From e48cbfc10c995abf713ffb64bf31a907f97f9921 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Mon, 19 Feb 2018 11:27:30 -0700
Subject: [PATCH] Clarify that --with-rundir and --with-vardir take
 sudo-specific directory, e.g. /var/run/sudo and not just /var/run.  Bug #823

---
 INSTALL      | 35 ++++++++++++++++++-----------------
 configure    |  7 +++++--
 configure.ac |  4 ++--
 3 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/INSTALL b/INSTALL
index d15290a06..0d7298fc9 100644
--- a/INSTALL
+++ b/INSTALL
@@ -126,34 +126,35 @@ Directory and file names:
 	Install sudo example files in DIR [DATAROOTDIR/doc/sudo/examples]
 
   --with-plugindir=DIR
-	Set the directory that sudo looks in to find the policy and I/O
+	The directory that sudo looks in to find the policy and I/O
 	logging plugins.  Defaults to the LIBEXEC/sudo.
 
   --with-rundir=DIR
-        Set the directory to be used for sudo-specific files that
-        do not survive a system reboot.  This is typically where
-        the time stamp directory is located.  By default, configure
-        will use the first existing directory in the following list:
-	    /run /var/run, /var/db, /var/lib, /var/adm, /usr/adm
+        The directory to be used for sudo-specific files that do
+        not survive a system reboot.  This is typically where the
+        time stamp directory is located.  By default, configure
+        will choose from the following list:
+	    /run/sudo /var/run/sudo, /var/db/sudo, /var/lib/sudo,
+	    /var/adm/sudo, /usr/adm/sudo
 	This directory should be cleared when the system reboots.
 	On systems that lack /run or /var/run, the default rundir and
 	vardir may be the same.  In this case, only the ts directory
 	inside the rundir needs to be cleared at boot time.
 
   --with-vardir=DIR
-        Set the directory to be used for sudo-specific files that
-        survive a system reboot.  This is typically where the lecture
-        status directory is stored.  By default, configure will use
-        the first existing directory in the following list:
-	    /var/db, /var/lib, /var/adm, /usr/adm
-	This directory should not be cleared when the system boots.
+        The directory to be used for sudo-specific files that survive
+        a system reboot.  This is typically where the lecture status
+        directory is stored.  By default, configure will choose
+        from the following list:
+	    /var/db/sudo, /var/lib/sudo, /var/adm/sudo, /usr/adm/sudo
+	This directory should *not* be cleared when the system boots.
 
   --with-tzdir=DIR
-        Set the directory to the system's time zone data files.  This 
-	is only used when sanitizing the TZ environment variable to
-	allow for fully-qualified paths in TZ.
-        By default, configure will look for an existing "zoneinfo"
-	directory in the following locations:
+        The directory to the system's time zone data files.  This
+        is only used when sanitizing the TZ environment variable
+        to allow for fully-qualified paths in TZ.  By default,
+        configure will look for an existing "zoneinfo" directory
+        in the following locations:
 	    /usr/share /usr/share/lib /usr/lib /etc
 	If no zoneinfo directory is found, the TZ variable may not
 	contain a fully-qualified path.
diff --git a/configure b/configure
index 598170d54..1fda42b11 100755
--- a/configure
+++ b/configure
@@ -1719,8 +1719,11 @@ Optional Packages:
   --with-badpass-message  message the user sees when the password is wrong
   --with-fqdn             expect fully qualified hosts in sudoers
   --with-timedir=DIR      deprecated
-  --with-rundir=DIR       path to the sudo time stamp parent dir
-  --with-vardir=DIR       path to the sudo var dir
+  --with-rundir=DIR       directory for sudo-specific files that do not
+                          survive a system reboot, e.g. `/var/run/sudo'
+  --with-vardir=DIR       directory for sudo-specific files that survive a
+                          system reboot, e.g. `/var/db/sudo' or
+                          `/var/lib/sudo'
   --with-iologdir=DIR     directory to store sudo I/O log files in
   --with-tzdir=DIR        path to the time zone data directory
   --with-sendmail         set path to sendmail
diff --git a/configure.ac b/configure.ac
index dda5e86fa..52a5963ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -845,7 +845,7 @@ AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])],
 		;;
 esac])
 
-AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [path to the sudo time stamp parent dir])],
+AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [directory for sudo-specific files that do not survive a system reboot, e.g. `/var/run/sudo'])],
 [case $with_rundir in
     yes)	AC_MSG_ERROR(["must give --with-rundir an argument."])
 		;;
@@ -853,7 +853,7 @@ AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [path to the sudo time
 		;;
 esac])
 
-AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [path to the sudo var dir])],
+AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [directory for sudo-specific files that survive a system reboot, e.g. `/var/db/sudo' or `/var/lib/sudo'])],
 [case $with_vardir in
     yes)	AC_MSG_ERROR(["must give --with-vardir an argument."])
 		;;
-- 
2.40.0