From e939739aaee230659fca0edd7f61cc4ba83c389f Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 11 Jun 2009 20:29:12 +0000 Subject: [PATCH] regen --- sudo.cat | 20 ++++++------- sudo.man.in | 4 +-- sudoers.cat | 66 +++++++++++++++++++++--------------------- sudoers.ldap.cat | 70 ++++++++++++++++++++++----------------------- sudoers.ldap.man.in | 24 ++++++++++------ sudoers.man.in | 36 +++++++++++------------ visudo.cat | 6 ++-- visudo.man.in | 2 +- 8 files changed, 117 insertions(+), 111 deletions(-) diff --git a/sudo.cat b/sudo.cat index a33056d4a..d67868e87 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.1 March 11, 2009 1 +1.7.2 June 11, 2009 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7.1 March 11, 2009 2 +1.7.2 June 11, 2009 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.1 March 11, 2009 3 +1.7.2 June 11, 2009 3 @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.1 March 11, 2009 4 +1.7.2 June 11, 2009 4 @@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.1 March 11, 2009 5 +1.7.2 June 11, 2009 5 @@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7.1 March 11, 2009 6 +1.7.2 June 11, 2009 6 @@ -457,7 +457,7 @@ EENNVVIIRROONNMMEENNTT -1.7.1 March 11, 2009 7 +1.7.2 June 11, 2009 7 @@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS -1.7.1 March 11, 2009 8 +1.7.2 June 11, 2009 8 @@ -589,7 +589,7 @@ SSUUPPPPOORRTT -1.7.1 March 11, 2009 9 +1.7.2 June 11, 2009 9 @@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR -1.7.1 March 11, 2009 10 +1.7.2 June 11, 2009 10 diff --git a/sudo.man.in b/sudo.man.in index 404a2413f..61966ca6a 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -1,4 +1,4 @@ -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2008 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "March 11, 2009" "1.7.1" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoers.cat b/sudoers.cat index a8637a184..d7f6e3057 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.1 April 18, 2009 1 +1.7.2 June 11, 2009 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 2 +1.7.2 June 11, 2009 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 3 +1.7.2 June 11, 2009 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 4 +1.7.2 June 11, 2009 4 @@ -276,7 +276,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) what user) on specified hosts. By default, commands are run as rroooott, but this can be changed on a per-command basis. - Let's break that down into its constituent parts: + The basic structure of a user specification is `who = where (as_whom) + what'. Let's break that down into its constituent parts: RRuunnaass__SSppeecc @@ -324,8 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - -1.7.1 April 18, 2009 5 +1.7.2 June 11, 2009 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 6 +1.7.2 June 11, 2009 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 7 +1.7.2 June 11, 2009 7 @@ -486,7 +486,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The filename may include the %h escape, signifying the short form of the hostname. I.e., if the machine's hostname is "xerxes", then - #include /etc/sudoers.%h + #include /etc/sudoers.%h will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s. @@ -494,13 +494,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) the system package manager can drop _s_u_d_o_e_r_s rules into as part of package installation. For example, given: - #includedir /etc/sudoers.d + #includedir /etc/sudoers.d - ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping files that contain - a . character to avoid causing problems with package manager, vviissuuddoo or - editor temporary files. Files are parsed in sorted lexical order. - That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed before - _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Be aware that because the sorting is + ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping file names that + end in ~ or contain a . character to avoid causing problems with + package manager or editor temporary/backup files. Files are parsed in + sorted lexical order. That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed + before _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Be aware that because the sorting is lexical, not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded aafftteerr _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Using a consistent number of leading zeroes in the file names can be used to avoid such problems. @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 8 +1.7.2 June 11, 2009 8 @@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7.1 April 18, 2009 9 +1.7.2 June 11, 2009 