From eb49afe6c8bc71c745c99dcd036bbbea945cefbc Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 6 Sep 2004 20:45:27 +0000 Subject: [PATCH] Add SUPPORT section and re-order some of the sections to match the order we use in OpenBSD. --- sudo.pod | 94 +++++++++++++++++++++++++++++------------------------ sudoers.pod | 34 +++++++++++++++---- visudo.pod | 58 +++++++++++++++++++-------------- 3 files changed, 114 insertions(+), 72 deletions(-) diff --git a/sudo.pod b/sudo.pod index e5796b9eb..399656441 100644 --- a/sudo.pod +++ b/sudo.pod @@ -373,33 +373,6 @@ of this, care must be taken when giving users access to commands via B to verify that the command does not inadvertently give the user an effective root shell. -=head1 EXAMPLES - -Note: the following examples assume suitable L entries. - -To get a file listing of an unreadable directory: - - $ sudo ls /usr/local/protected - -To list the home directory of user yazza on a machine where the -file system holding ~yazza is not exported as root: - - $ sudo -u yazza ls ~yazza - -To edit the F file as user www: - - $ sudo -u www vi ~www/htdocs/index.html - -To shutdown a machine: - - $ sudo shutdown -r +15 "quick reboot" - -To make a usage listing of the directories in the /home -partition. Note that this runs the commands in a sub-shell -to make the C and file redirection work. - - $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" - =head1 ENVIRONMENT B utilizes the following environment variables: @@ -438,6 +411,38 @@ B utilizes the following environment variables: @sysconfdir@/sudoers List of who can run what @timedir@ Directory containing timestamps +=head1 EXAMPLES + +Note: the following examples assume suitable L entries. + +To get a file listing of an unreadable directory: + + $ sudo ls /usr/local/protected + +To list the home directory of user yazza on a machine where the +file system holding ~yazza is not exported as root: + + $ sudo -u yazza ls ~yazza + +To edit the F file as user www: + + $ sudo -u www vi ~www/htdocs/index.html + +To shutdown a machine: + + $ sudo shutdown -r +15 "quick reboot" + +To make a usage listing of the directories in the /home +partition. Note that this runs the commands in a sub-shell +to make the C and file redirection work. + + $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" + +=head1 SEE ALSO + +L, L, L, L, L, +L, L + =head1 AUTHORS Many people have worked on B over the years; this @@ -450,18 +455,6 @@ See the HISTORY file in the B distribution or visit http://www.sudo.ws/sudo/history.html for a short history of B. -=head1 BUGS - -If you feel you have found a bug in sudo, please submit a bug report -at http://www.sudo.ws/sudo/bugs/ - -=head1 DISCLAIMER - -B is provided ``AS IS'' and any express or implied warranties, -including, but not limited to, the implied warranties of merchantability -and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with B for complete details. - =head1 CAVEATS There is no easy way to prevent a user from gaining a root shell @@ -487,7 +480,24 @@ Running shell scripts via B can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, setuid shell scripts are generally safe). -=head1 SEE ALSO +=head1 BUGS -L, L, L, L, L, -L, L +If you feel you have found a bug in B, please submit a bug report +at http://www.sudo.ws/sudo/bugs/ + +=head1 SUPPORT + +Commercial support is available for B, see +http://www.sudo.ws/sudo/support.html for details. + +Limited free support is available via the sudo-users mailing list, +see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. + +=head1 DISCLAIMER + +B is provided ``AS IS'' and any express or implied warranties, +including, but not limited to, the implied warranties of merchantability +and fitness for a particular purpose are disclaimed. See the LICENSE +file distributed with B or http://www.sudo.ws/sudo/license.html +for complete details. diff --git a/sudoers.pod b/sudoers.pod index 88eeeba83..592b35c41 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -982,6 +982,12 @@ The following characters must