mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller 2014-02-15 15:18:34 -07:00
parent a9cfe4fc44
commit 0ec92dae81
13 changed files with 419 additions and 454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/sudo.cat
View File

@ -582,4 +582,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.8.10 December 8, 2013 Sudo 1.8.10
Sudo 1.8.10 February 15, 2014 Sudo 1.8.10

2
doc/sudo.conf.cat
View File

@ -391,4 +391,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.8.9 January 22, 2014 Sudo 1.8.9
Sudo 1.8.10 January 22, 2014 Sudo 1.8.10

36
doc/sudo.conf.man.in
View File

@ -57,13 +57,13 @@ and the
plugin.
.PP
The pound sign
(`#')
(\(oq#\(cq)
is used to indicate a comment.
Both the comment character and any text after it, up to the end of
the line, are ignored.
.PP
Long lines can be continued with a backslash
(`\e')
(\(oq\e\(cq)
as the last character on the line.
Note that leading white space is removed from the beginning of lines
even when the continuation character is used.
@ -79,7 +79,7 @@ are silently ignored.
The
\fBsudo.conf\fR
file is always parsed in the
``\fRC\fR''
\(lq\fRC\fR\(rq
locale.
.SS "Plugin configuration"
\fBsudo\fR
@ -269,17 +269,17 @@ itself are disabled by default.
To aid in debugging
\fBsudo\fR
crashes, you may wish to re-enable core dumps by setting
``disable_coredump''
\(lqdisable_coredump\(rq
to false in
\fBsudo.conf\fR
as follows:
.RS
.nf
.sp
.RS 6n
.RS 16n
Set disable_coredump false
.RE
.fi
.RS 10n
.sp
Note that most operating systems disable core dumps from setuid programs,
including
@ -297,9 +297,7 @@ command is used to configure core dump behavior.
This setting is only available in
\fBsudo\fR
version 1.8.4 and higher.
.PP
.RE
.PD 0
.TP 10n
group_source
\fBsudo\fR
@ -310,9 +308,10 @@ with NFS).
On systems with the
getconf(1)
utility, running:
.RS 6n
.RS 16n
getconf NGROUPS_MAX
.RE
.RS 10n
will return the maximum number of groups.
.sp
However, it is still possible to be a member of a larger number of
@ -333,15 +332,13 @@ setting allows the administrator to change this default behavior.
Supported values for
\fIgroup_source\fR
are:
.RS
.PD
.TP 10n
static
Use the static group list that the kernel returns.
Retrieving the group list this way is very fast but it is subject
to an upper limit as described above.
It is
``static''
\(lqstatic\(rq
in that it does not reflect changes to the group database made
after the user logs in.
This was the default behavior prior to
@ -351,7 +348,7 @@ This was the default behavior prior to
dynamic
Always query the group database directly.
It is
``dynamic''
\(lqdynamic\(rq
in that changes made to the group database after the user logs in
will be reflected in the group list.
On some systems, querying the group database for all of a user's
@ -376,7 +373,7 @@ For example, to cause
to only use the kernel's static list of groups for the user:
.nf
.sp
.RS 6n
.RS 16n
Set group_source static
.RE
.fi
@ -384,9 +381,7 @@ Set group_source static
This setting is only available in
\fBsudo\fR
version 1.8.7 and higher.
.PP
.RE
.PD 0
.TP 10n
max_groups
The maximum number of user groups to retrieve from the group database.
@ -404,7 +399,6 @@ do not indicate an error when there is a lack of space.
This setting is only available in
\fBsudo\fR
version 1.8.7 and higher.
.PD
.TP 10n
probe_interfaces
By default,
@ -416,13 +410,13 @@ without having to query DNS. On Linux systems with a large number
of virtual interfaces, this may take a non-negligible amount of time.
If IP-based matching is not required, network interface probing
can be disabled as follows:
.RS
.nf
.sp
.RS 6n
.RS 16n
Set probe_interfaces false
.RE
.fi
.RS 10n
.sp
This setting is only available in
\fBsudo\fR
@ -450,7 +444,7 @@ plugin is
\fIsubsystem\fR@\fIpriority\fR
but a plugin is free to use a different format so long as it does
not include a comma
(`\&,').
(\(oq\&,\(cq).
.PP
For example:
.nf
@ -659,7 +653,7 @@ search the archives.
.SH "DISCLAIMER"
\fBsudo\fR
is provided
``AS IS''
\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.