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 10 +1.7.2 June 11, 2009 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 11 +1.7.2 June 11, 2009 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 12 +1.7.2 June 11, 2009 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 13 +1.7.2 June 11, 2009 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 14 +1.7.2 June 11, 2009 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 15 +1.7.2 June 11, 2009 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 16 +1.7.2 June 11, 2009 16 @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 17 +1.7.2 June 11, 2009 17 @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 18 +1.7.2 June 11, 2009 18 @@ -1249,7 +1249,7 @@ EEXXAAMMPPLLEESS -1.7.1 April 18, 2009 19 +1.7.2 June 11, 2009 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 20 +1.7.2 June 11, 2009 20 @@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 21 +1.7.2 June 11, 2009 21 @@ -1447,7 +1447,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.7.1 April 18, 2009 22 +1.7.2 June 11, 2009 22 @@ -1513,7 +1513,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.1 April 18, 2009 23 +1.7.2 June 11, 2009 23 @@ -1579,6 +1579,6 @@ DDIISSCCLLAAIIMMEERR -1.7.1 April 18, 2009 24 +1.7.2 June 11, 2009 24 diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index ee5a16fb5..234931dea 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.1 March 11, 2009 1 +1.7.2 June 11, 2009 1 @@ -127,7 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 2 +1.7.2 June 11, 2009 2 @@ -193,7 +193,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 3 +1.7.2 June 11, 2009 3 @@ -259,7 +259,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 4 +1.7.2 June 11, 2009 4 @@ -325,7 +325,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 5 +1.7.2 June 11, 2009 5 @@ -391,7 +391,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 6 +1.7.2 June 11, 2009 6 @@ -457,7 +457,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 7 +1.7.2 June 11, 2009 7 @@ -523,7 +523,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.1 March 11, 2009 8 +1.7.2 June 11, 2009 8 @@ -589,7 +589,7 @@ EEXXAAMMPPLLEESS -1.7.1 March 11, 2009 9 +1.7.2 June 11, 2009 9 @@ -645,17 +645,17 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) #tls_cert /etc/certs/client_cert.pem #tls_key /etc/certs/client_key.pem # - # For SunONE or iPlanet LDAP, the file specified by tls_cert may - # contain CA certs and/or the client's cert. If the client's - # cert is included, tls_key should be specified as well. - # For backward compatibility, sslpath may be used in place of tls_cert. - #tls_cert /var/ldap/cert7.db - #tls_key /var/ldap/key3.db - # + # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either + # a directory, in which case the files in the directory must have the + # default names (e.g. cert8.db and key4.db), or the path to the cert + # and key files themselves. However, a bug in version 5.0 of the LDAP + # SDK will prevent specific file names from working. For this reason + # it is suggested that tls_cert and tls_key be set to a directory, + # not a file name. -1.7.1 March 11, 2009 10 +1.7.2 June 11, 2009 10 @@ -664,6 +664,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + # + # The certificate database specified by tls_cert may contain CA certs + # and/or the client's cert. If the client's cert is included, tls_key + # should be specified as well. + # For backward compatibility, "sslpath" may be used in place of tls_cert. + #tls_cert /var/ldap + #tls_key /var/ldap + # # If using SASL authentication for LDAP (OpenSSL) # use_sasl yes # sasl_auth_id @@ -710,18 +718,10 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - attributetype ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - - attributetype ( 1.3.6.1.4.1.15953.9.1.7 - NAME 'sudoRunAsGroup' -1.7.1 March 11, 2009 11 +1.7.2 June 11, 2009 11 @@ -730,6 +730,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + attributetype ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) @@ -779,14 +787,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - -1.7.1 March 11, 2009 12 +1.7.2 June 11, 2009 12 diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index b5d0c7d2e..4b22d79b8 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003-2008 +.