be escaped with a backslash ('\') when used as part of a word (e.g. a username or hostname): '@', '!', '=', ':', ',', '(', ')', '\'. +=head1 FILES + + @sysconfdir@/sudoers List of who can run what + /etc/group Local groups file + /etc/netgroup List of network groups + =head1 EXAMPLES Since the I file is parsed in a single pass, order is @@ -1226,6 +1232,10 @@ as root are still capable of many potentially hazardous operations privilege escalation. In the specific case of an editor, a safer approach is to give the user permission to run B. +=head1 SEE ALSO + +L, L, L, L, L + =head1 CAVEATS The I file should B be edited by the B @@ -1239,12 +1249,24 @@ case), you either need to have the machine's hostname be fully qualified as returned by the C command or use the I option in I. -=head1 FILES +=head1 BUGS - @sysconfdir@/sudoers List of who can run what - /etc/group Local groups file - /etc/netgroup List of network groups +If you feel you have found a bug in B, please submit a bug report +at http://www.sudo.ws/sudo/bugs/ -=head1 SEE ALSO +=head1 SUPPORT -L, L, L, L, L +Commercial support is available for B, see +http://www.sudo.ws/sudo/support.html for details. + +Limited free support is available via the sudo-users mailing list, +see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. + +=head1 DISCLAIMER + +B is provided ``AS IS'' and any express or implied warranties, +including, but not limited to, the implied warranties of merchantability +and fitness for a particular purpose are disclaimed. See the LICENSE +file distributed with B or http://www.sudo.ws/sudo/license.html +for complete details. diff --git a/visudo.pod b/visudo.pod index 045ea2c4b..743792363 100644 --- a/visudo.pod +++ b/visudo.pod @@ -106,7 +106,20 @@ and exit. =back -=head1 ERRORS +=head1 ENVIRONMENT + +The following environment variables are used only if B +was configured with the I<--with-env-editor> option: + + VISUAL Invoked by visudo as the editor to use + EDITOR Used by visudo if VISUAL is not set + +=head1 FILES + + @sysconfdir@/sudoers List of who can run what + @sysconfdir@/sudoers.tmp Lock file for visudo + +=head1 DIAGNOSTICS =over 4 @@ -145,18 +158,9 @@ not a warning. =back -=head1 ENVIRONMENT - -The following environment variables are used only if B -was configured with the I<--with-env-editor> option: - - VISUAL Invoked by visudo as the editor to use - EDITOR Used by visudo if VISUAL is not set - -=head1 FILES +=head1 SEE ALSO - @sysconfdir@/sudoers List of who can run what - @sysconfdir@/sudoers.tmp Lock file for visudo +L, L, L, L =head1 AUTHOR @@ -168,23 +172,29 @@ B was written by: See the HISTORY file in the sudo distribution or visit http://www.sudo.ws/sudo/history.html for more details. +=head1 CAVEATS + +There is no easy way to prevent a user from gaining a root shell if +the editor used by B allows shell escapes. + =head1 BUGS -If you feel you have found a bug in sudo, please submit a bug report +If you feel you have found a bug in B, please submit a bug report at http://www.sudo.ws/sudo/bugs/ -=head1 DISCLAIMER +=head1 SUPPORT -B is provided ``AS IS'' and any express or implied warranties, -including, but not limited to, the implied warranties of merchantability -and fitness for a particular purpose are disclaimed. -See the LICENSE file distributed with B for complete details. - -=head1 CAVEATS +Commercial support is available for B, see +http://www.sudo.ws/sudo/support.html for details. -There is no easy way to prevent a user from gaining a root shell if -the editor used by B allows shell escapes. +Limited free support is available via the sudo-users mailing list, +see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. -=head1 SEE ALSO +=head1 DISCLAIMER -L, L, L, L +B is provided ``AS IS'' and any express or implied warranties, +including, but not limited to, the implied warranties of merchantability +and fitness for a particular purpose are disclaimed. See the LICENSE +file distributed with B or http://www.sudo.ws/sudo/license.html +for complete details. -- 2.40.0