62
doc/sudo.man.in
View File

@ -1,7 +1,7 @@
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in
.\"
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDO" "@mansectsu@" "December 8, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "SUDO" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@ -31,7 +31,7 @@
.SH "SYNOPSIS"
.HP 5n
\fBsudo\fR
\fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
\fB\-h\fR\ |\ \fB\-K\fR\ |\ \fB\-k\fR\ |\ \fB\-V\fR
.PD 0
.HP 5n
\fBsudo\fR
@ -170,21 +170,19 @@ sudo.conf(@mansectform@)
contains a line specifying the askpass program, that value will be
used.
For example:
.RS
.nf
.sp
.RS 4n
.RS 16n
# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass
.RE
.fi
.RS 12n
.sp
If no askpass program is available,
\fBsudo\fR
will exit with an error.
.PP
.RE
.PD 0
.TP 12n
\fB\-a\fR \fItype\fR, \fB\--auth-type\fR=\fItype\fR
Use the specified BSD authentication
@ -193,11 +191,10 @@ when validating the user, if allowed by
\fI/etc/login.conf\fR.
The system administrator may specify a list of sudo-specific
authentication methods by adding an
``auth-sudo''
\(lqauth-sudo\(rq
entry in
\fI/etc/login.conf\fR.
This option is only available on systems that support BSD authentication.
.PD
.TP 12n
\fB\-b\fR, \fB\--background\fR
Run the given command in the background.
@ -234,7 +231,7 @@ The
argument can be either a class name as defined in
\fI/etc/login.conf\fR,
or a single
`\-'
\(oq\-\(cq
character.
If
\fIclass\fR
@ -262,7 +259,7 @@ In lieu of a path name, the string "sudoedit" is used when consulting
the security policy.
If the user is authorized by the policy, the following steps are
taken:
.RS
.RS 13n
.TP 5n
1.
Temporary copies are made of the files to be edited with the owner
@ -292,7 +289,9 @@ option is used.
3.
If they have been modified, the temporary files are copied back to
their original location and the temporary versions are removed.
.PP
.RE
.RS 12n
.sp
If the specified file does not exist, it will be created.
Note that unlike most commands run by
\fIsudo\fR,
@ -302,9 +301,7 @@ If, for some reason,
is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary
file.
.PP
.RE
.PD 0
.TP 12n
\fB\-g\fR \fIgroup\fR, \fB\--group\fR=\fIgroup\fR
Run the command with the primary group set to
@ -316,20 +313,19 @@ The
may be either a group name or a numeric group ID
(GID)
prefixed with the
`#'
\(oq#\(cq
character (e.g.
\fR#0\fR
for GID 0).
When running a command as a GID, many shells require that the
`#'
\(oq#\(cq
be escaped with a backslash
(`\e').
(\(oq\e\(cq).
If no
\fB\-u\fR
option is specified, the command will be run as the invoking user.
In either case, the primary group will be set to
\fIgroup\fR.
.PD
.TP 12n
\fB\-H\fR, \fB\--set-home\fR
Request that the security policy set the
@ -451,11 +447,13 @@ the target user.
\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR
Use a custom password prompt with optional escape sequences.
The following percent
(`%')
(\(oq%\(cq)
escape sequences are supported by the
\fIsudoers\fR
policy:
.RS
.PP
.RS 12n
.PD 0
.TP 4n
\fR%H\fR
expanded to the host name including the domain name (on if the
@ -463,6 +461,7 @@ machine's host name is fully qualified or the
\fIfqdn\fR
option is set in
sudoers(@mansectform@))
.PD
.TP 4n
\fR%h\fR
expanded to the local host name without the domain name
@ -488,9 +487,9 @@ expanded to the invoking user's login name
.TP 4n
\fR%%\fR
two consecutive
`%'
\(oq%\(cq
characters are collapsed into a single
`%'
\(oq%\(cq
character
.PP
The custom prompt will override the system password prompt on systems that
@ -498,15 +497,12 @@ support PAM unless the
\fIpassprompt_override\fR
flag is disabled in
\fIsudoers\fR.
.PP
.RE
.PD 0
.TP 12n
\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR
Run the command with an SELinux security context that includes
the specified
\fIrole\fR.
.PD
.TP 12n
\fB\-S\fR, \fB\--stdin\fR
Write the prompt to the standard error and read the password from the
@ -554,14 +550,14 @@ The
may be either a user name or a numeric user ID
(UID)
prefixed with the
`#'
\(oq#\(cq
character (e.g.
\fR#0\fR
for UID 0).
When running commands as a UID, many shells require that the
`#'
\(oq#\(cq
be escaped with a backslash
(`\e').
(\(oq\e\(cq).
Some security policies may restrict UIDs
to those listed in the password database.
The
@ -686,7 +682,7 @@ process waits until the command has completed, then passes the
command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal
(``pty'')
(\(lqpty\(rq)
is created and a second
\fBsudo\fR
process is used to relay job control signals between the user's
@ -694,7 +690,7 @@ existing pty and the new pty the command is being run in.
This extra process makes it possible to, for example, suspend
and resume the command.
Without it, the command would be in what POSIX terms an
``orphaned process group''
\(lqorphaned process group\(rq
and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close
function and no pty is required,
@ -840,7 +836,7 @@ This should not happen under normal circumstances.
The most common reason for
stat(2)
to return
``permission denied''
\(lqpermission denied\(rq
is if you are running an automounter and one of the directories in
your
\fRPATH\fR
@ -894,7 +890,7 @@ re-enabled for the command that is run).
To aid in debugging
\fBsudo\fR
crashes, you may wish to re-enable core dumps by setting
``disable_coredump''
\(lqdisable_coredump\(rq
to false in the
sudo.conf(@mansectform@)
file as follows:
@ -1146,7 +1142,7 @@ search the archives.
.SH "DISCLAIMER"
\fBsudo\fR
is provided
``AS IS''
\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.

