. @@ -483,8 +483,8 @@ set or the command matched is \f(CW\*(C`ALL\*(C'\fR, the user may set variables that would overwise be forbidden. See \fIsudoers\fR\|(@mansectform@) for more information. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -Upon successful execution of a program, the return value from \fBsudo\fR -will simply be the return value of the program that was executed. +Upon successful execution of a program, the exit status from \fBsudo\fR +will simply be the exit status of the program that was executed. .PP Otherwise, \fBsudo\fR quits with an exit value of 1 if there is a configuration/permission problem or if \fBsudo\fR cannot execute the diff --git a/sudoers.cat b/sudoers.cat index a03d5e9bc..e76a4c10d 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.0 November 6, 2008 1 +1.7.0 November 15, 2008 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 2 +1.7.0 November 15, 2008 2 @@ -184,8 +184,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) (or match the wildcards if there are any). Note that the following characters must be escaped with a '\' if they are used in command arguments: ',', ':', '=', '\'. The special command "sudoedit" is used - to permit a user to run ssuuddoo with the --ee flag (or as ssuuddooeeddiitt). It may - take command line arguments just as a normal command does. + to permit a user to run ssuuddoo with the --ee option (or as ssuuddooeeddiitt). It + may take command line arguments just as a normal command does. @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 3 +1.7.0 November 15, 2008 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 4 +1.7.0 November 15, 2008 4 @@ -284,14 +284,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) run as. A fully-specified Runas_Spec consists of two Runas_Lists (as defined above) separated by a colon (':') and enclosed in a set of parentheses. The first Runas_List indicates which users the command - may be run as via ssuuddoo's --uu flag. The second defines a list of groups - that can be specified via ssuuddoo's --gg flag. If both Runas_Lists are - specified, the command may be run with any combination of users and + may be run as via ssuuddoo's --uu option. The second defines a list of + groups that can be specified via ssuuddoo's --gg option. If both Runas_Lists + are specified, the command may be run with any combination of users and groups listed in their respective Runas_Lists. If only the first is specified, the command may be run as any user in the list but no --gg - flag may be specified. If the first Runas_List is empty but the second - is specified, the command may be run as the invoking user with the - group set to any listed in the Runas_List. If no Runas_Spec is + option may be specified. If the first Runas_List is empty but the + second is specified, the command may be run as the invoking user with + the group set to any listed in the Runas_List. If no Runas_Spec is specified the command may be run as rroooott and no group may be specified. A Runas_Spec sets the default for the commands that follow it. What @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 5 +1.7.0 November 15, 2008 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 6 +1.7.0 November 15, 2008 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 7 +1.7.0 November 15, 2008 7 @@ -523,7 +523,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7.0 November 6, 2008 8 +1.7.0 November 15, 2008 8 @@ -535,7 +535,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) always_set_home If set, ssuuddoo will set the HOME environment variable to the home directory of the target user (which is root unless the --uu option is used). This effectively means - that the --HH flag is always implied. This flag is _o_f_f + that the --HH option is always implied. This flag is _o_f_f by default. authenticate If set, users must authenticate themselves via a @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 9 +1.7.0 November 15, 2008 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 10 +1.7.0 November 15, 2008 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 11 +1.7.0 November 15, 2008 11 @@ -730,15 +730,15 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - set_home If set and ssuuddoo is invoked with the --ss flag the HOME + set_home If set and ssuuddoo is invoked with the --ss option the HOME environment variable will be set to the home directory of the target user (which is root unless the --uu option - is used). This effectively makes the --ss flag imply --HH. - This flag is _o_f_f by default. + is used). This effectively makes the --ss option imply + --HH. This flag is _o_f_f by default. set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME environment variables to the name of the target user - (usually root unless the --uu flag is given). However, + (usually root unless