\" Copyright (c) 2003-2009 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "March 11, 2009" "1.7.1" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -716,12 +716,20 @@ determines sudoers source order on \s-1AIX\s0 \& #tls_cert /etc/certs/client_cert.pem \& #tls_key /etc/certs/client_key.pem \& # -\& # For SunONE or iPlanet LDAP, the file specified by tls_cert may -\& # contain CA certs and/or the client\*(Aqs cert. If the client\*(Aqs -\& # cert is included, tls_key should be specified as well. -\& # For backward compatibility, sslpath may be used in place of tls_cert. -\& #tls_cert /var/ldap/cert7.db -\& #tls_key /var/ldap/key3.db +\& # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either +\& # a directory, in which case the files in the directory must have the +\& # default names (e.g. cert8.db and key4.db), or the path to the cert +\& # and key files themselves. However, a bug in version 5.0 of the LDAP +\& # SDK will prevent specific file names from working. For this reason +\& # it is suggested that tls_cert and tls_key be set to a directory, +\& # not a file name. +\& # +\& # The certificate database specified by tls_cert may contain CA certs +\& # and/or the client\*(Aqs cert. If the client\*(Aqs cert is included, tls_key +\& # should be specified as well. +\& # For backward compatibility, "sslpath" may be used in place of tls_cert. +\& #tls_cert /var/ldap +\& #tls_key /var/ldap \& # \& # If using SASL authentication for LDAP (OpenSSL) \& # use_sasl yes diff --git a/sudoers.man.in b/sudoers.man.in index 77b56e225..8d5813a75 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -1,4 +1,4 @@ -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2008 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "April 18, 2009" "1.7.1" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -406,7 +406,8 @@ A \fBuser specification\fR determines which commands a user may run (and as what user) on specified hosts. By default, commands are run as \fBroot\fR, but this can be changed on a per-command basis. .PP -Let's break that down into its constituent parts: +The basic structure of a user specification is `who = where (as_whom) +what'. Let's break that down into its constituent parts: .Sh "Runas_Spec" .IX Subsection "Runas_Spec" A \f(CW\*(C`Runas_Spec\*(C'\fR determines the user and/or the group that a command @@ -622,9 +623,7 @@ files is enforced to prevent include file loops. The filename may include the \f(CW%h\fR escape, signifying the short form of the hostname. I.e., if the machine's hostname is \*(L"xerxes\*(R", then .PP -.Vb 1 -\& #include /etc/sudoers.%h -.Ve +\&\f(CW\*(C`#include /etc/sudoers.%h\*(C'\fR .PP will cause \fBsudo\fR to include the file \fI/etc/sudoers.xerxes\fR. .PP @@ -632,19 +631,18 @@ The \f(CW\*(C`#includedir\*(C'\fR directive can be used to create a \fIsudo.d\fR directory that the system package manager can drop \fIsudoers\fR rules into as part of package installation. For example, given: .PP -.Vb 1 -\& #includedir /etc/sudoers.d -.Ve -.PP -\&\fBsudo\fR will read each file in \fI/etc/sudoers.d\fR, skipping files -that contain a \f(CW\*(C`.\*(C'\fR character to avoid causing problems with package -manager, \fBvisudo\fR or editor temporary files. Files are parsed in -sorted lexical order. That is, \fI/etc/sudoers.d/01_first\fR will be -parsed before \fI/etc/sudoers.d/10_second\fR. Be aware that because -the sorting is lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR -would be loaded \fBafter\fR \fI/etc/sudoers.d/10_second\fR. Using a -consistent number of leading zeroes in the file names can be used -to avoid such problems. +\&\f(CW\*(C`#includedir /etc/sudoers.d\*(C'\fR +.PP +\&\fBsudo\fR will read each file in \fI/etc/sudoers.d\fR, skipping file +names that end in \f(CW\*(C`~\*(C'\fR or contain a \f(CW\*(C`.\*(C'\fR character to avoid causing +problems with package manager or editor temporary/backup files. +Files are parsed in sorted lexical order. That is, +\&\fI/etc/sudoers.d/01_first\fR will be parsed before +\&\fI/etc/sudoers.d/10_second\fR. Be aware that because the sorting is +lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR would be loaded +\&\fBafter\fR \fI/etc/sudoers.d/10_second\fR. Using a consistent number +of leading zeroes in the file names can be used to avoid such +problems. .PP Note that unlike files included via \f(CW\*(C`#include\*(C'\fR, \fBvisudo\fR will not edit the files in a \f(CW\*(C`#includedir\*(C'\fR directory unless one of them diff --git a/visudo.cat b/visudo.cat index 5139ce7d4..51c822e7a 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.7.1 March 11, 2009 1 +1.7.2 June 11, 2009 1 @@ -127,7 +127,7 @@ AAUUTTHHOORR -1.7.1 March 11, 2009 2 +1.7.2 June 11, 2009 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.7.1 March 11, 2009 3 +1.7.2 June 11, 2009 3 diff --git a/visudo.man.in b/visudo.man.in index 83896aada..1463ce3a1 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "March 11, 2009" "1.7.1" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l -- 2.40.0