2
doc/sudo_plugin.cat
View File

@ -1464,4 +1464,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.8.9 December 20, 2013 Sudo 1.8.9
Sudo 1.8.10 December 20, 2013 Sudo 1.8.10

278
doc/sudo_plugin.man.in
View File

@ -111,15 +111,15 @@ to determine the API version the plugin was
built against.
.TP 6n
open
.RS
.nf
.RS 0n
.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[]);
.RE
.fi
.RS 6n
.sp
Returns 1 on success, 0 on failure, \-1 if a general error occurred,
or \-2 if there was a usage error.
@ -160,7 +160,7 @@ settings
A vector of user-supplied
\fBsudo\fR
settings in the form of
``name=value''
\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
@ -175,20 +175,23 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
itself but the
\fIvalue\fR
might.
.RS
.PP
.RS 6n
.PD 0
.TP 6n
bsdauth_type=string
Authentication type, if specified by the
\fB\-a\fR
flag, to use on
systems where BSD authentication is supported.
.PD
.TP 6n
closefrom=number
If specified, the user has requested via the
@ -219,7 +222,7 @@ plugin is
\fIsubsystem\fR@\fIpriority\fR
but the plugin is free to use a different
format so long as it does not include a comma
(`,\&').
(\(oq,\&\(cq).
There is not currently a way to specify a set of debug flags specific
to the plugin--the flags are shared by
\fBsudo\fR
@ -275,13 +278,13 @@ sudo.conf(@mansectform@).
network_addrs=list
A space-separated list of IP network addresses and netmasks in the
form
``addr/netmask'',
\(lqaddr/netmask\(rq,
e.g.\&
``192.168.1.2/255.255.255.0''.
\(lq192.168.1.2/255.255.255.0\(rq.
The address and netmask pairs may be either IPv4 or IPv6, depending on
what the operating system supports.
If the address contains a colon
(`:\&'),
(\(oq:\&\(cq),
it is an IPv6 address, else it is IPv4.
.TP 6n
noninteractive=bool
@ -316,9 +319,9 @@ based on the runas user.
.TP 6n
progname=string
The command name that sudo was run as, typically
``sudo''
\(lqsudo\(rq
or
``sudoedit''.
\(lqsudoedit\(rq.
.TP 6n
prompt=string
The prompt to use when requesting a password, if specified via
@ -392,13 +395,11 @@ section.
.PP
Additional settings may be added in the future so the plugin should
silently ignore settings that it does not recognize.
.PP
.RE
.PD 0
.TP 6n
user_info
A vector of information about the user running the command in the form of
``name=value''
\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
@ -409,19 +410,21 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
itself but the
\fIvalue\fR
might.
.RS
.PD
.PP
.RS 6n
.PD 0
.TP 6n
cols=int
The number of columns the user's terminal supports.
If there is no terminal device available, a default value of 80 is used.
.PD
.TP 6n
cwd=string
The user's current working directory.
@ -517,7 +520,7 @@ tty=string
The path to the user's terminal device.
If the user has no terminal device associated with the session,
the value will be empty, as in
``\fRtty=\fR''.
\(lq\fRtty=\fR\(rq.
.TP 6n
uid=uid_t
The real user ID of the user invoking
@ -526,14 +529,15 @@ The real user ID of the user invoking
user=string
The name of the user invoking
\fBsudo\fR.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
user_env
The user's environment in the form of a
\fRNULL\fR-terminated vector of
``name=value''
\(lqname=value\(rq
strings.
.sp
When parsing
@ -541,26 +545,26 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
itself but the
\fIvalue\fR
might.
.PD
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
close
.br
.RS
.nf
.RS 0n
.RS 6n
void (*close)(int exit_status, int error);
.RE
.fi
.RS 6n
.sp
The
\fBclose\fR()
@ -569,7 +573,6 @@ function is called when the command being run by
finishes.
.sp
The function arguments are as follows:
.PD
.TP 6n
exit_status
The command's exit status, as returned by the
@ -610,17 +613,15 @@ list, the
\fBsudo\fR
front end may execute the command directly instead of running
it as a child process.
.PP
.RE
.PD 0
.TP 6n
show_version
.RS
.nf
.RS 0n
.RS 6n
int (*show_version)(int verbose);
.RE
.fi
.RS 6n
.sp
The
\fBshow_version\fR()
@ -637,20 +638,17 @@ or
function using
\fRSUDO_CONV_INFO_MSG\fR.
If the user requests detailed version information, the verbose flag will be set.
.PD
.PP
.RE
.PD 0
.TP 6n