the --uu option is given). However, since some programs (including the RCS revision control system) use LOGNAME to determine the real identity of the user, it may be desirable to change this behavior. @@ -756,7 +756,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) _o_f_f by default. shell_noargs If set and ssuuddoo is invoked with no arguments it acts as - if the --ss flag had been given. That is, it runs a + if the --ss option had been given. That is, it runs a shell as root (the shell is determined by the SHELL environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry @@ -774,10 +774,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) This flag is _o_f_f by default. targetpw If set, ssuuddoo will prompt for the password of the user - specified by the --uu flag (defaults to root) instead of - the password of the invoking user. Note that this + specified by the --uu option (defaults to root) instead + of the password of the invoking user. Note that this precludes the use of a uid not listed in the passwd - database as an argument to the --uu flag. This flag is + database as an argument to the --uu option. This flag is _o_f_f by default. tty_tickets If set, users must authenticate on a per-tty basis. @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 12 +1.7.0 November 15, 2008 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 13 +1.7.0 November 15, 2008 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 14 +1.7.0 November 15, 2008 14 @@ -928,7 +928,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - runas_default The default user to run commands as if the --uu flag is + runas_default The default user to run commands as if the --uu option is not specified on the command line. This defaults to root. Note that if _r_u_n_a_s___d_e_f_a_u_l_t is set it mmuusstt occur before any Runas_Alias specifications. @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 15 +1.7.0 November 15, 2008 15 @@ -1004,7 +1004,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) file exists. By default, ssuuddoo uses a built-in lecture. listpw This option controls when a password will be required when - a user runs ssuuddoo with the --ll flag. It has the following + a user runs ssuuddoo with the --ll option. It has the following possible values: all All the user's _s_u_d_o_e_r_s entries for the current host @@ -1012,14 +1012,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) password. always The user must always enter a password to use the --ll - flag. + option. any At least one of the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. never The user need never enter a password to use the --ll - flag. + option. If no value is specified, a value of _a_n_y is implied. Negating the option results in a value of _n_e_v_e_r being used. @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 16 +1.7.0 November 15, 2008 16 @@ -1067,7 +1067,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) to disable syslog logging). Defaults to local2. verifypw This option controls when a password will be required when - a user runs ssuuddoo with the --vv flag. It has the following + a user runs ssuuddoo with the --vv option. It has the following possible values: all All the user's _s_u_d_o_e_r_s entries for the current host @@ -1075,14 +1075,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) password. always The user must always enter a password to use the --vv - flag. + option. any At least one of the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid entering a password. never The user need never enter a password to use the --vv - flag. + option. If no value is specified, a value of _a_l_l is implied. Negating the option results in a value of _n_e_v_e_r being used. @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 17 +1.7.0 November 15, 2008 17 @@ -1183,7 +1183,7 @@ EEXXAAMMPPLLEESS -1.7.0 November 6, 2008 18 +1.7.0 November 15, 2008 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 19 +1.7.0 November 15, 2008 19 @@ -1309,13 +1309,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is - not allowed to give _s_u(1) any flags. + not allowed to specify any options to the _s_u(1) command. jen ALL, !SERVERS = ALL -1.7.0 November 6, 2008 20 +1.7.0 November 15, 2008 20 @@ -1381,7 +1381,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.7.0 November 6, 2008 21 +1.7.0 November 15, 2008 21 @@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.0 November 6, 2008 22 +1.7.0 November 15, 2008 22 @@ -1513,6 +1513,6 @@ DDIISSCCLLAAIIMMEERR -1.7.0 November 6, 2008 23 +1.7.0 November 15, 2008 23 diff --git a/sudoers.man.in b/sudoers.man.in index 0d4606f32..c3dc9a219 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "November 6, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "November 15, 2008" "1.7.0" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -337,7 +337,7 @@ in the \f(CW\*(C`Cmnd\*(C'\fR must match exactly those given by the user on the (or match the wildcards if there are any). Note that the following characters must be escaped with a '\e' if they are used in command arguments: ',', ':', '=', '\e'. The special command \f(CW"sudoedit"\fR -is used to permit a user to run \fBsudo\fR with the \fB\-e\fR flag (or +is used to permit a user to run \fBsudo\fR with the \fB\-e\fR option (or as \fBsudoedit\fR). It may take command line arguments just as a normal command does. .Sh "Defaults" @@ -413,12 +413,12 @@ A \f(CW\*(C`Runas_Spec\*(C'\fR determines the user and/or the group that a comma may be run as. A fully-specified \f(CW\*(C`Runas_Spec\*(C'\fR consists of two \&\f(CW\*(C`Runas_List\*(C'\fRs (as defined above) separated by a colon (':') and enclosed in a set of parentheses. The first \f(CW\*(C`Runas_List\*(C'\fR indicates -which users the command may be run as via \fBsudo\fR's \fB\-u\fR flag. +which users the command may be run as via \fBsudo\fR's \fB\-u\fR option. The second defines a list of groups that can be specified via -\&\fBsudo\fR's \fB\-g\fR flag. If both \f(CW\*(C`Runas_List\*(C'\fRs are specified, the +\&\fBsudo\fR's \fB\-g\fR option. If both \f(CW\*(C`Runas_List\*(C'\fRs are specified, the command may be run with any combination of users and groups listed in their respective \f(CW\*(C`Runas_List\*(C'\fRs. If only the first is specified, -the command may be run as any user in the list but no \fB\-g\fR flag +the command may be run as any user in the list but no \fB\-g\fR option may be specified. If the first \f(CW\*(C`Runas_List\*(C'\fR is empty but the second is specified, the command may be run as the invoking user with the group set to any listed in the \f(CW\*(C`Runas_List\*(C'\fR. If no @@ -658,7 +658,7 @@ grouped by type, are listed below. .IX Item "always_set_home" If set, \fBsudo\fR will set the \f(CW\*(C`HOME\*(C'\fR environment variable to the home directory of the target user (which is root unless the \fB\-u\fR option is used). -This effectively means that the \fB\-H\fR flag is always implied. +This effectively means that the \fB\-H\fR option is always implied. This flag is \fIoff\fR by default. .IP "authenticate" 16 .IX Item "authenticate" @@ -818,15 +818,15 @@ If set, \fBsudo\fR will prompt for the password of the user defined by the password of the invoking user. This flag is \fIoff\fR by default. .IP "set_home" 16 .IX Item "set_home" -If set and \fBsudo\fR is invoked with the \fB\-s\fR flag the \f(CW\*(C`HOME\*(C'\fR +If set and \fBsudo\fR is invoked with the \fB\-s\fR option the \f(CW\*(C`HOME\*(C'\fR environment variable will be set to the home directory of the target user (which is root unless the \fB\-u\fR option is used). This effectively -makes the \fB\-s\fR flag imply \fB\-H\fR. This flag is \fIoff\fR by default. +makes the \fB\-s\fR option imply \fB\-H\fR. This flag is \fIoff\fR by default. .IP "set_logname" 16 .IX Item "set_logname" Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR environment variables to the name of the target user (usually root -unless the \fB\-u\fR flag is given). However, since some programs +unless the \fB\-u\fR option is given). However, since some programs (including the \s-1RCS\s0 revision control system) use \f(CW\*(C`LOGNAME\*(C'\fR to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname @@ -844,7 +844,7 @@ by default. .IP "shell_noargs" 16 .IX Item "shell_noargs" If set and \fBsudo\fR is invoked with no arguments it acts as if the -\&\fB\-s\fR flag had been given. That is, it runs a shell as root (the +\&\fB\-s\fR option had been given. That is, it runs a shell as root (the shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is \fIoff\fR by default. @@ -861,9 +861,9 @@ function. This flag is \fIoff\fR by default. .IP "targetpw" 16 .IX Item "targetpw" If set, \fBsudo\fR will prompt for the password of the user specified by -the \fB\-u\fR flag (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password of the +the \fB\-u\fR option (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password of the invoking user. Note that this precludes the use of a uid not listed -in the passwd database as an argument to the \fB\-u\fR flag. +in the passwd database as an argument to the \fB\-u\fR option. This flag is \fIoff\fR by default. .IP "tty_tickets" 16 .IX Item "tty_tickets" @@ -998,7 +998,7 @@ The default value is \f(CW\*(C`@passprompt@\*(C'\fR. @SEMAN@This option is only available whe \fBsudo\fR is built with SELinux support. .IP "runas_default" 16 .IX Item "runas_default" -The default user to run commands as if the \fB\-u\fR flag is not specified +The default user to run commands as if the \fB\-u\fR option is not specified on the command line. This defaults to \f(CW\*(C`@runas_default@\*(C'\fR. Note that if \fIrunas_default\fR is set it \fBmust\fR occur before any \f(CW\*(C`Runas_Alias\*(C'\fR specifications. @@ -1081,7 +1081,7 @@ By default, \fBsudo\fR uses a built-in lecture. .IP "listpw" 12 .IX Item "listpw" This option controls when a password will be required when a -user runs \fBsudo\fR with the \fB\-l\fR flag. It has the following possible values: +user runs \fBsudo\fR with the \fB\-l\fR option. It has the following possible values: .RS 12 .IP "all" 8 .IX Item "all" @@ -1089,14 +1089,14 @@ All the user's \fIsudoers\fR entries for the current host must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. .IP "always" 8 .IX Item "always" -The user must always enter a password to use the \fB\-l\fR flag. +The user must always enter a password to use the \fB\-l\fR option. .IP "any" 8 .IX Item "any" At least one of the user's \fIsudoers\fR entries for the current host must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. .IP "never" 8 .IX Item "never" -The user need never enter a password to use the \fB\-l\fR flag. +The user need never enter a password to use the \fB\-l\fR option. .RE .RS 12 .Sp @@ -1142,7 +1142,7 @@ disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR. .IP "verifypw" 12 .IX Item "verifypw" This option controls when a password will be required when a user runs -\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values: +\&\fBsudo\fR with the \fB\-v\fR option. It has the following possible values: .RS 12 .IP "all" 8 .IX Item "all" @@ -1150,14 +1150,14 @@ All the user's \fIsudoers\fR entries for the current host must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. .IP "always" 8 .IX Item "always" -The user must always enter a password to use the \fB\-v\fR flag. +The user must always enter a password to use the \fB\-v\fR option. .IP "any" 8 .IX Item "any" At least one of the user's \fIsudoers\fR entries for the current host must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password. .IP "never" 8 .IX Item "never" -The user need never enter a password to use the \fB\-v\fR flag. +The user need never enter a password to use the \fB\-v\fR option. .RE .RS 12 .Sp @@ -1386,7 +1386,7 @@ The user \fBfred\fR can run commands as any user in the \fI\s-1DB\s0\fR \f(CW\*( .Ve .PP On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root -but he is not allowed to give \fIsu\fR\|(1) any flags. +but he is not allowed to specify any options to the \fIsu\fR\|(1) command. .PP .Vb 1 \& jen ALL, !SERVERS = ALL diff --git a/visudo.cat b/visudo.cat index 75735da27..74be71413 100644 --- a/visudo.cat +++ b/visudo.cat @@ -23,7 +23,7 @@ DDEESSCCRRIIPPTTIIOONN determined by the _c_o_n_f_i_g_u_r_e script. Normally, vviissuuddoo does not honor the VISUAL or EDITOR environment variables unless they contain an editor in the aforementioned editors list. However, if vviissuuddoo is - configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r flag or the _e_n_v___e_d_i_t_o_r Default + configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r option or the _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by VISUAL or EDITOR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.7.0 October 24, 2008 1 +1.7.0 November 15, 2008 1 @@ -71,7 +71,7 @@ VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) errors are not printed. This option is only useful when - combined with the --cc flag. + combined with the --cc option. -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is used before it is defined, vviissuuddoo will consider this a @@ -127,7 +127,7 @@ SSEEEE AALLSSOO -1.7.0 October 24, 2008 2 +1.7.0 November 15, 2008 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.7.0 October 24, 2008 3 +1.7.0 November 15, 2008 3 diff --git a/visudo.man.in b/visudo.man.in index cf87568fe..394bfc429 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -1,5 +1,5 @@ .\" Copyright (c) 1996,1998-2005, 2007-2008 -.\" Todd C. Miller +.\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "October 24, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "November 15, 2008" "1.7.0" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,7 +178,7 @@ your system, as determined by the \fIconfigure\fR script. Normally, \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment variables unless they contain an editor in the aforementioned editors list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR -flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, +option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. @@ -217,7 +217,7 @@ is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. .IX Item "-q" Enable \fBquiet\fR mode. In this mode details about syntax errors are not printed. This option is only useful when combined with -the \fB\-c\fR flag. +the \fB\-c\fR option. .IP "\-s" 12 .IX Item "-s" Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is -- 2.40.0