check_policy
.RS
.nf
.RS 0n
.RS 6n
int (*check_policy)(int argc, char * const argv[]
char *env_add[], char **command_info[],
char **argv_out[], char **user_env_out[]);
.RE
.fi
.RS 6n
.sp
The
\fBcheck_policy\fR()
@ -692,10 +690,10 @@ into
\fIargv_out\fR,
separated from the
editor and its arguments by a
``\fR--\fR''
\(lq\fR--\fR\(rq
element.
The
``\fR--\fR''
\(lq\fR--\fR\(rq
will
be removed by
\fBsudo\fR
@ -726,7 +724,6 @@ function with
to present additional error information to the user.
.sp
The function arguments are as follows:
.PD
.TP 6n
argc
The number of elements in
@ -749,7 +746,7 @@ Additional environment variables specified by the user on the command
line in the form of a
\fRNULL\fR-terminated
vector of
``name=value''
\(lqname=value\(rq
strings.
The plugin may reject the command if one or more variables
are not allowed to be set, or it may silently ignore such variables.
@ -759,7 +756,7 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
@ -769,7 +766,7 @@ might.
.TP 6n
command_info
Information about the command being run in the form of
``name=value''
\(lqname=value\(rq
strings.
These values are used by
\fBsudo\fR
@ -781,10 +778,13 @@ which must be terminated with a
pointer.
The following values are recognized by
\fBsudo\fR:
.RS
.PP
.RS 6n
.PD 0
.TP 6n
chroot=string
The root directory to use when running the command.
.PD
.TP 6n
closefrom=number
If specified,
@ -1006,9 +1006,7 @@ will base the new entry on
the invoking user's existing entry.
.PP
Unsupported values will be ignored.
.PP
.RE
.PD 0
.TP 6n
argv_out
The
@ -1017,25 +1015,25 @@ argument vector to pass to the
execve(2)
system call when executing the command.
The plugin is responsible for allocating and populating the vector.
.PD
.TP 6n
user_env_out
The
\fRNULL\fR-terminated
environment vector to use when executing the command.
The plugin is responsible for allocating and populating the vector.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
list
.RS
.nf
.RS 0n
.RS 6n
int (*list)(int verbose, const char *list_user,
int argc, char * const argv[]);
.RE
.fi
.RS 6n
.sp
List available privileges for the invoking user.
Returns 1 on success, 0 on failure and \-1 on error.
@ -1054,7 +1052,6 @@ or
\fBplugin_printf\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR,
.PD
.TP 6n
verbose
Flag indicating whether to list in verbose mode or not.
@ -1083,17 +1080,18 @@ execve(2)
system call.
If the command is permitted by the policy, the fully-qualified path
to the command should be displayed along with any command line arguments.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
validate
.RS
.nf
.RS 0n
.RS 6n
int (*validate)(void);
.RE
.fi
.RS 6n
.sp
The
\fBvalidate\fR()
@ -1123,18 +1121,15 @@ function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
error information to the user.
.PD
.PP
.RE
.PD 0
.TP 6n
invalidate
.RS
.nf
.RS 0n
.RS 6n
void (*invalidate)(int remove);
.RE
.fi
.RS 6n
.sp
The
\fBinvalidate\fR()
@ -1161,18 +1156,15 @@ The
function should be
\fRNULL\fR
if the plugin does not support credential caching.
.PD
.PP
.RE
.PD 0
.TP 6n
init_session
.RS
.nf
.RS 0n
.RS 6n
int (*init_session)(struct passwd *pwd, char **user_envp[);
.RE
.fi
.RS 6n
.sp
The
\fBinit_session\fR()
@ -1205,7 +1197,7 @@ argument points to the environment the command will
run in, in the form of a
\fRNULL\fR-terminated
vector of
``name=value''
\(lqname=value\(rq
strings.
This is the same string passed back to the front end via
the Policy Plugin's
@ -1241,19 +1233,16 @@ function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
error information to the user.
.PD
.PP
.RE
.PD 0
.TP 6n
register_hooks
.RS
.nf
.RS 0n
.RS 6n
void (*register_hooks)(int version,
int (*register_hook)(struct sudo_hook *hook));
.RE
.fi
.RS 6n
.sp
The
\fBregister_hooks\fR()
@ -1296,19 +1285,16 @@ front end doesn't support API
version 1.2 or higher,
\fRregister_hooks\fR
will not be called.
.PD
.PP
.RE
.PD 0
.TP 6n
deregister_hooks
.RS
.nf
.RS 0n
.RS 6n
void (*deregister_hooks)(int version,
int (*deregister_hook)(struct sudo_hook *hook));
.RE
.fi
.RS 6n
.sp
The
\fBderegister_hooks\fR()
@ -1353,7 +1339,6 @@ version 1.2 or higher,
\fRderegister_hooks\fR
will not be called.
.RE
.PD
.PP
\fIPolicy Plugin Version Macros\fR
.nf
@ -1454,15 +1439,15 @@ to determine the API version the plugin was
built against.
.TP 6n
open
.RS
.nf
.RS 0n
.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
char * const user_env[], char * const plugin_options[]);
.RE
.fi
.RS 6n
.sp
The
\fBopen\fR()
@ -1532,7 +1517,7 @@ settings
A vector of user-supplied
\fBsudo\fR
settings in the form of
``name=value''
\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
@ -1547,7 +1532,7 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
@ -1561,7 +1546,7 @@ section for a list of all possible settings.
.TP 6n
user_info
A vector of information about the user running the command in the form of
``name=value''
\(lqname=value\(rq
strings.
The vector is terminated by a
\fRNULL\fR
@ -1572,7 +1557,7 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
@ -1603,7 +1588,7 @@ user_env
The user's environment in the form of a
\fRNULL\fR-terminated
vector of
``name=value''
\(lqname=value\(rq
strings.
.sp
When parsing
@ -1611,7 +1596,7 @@ When parsing
the plugin should split on the
\fBfirst\fR
equal sign
(`=')
(\(oq=\(cq)
since the
\fIname\fR
field will never include one
@ -1644,18 +1629,19 @@ by the
front end before using
\fIplugin_options\fR.
Failure to do so may result in a crash.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
close
.br
.RS
.nf
.RS 0n
.RS 6n
void (*close)(int exit_status, int error);
.RE
.fi
.RS 6n
.sp
The
\fBclose\fR()
@ -1664,7 +1650,6 @@ function is called when the command being run by
finishes.
.sp
The function arguments are as follows:
.PD
.TP 6n
exit_status
The command's exit status, as returned by the
@ -1686,17 +1671,18 @@ system call.
If the command was successfully executed, the value of
\fRerror\fR
is 0.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
show_version
.RS
.nf
.RS 0n
.RS 6n
int (*show_version)(int verbose);
.RE
.fi
.RS 6n
.sp
The
\fBshow_version\fR()
@ -1713,18 +1699,15 @@ or
function using
\fRSUDO_CONV_INFO_MSG\fR.
If the user requests detailed version information, the verbose flag will be set.
.PD
.PP
.RE
.PD 0
.TP 6n
log_ttyin
.RS
.nf
.RS 0n
.RS 6n
int (*log_ttyin)(const char *buf, unsigned int len);
.RE
.fi
.RS 6n
.sp
The
\fBlog_ttyin\fR()
@ -1736,7 +1719,6 @@ Returns 1 if the data should be passed to the command, 0 if the data
is rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
.PD
.TP 6n
buf
The buffer containing user input.
@ -1745,17 +1727,18 @@ len
The length of
\fIbuf\fR
in bytes.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
log_ttyout
.RS
.nf
.RS 0n
.RS 6n
int (*log_ttyout)(const char *buf, unsigned int len);
.RE
.fi
.RS 6n
.sp
The
\fBlog_ttyout\fR()
@ -1767,7 +1750,6 @@ Returns 1 if the data should be passed to the user, 0 if the data is rejected
(which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
.PD
.TP 6n
buf
The buffer containing command output.
@ -1776,17 +1758,18 @@ len
The length of
\fIbuf\fR
in bytes.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
log_stdin
.RS
.nf
.RS 0n
.RS 6n
int (*log_stdin)(const char *buf, unsigned int len);
.RE
.fi
.RS 6n
.sp
The
\fBlog_stdin\fR()
@ -1800,7 +1783,6 @@ Returns 1 if the data should be passed to the command, 0 if the data is
rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
.PD
.TP 6n
buf
The buffer containing user input.
@ -1809,17 +1791,18 @@ len
The length of
\fIbuf\fR
in bytes.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
log_stdout
.RS
.nf
.RS 0n
.RS 6n
int (*log_stdout)(const char *buf, unsigned int len);
.RE
.fi
.RS 6n
.sp
The
\fBlog_stdout\fR()
@ -1833,7 +1816,6 @@ Returns 1 if the data should be passed to the user, 0 if the data is
rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
.PD
.TP 6n
buf
The buffer containing command output.
@ -1842,17 +1824,18 @@ len
The length of
\fIbuf\fR
in bytes.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
log_stderr
.RS
.nf
.RS 0n
.RS 6n
int (*log_stderr)(const char *buf, unsigned int len);
.RE
.fi
.RS 6n
.sp
The
\fBlog_stderr\fR()
@ -1866,7 +1849,6 @@ Returns 1 if the data should be passed to the user, 0 if the data is
rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
.PD
.TP 6n
buf
The buffer containing command output.
@ -1875,16 +1857,16 @@ len
The length of
\fIbuf\fR
in bytes.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
register_hooks
See the
\fIPolicy plugin API\fR
section for a description of
\fRregister_hooks\fR.
.PD
.TP 6n
deregister_hooks
See the
@ -1991,7 +1973,9 @@ hook_type
The
\fRhook_type\fR
field may be one of the following supported hook types:
.RS
.PP
.RS 6n
.PD 0
.TP 6n
\fRSUDO_HOOK_SETENV\fR
The C library
@ -2002,20 +1986,19 @@ The
\fRhook_fn\fR
field should
be a function that matches the following typedef:
.RS
.nf
.sp
.RS 0n
.RS 6n
typedef int (*sudo_hook_fn_setenv_t)(const char *name,
const char *value, int overwrite, void *closure);
.RE
.fi
.RS 6n
.sp
If the registered hook does not match the typedef the results are
unspecified.
.PP
.RE
.PD 0
.PD
.TP 6n
\fRSUDO_HOOK_UNSETENV\fR
The C library
@ -2026,18 +2009,13 @@ The
\fRhook_fn\fR
field should
be a function that matches the following typedef:
.RS
.nf
.sp
.RS 0n
.RS 6n
typedef int (*sudo_hook_fn_unsetenv_t)(const char *name,
void *closure);
.RE
.fi
.PD
.PP
.RE
.PD 0
.TP 6n
\fRSUDO_HOOK_GETENV\fR
The C library
@ -2048,21 +2026,18 @@ The
\fRhook_fn\fR
field should
be a function that matches the following typedef:
.RS
.nf
.sp
.RS 0n
.RS 6n
typedef int (*sudo_hook_fn_getenv_t)(const char *name,
char **value, void *closure);
.RE
.fi
.RS 6n
.sp
If the registered hook does not match the typedef the results are
unspecified.
.PD
.PP
.RE
.PD 0
.TP 6n
\fRSUDO_HOOK_PUTENV\fR
The C library
@ -2073,22 +2048,22 @@ The
\fRhook_fn\fR
field should
be a function that matches the following typedef:
.RS
.nf
.sp
.RS 0n
.RS 6n
typedef int (*sudo_hook_fn_putenv_t)(char *string,
void *closure);
.RE
.fi
.RS 6n
.sp
If the registered hook does not match the typedef the results are
unspecified.
.RE
.PD
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
hook_fn
sudo_hook_fn_t hook_fn;
@ -2109,11 +2084,13 @@ is passed as the last function parameter.
This can be used to pass arbitrary data to the plugin's hook implementation.
.sp
The function return value may be one of the following:
.RS
.PD
.PP
.RS 6n
.PD 0
.TP 6n
\fRSUDO_HOOK_RET_ERROR\fR
The hook function encountered an error.
.PD
.TP 6n
\fRSUDO_HOOK_RET_NEXT\fR
The hook completed without error, go on to the next hook (including
@ -2133,7 +2110,10 @@ hook that operates on a private copy of
the environment but leaves
\fRenviron\fR
unchanged.
.PD 0
.PP
.RE
.PD
.PP
Note that it is very easy to create an infinite loop when hooking
C library functions.
@ -2197,11 +2177,11 @@ to the policy plugin.
A plugin may also accept a
\fIrunas_user\fR
in the form of
``user@hostname''
\(lquser@hostname\(rq
which will work with older versions of
\fBsudo\fR.
It is anticipated that remote commands will be supported by executing a
``helper''
\(lqhelper\(rq
program.
The policy plugin should setup the execution environment such that the
\fBsudo\fR
@ -2397,13 +2377,13 @@ to determine the API version the group plugin
was built against.
.TP 6n
init
.RS
.nf
.RS 0n
.RS 6n
int (*init)(int version, sudo_printf_t plugin_printf,
char *const argv[]);
.RE
.fi
.RS 6n
.sp
The
\fBinit\fR()
@ -2446,17 +2426,18 @@ If no arguments were given,
\fIargv\fR
will be
\fRNULL\fR.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
cleanup
.RS
.nf
.RS 0n
.RS 6n
void (*cleanup)();
.RE
.fi
.RS 6n
.sp
The
\fBcleanup\fR()
@ -2465,20 +2446,17 @@ function is called when
has finished its
group checks.
The plugin should free any memory it has allocated and close open file handles.
.PD
.PP
.RE
.PD 0
.TP 6n
query
.br
.RS
.nf
.RS 0n
.RS 6n
int (*query)(const char *user, const char *group,
const struct passwd *pwd);
.RE
.fi
.RS 6n
.sp
The
\fBquery\fR()
@ -2488,7 +2466,6 @@ is a member of
\fIgroup\fR.
.sp
The function arguments are as follows:
.PD
.TP 6n
user
The name of the user being looked up in the external group database.
@ -2508,7 +2485,10 @@ present in the password database,
\fIpwd\fR
will be
\fRNULL\fR.
.PD 0
.PP
.RE
.PD
.PP
\fIGroup API Version Macros\fR
.nf
@ -2627,7 +2607,7 @@ search the archives.
.SH "DISCLAIMER"
\fBsudo\fR
is provided
``AS IS''
\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.

2
doc/sudoers.cat
View File

@ -2329,4 +2329,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.8.10 February 7, 2014 Sudo 1.8.10
Sudo 1.8.10 February 15, 2014 Sudo 1.8.10

77
doc/sudoers.ldap.man.in
View File

@ -138,17 +138,17 @@ It consists of the following attributes:
.TP 6n
\fBsudoUser\fR
A user name, user ID (prefixed with
`#'),
\(oq#\(cq),
Unix group name or ID (prefixed with
`%'
\(oq%\(cq
or
`%#'
\(oq%#\(cq
respectively), user netgroup (prefixed with
`+'),
\(oq+\(cq),
or non-Unix group name or ID (prefixed with
`%:'
\(oq%:\(cq
or
`%:#'
\(oq%:#\(cq
respectively).
Non-Unix group support is only available when an appropriate
\fIgroup_plugin\fR
@ -159,7 +159,7 @@ object.
.TP 6n
\fBsudoHost\fR
A host name, IP address, IP network, or host netgroup (prefixed with a
`+').
\(oq+\(cq).
The special value
\fRALL\fR
will match any host.
@ -168,11 +168,11 @@ will match any host.
A fully-qualified Unix command name with optional command line arguments,
potentially including globbing characters (aka wild cards).
If a command name is preceded by an exclamation point,
`\&!',
\(oq\&!\(cq,
the user will be prohibited from running that command.
.sp
The built-in command
``\fRsudoedit\fR''
\(lq\fRsudoedit\fR\(rq
is used to permit a user to run
\fBsudo\fR
with the
@ -181,7 +181,7 @@ option (or as
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
Note that
``\fRsudoedit\fR''
\(lq\fRsudoedit\fR\(rq
is a command built into
\fBsudo\fR
itself and must be specified in without a leading path.
@ -197,39 +197,36 @@ This may be useful in situations where the user invoking
has write access to the command or its parent directory.
The following digest formats are supported: sha224, sha256, sha384 and sha512.
The digest name must be followed by a colon
(`:\&')
(\(oq:\&\(cq)
and then the actual digest, in either hex or base64 format.
For example, given the following value for sudoCommand:
.RS
.nf
.sp
.RS 4n
.RS 10n
sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls
.RE
.fi
.RS 6n
.sp
The user may only run
\fI/bin/ls\fR
if its sha224 digest matches the specified value.
Command digests are only supported by version 1.8.7 or higher.
.PP
.RE
.PD 0
.TP 6n
\fBsudoOption\fR
Identical in function to the global options described above, but
specific to the
\fRsudoRole\fR
in which it resides.
.PD
.TP 6n
\fBsudoRunAsUser\fR
A user name or uid (prefixed with
`#')
\(oq#\(cq)
that commands may be run as or a Unix group (prefixed with a
`%')
\(oq%\(cq)
or user netgroup (prefixed with a
`+')
\(oq+\(cq)
that contains a list of users that commands may be run as.
The special value
\fRALL\fR
@ -249,7 +246,7 @@ attribute instead.
.TP 6n
\fBsudoRunAsGroup\fR
A Unix group or gid (prefixed with
`#')
\(oq#\(cq)
that commands may be run as.
The special value
\fRALL\fR
@ -323,7 +320,7 @@ If multiple entries match, the entry with the highest
\fRsudoOrder\fR
attribute is chosen.
This corresponds to the
``last match''
\(lqlast match\(rq
behavior of the sudoers file.
If the
\fRsudoOrder\fR
@ -514,12 +511,12 @@ Configuration options are listed below in upper case but are parsed
in a case-independent manner.
.PP
The pound sign
(`#')
(\(oq#\(cq)
is used to indicate a comment.
Both the comment character and any text after it, up to the end of
the line, are ignored.
Long lines can be continued with a backslash
(`\e')
(\(oq\e\(cq)
as the last character on the line.
Note that leading white space is removed from the beginning of lines
even when the continuation character is used.
@ -567,7 +564,7 @@ parameter specifies a white space-delimited list of LDAP servers to connect to.
Each host may include an optional
\fIport\fR
separated by a colon
(`:\&').
(\(oq:\&\(cq).
The
\fBHOST\fR
parameter is deprecated in favor of the
@ -672,7 +669,7 @@ parameter is deprecated and will be removed in a future release.
The same information is now logged via the
\fBsudo\fR
debugging framework using the
``ldap''
\(lqldap\(rq
subsystem at priorities
\fIdiag\fR
and
@ -797,10 +794,13 @@ This option is only supported by the OpenLDAP libraries.
The path to a file containing the client certificate which can
be used to authenticate the client to the LDAP server.
The certificate type depends on the LDAP libraries used.
.RS
.PP
.RS 6n
.PD 0
.TP 6n
OpenLDAP:
\fRtls_cert /etc/ssl/client_cert.pem\fR
.PD
.TP 6n
Netscape-derived:
\fRtls_cert /var/ldap/cert7.db\fR
@ -812,9 +812,10 @@ contains both keys and certificates.
.sp
When using Netscape-derived libraries, this file may also contain
Certificate Authority certificates.
.PD 0
.PP
.RE
.PD 0
.PD
.TP 6n
\fBTLS_KEY\fR \fIfile name\fR
The path to a file containing the private key which matches the
@ -822,11 +823,13 @@ certificate specified by
\fBTLS_CERT\fR.
The private key must not be password-protected.
The key type depends on the LDAP libraries used.
.RS
.PD
.PP
.RS 6n
.PD 0
.TP 6n
OpenLDAP:
\fRtls_key /etc/ssl/client_key.pem\fR
.PD
.TP 6n
Netscape-derived:
\fRtls_key /var/ldap/key3.db\fR
@ -835,12 +838,10 @@ Tivoli Directory Server:
\fRtls_key /usr/ldap/ldapkey.kdb\fR
.PD 0
.PP
.PD
When using Tivoli LDAP libraries, this file may also contain
Certificate Authority and client certificates and may be encrypted.
.PP
.RE
.PD 0
.PD
.TP 6n
\fBTLS_KEYPW\fR \fIsecret\fR
The
@ -849,9 +850,9 @@ contains the password used to decrypt the key database on clients
using the Tivoli Directory Server LDAP library.
This should be a simple string without quotes.
The password may not include the comment character
(`#')
(\(oq#\(cq)
and escaping of special characters with a backslash
(`\e')
(\(oq\e\(cq)
is not supported.
If this option is used,
\fI@ldap_conf@\fR
@ -884,7 +885,6 @@ The
utility can be used to manage the key database and create a
\fIstash file\fR.
This option is only supported by the Tivoli LDAP libraries.
.PD
.TP 6n
\fBTLS_RANDFILE\fR \fIfile name\fR
The
@ -967,14 +967,17 @@ does
not stop searching after the first match and later matches take
precedence over earlier ones.
The following sources are recognized:
.PP
.RS 4n
.PD 0
.TP 10n
files
read sudoers from
\fI@sysconfdir@/sudoers\fR
.PD 0
.TP 10n
ldap
read sudoers from LDAP
.RE
.PD
.PP
In addition, the entry
@ -1311,7 +1314,7 @@ search the archives.
.SH "DISCLAIMER"
\fBsudo\fR
is provided
``AS IS''
\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.

338
doc/sudoers.man.in
View File

File diff suppressed because it is too large Load Diff

2
doc/sudoreplay.cat
View File

@ -265,4 +265,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.8.9 October 28, 2013 Sudo 1.8.9
Sudo 1.8.10 February 15, 2014 Sudo 1.8.10

40
doc/sudoreplay.man.in
View File

@ -1,7 +1,7 @@
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
.\"
.\" Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\" Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDOREPLAY" "@mansectsu@" "October 28, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "SUDOREPLAY" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@ -36,7 +36,7 @@ ID
[\fB\-h\fR]
[\fB\-d\fR\ \fIdir\fR]
\fB\-l\fR
[search expression]
[search\ expression]
.SH "DESCRIPTION"
\fBsudoreplay\fR
plays back or lists the output logs created by
@ -82,16 +82,16 @@ In replay mode, if the standard output has not been redirected,
\fBsudoreplay\fR
will act on the following keys:
.TP 14n
`\fR\en\fR' or `\fR\er\fR'
\(oq\fR\en\fR\(cq or \(oq\fR\er\fR\(cq
Skip to the next replay event; useful for long pauses.
.TP 14n
`\fR\ \fR' (space)
\(oq\fR\ \fR\(cq (space)
Pause output; press any key to resume.
.TP 14n
`<'
\(oq<\(cq
Reduce the playback speed by one half.
.TP 14n
`>'
\(oq>\(cq
Double the playback speed.
.PP
The options are as follows:
@ -120,7 +120,7 @@ Display a short help message to the standard output and exit.
.TP 12n
\fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR]
Enable
``list mode''.
\(lqlist mode\(rq.
In this mode,
\fBsudoreplay\fR
will list available sessions in a format similar to the
@ -130,7 +130,9 @@ If a
\fIsearch expression\fR
is specified, it will be used to restrict the IDs that are displayed.
An expression is composed of the following predicates:
.RS
.PP
.RS 12n
.PD 0
.TP 8n
command \fIpattern\fR
Evaluates to true if the command run matches
@ -139,6 +141,7 @@ On systems with POSIX regular expression support, the pattern may
be an extended regular expression.
On systems without POSIX regular expression support, a simple sub-string
match is performed instead.
.PD
.TP 8n
cwd \fIdirectory\fR
Evaluates to true if the command was run with the specified current
@ -200,9 +203,9 @@ Predicates may be combined using
and
\fI\&!\fR
operators as well as
`\&('
\(oq\&(\(cq
and
`\&)'
\(oq\&)\(cq
grouping (note that parentheses must generally be escaped from the shell).
The
\fIand\fR
@ -210,9 +213,7 @@ operator is optional, adjacent predicates have an implied
\fIand\fR
unless separated by an
\fIor\fR.
.PP
.RE
.PD 0
.TP 12n
\fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR
Specify an upper bound on how long to wait between key presses or output data.
@ -229,7 +230,6 @@ will limit these pauses to at most
seconds.
The value may be specified as a floating point number, e.g.\&
\fI2.5\fR.
.PD
.TP 12n
\fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR
This option causes
@ -291,13 +291,13 @@ yesterday
next Friday
The first second of the Friday in the next (upcoming) week.
Not to be confused with
``this friday''
\(lqthis friday\(rq
which would match the friday of the current week.
.TP 8n
last week
The current time but 7 days ago.
This is equivalent to
``a week ago''.
\(lqa week ago\(rq.
.TP 8n
a fortnight ago
The current time but 14 days ago.
@ -319,13 +319,13 @@ The current time but 14 days ago.
.PP
Note that relative time specifications do not always work as expected.
For example, the
``next''
\(lqnext\(rq
qualifier is intended to be used in conjunction with a day such as
``next Monday''.
\(lqnext Monday\(rq.
When used with units of weeks, months, years, etc
the result will be one more than expected.
For example,
``next week''
\(lqnext week\(rq
will result in a time exactly two weeks from now, which is probably
not what was intended.
This will be addressed in a future version of
@ -417,7 +417,7 @@ search the archives.
.SH "DISCLAIMER"
\fBsudoreplay\fR
is provided
``AS IS''
\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.

4
doc/visudo.cat
View File

@ -26,7 +26,7 @@ DDEESSCCRRIIPPTTIIOONN
vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
changes if there is a syntax error. Upon finding an error, vviissuuddoo will
print a message stating the line number(s) where the error occurred and
the user will receive the ``What now?'' prompt. At this point the user
the user will receive the ``What now?'' prompt. At this point the user
may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used
with extreme care because if vviissuuddoo believes there to be a parse error,
@ -156,4 +156,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.8.9 December 16, 2013 Sudo 1.8.9
Sudo 1.8.10 February 15, 2014 Sudo 1.8.10

28
doc/visudo.man.in
View File

@ -1,7 +1,7 @@
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in
.\"
.\" Copyright (c) 1996,1998-2005, 2007-2013
.\" Copyright (c) 1996,1998-2005, 2007-2014
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "VISUDO" "@mansectsu@" "December 16, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "VISUDO" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@ -94,19 +94,19 @@ Upon finding an error,
\fBvisudo\fR
will print a message stating the line number(s)
where the error occurred and the user will receive the
``What now?''
\(lqWhat now?\(rq
prompt.
At this point the user may enter
`e'
\(oqe\(cq
to re-edit the
\fIsudoers\fR
file,
`x'
\(oqx\(cq
to exit without saving the changes, or
`Q'
\(oqQ\(cq
to quit and save changes.
The
`Q'
\(oqQ\(cq
option should be used with extreme care because if
\fBvisudo\fR
believes there to be a parse error, so will
@ -116,7 +116,7 @@ will be able to
\fBsudo\fR
again until the error is fixed.
If
`e'
\(oqe\(cq
is typed to edit the
\fIsudoers\fR
file after a parse error has been detected, the cursor will be placed on
@ -158,14 +158,14 @@ instead of the default,
The lock file used is the specified
\fIsudoers\fR
file with
``\.tmp''
\(lq\.tmp\(rq
appended to it.
In
\fIcheck-only\fR
mode only, the argument to
\fB\-f\fR
may be
`-',
\(oq-\(cq,
indicating that
\fIsudoers\fR
will be read from the standard input.
@ -195,7 +195,7 @@ will consider this a parse error.
Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase
letters, digits, and the underscore
(`_')
(\(oq_\(cq)
character.
.TP 12n
\fB\-V\fR, \fB\--version\fR
@ -213,7 +213,7 @@ in JSON format and write it to
If
\fIfile\fR
is
`-',
\(oq-\(cq,
the exported
\fIsudoers\fR
policy will to be written to the standard output.
@ -271,7 +271,7 @@ Your user ID does not appear in the system passwd file.
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of
uppercase letters, digits, and the underscore
(`_')
(\(oq_\(cq)
character.
In the latter case, you can ignore the warnings
(\fBsudo\fR
@ -333,7 +333,7 @@ search the archives.
.SH "DISCLAIMER"
\fBvisudo\fR
is provided
``AS IS''
\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.