mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-28 21:07:55 +00:00
Code Issues Releases Wiki Activity

Make the capitalization consistent for .Ss and .Sx

Browse Source
This commit is contained in:
Todd C. Miller 2012-08-21 15:11:43 -04:00
parent 8f3232ee69
commit 2d3a0d14d3
12 changed files with 69 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/sudo.cat
View File

@ -328,7 +328,7 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
oo scheduling priority (aka nice value) oo scheduling priority (aka nice value)
PPrroocceessss MMooddeell PPrroocceessss mmooddeell
When ssuuddoo runs a command, it calls fork(2), sets up the execution When ssuuddoo runs a command, it calls fork(2), sets up the execution
environment as described above, and calls the execve system call in the environment as described above, and calls the execve system call in the
child process. The main ssuuddoo process waits until the command has child process. The main ssuuddoo process waits until the command has
@ -341,7 +341,7 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
would be in what POSIX terms an ``orphaned process group'' and it would would be in what POSIX terms an ``orphaned process group'' and it would
not receive any job control signals. not receive any job control signals.
SSiiggnnaall HHaannddlliinngg SSiiggnnaall hhaannddlliinngg
Because the command is run as a child of the ssuuddoo process, ssuuddoo will Because the command is run as a child of the ssuuddoo process, ssuuddoo will
relay signals it receives to the command. Unless the command is being relay signals it receives to the command. Unless the command is being
run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed run in a new pty, the SIGHUP, SIGINT and SIGQUIT signals are not relayed

4
doc/sudo.man.in
View File

@ -736,7 +736,7 @@ BSD login class
.TP 4n .TP 4n
\fBo\fR \fBo\fR
scheduling priority (aka nice value) scheduling priority (aka nice value)
.SS "Process Model" .SS "Process model"
When When
\fBsudo\fR \fBsudo\fR
runs a command, it calls runs a command, it calls
@ -759,7 +759,7 @@ and resume the command.
Without it, the command would be in what POSIX terms an Without it, the command would be in what POSIX terms an
``orphaned process group'' ``orphaned process group''
and it would not receive any job control signals. and it would not receive any job control signals.
.SS "Signal Handling" .SS "Signal handling"
Because the command is run as a child of the Because the command is run as a child of the
\fBsudo\fR \fBsudo\fR
process, process,

4
doc/sudo.mdoc.in
View File

@ -720,7 +720,7 @@ BSD login class
.It .It
scheduling priority (aka nice value) scheduling priority (aka nice value)
.El .El
.Ss Process Model .Ss Process model
When When
.Nm sudo .Nm sudo
runs a command, it calls runs a command, it calls
@ -743,7 +743,7 @@ and resume the command.
Without it, the command would be in what POSIX terms an Without it, the command would be in what POSIX terms an
.Dq orphaned process group .Dq orphaned process group
and it would not receive any job control signals. and it would not receive any job control signals.
.Ss Signal Handling .Ss Signal handling
Because the command is run as a child of the Because the command is run as a child of the
.Nm sudo .Nm sudo
process, process,

24
doc/sudo_plugin.cat
View File

@ -18,7 +18,7 @@ DDEESSCCRRIIPPTTIIOONN
The plugin API is defined by the sudo_plugin.h header file. The plugin API is defined by the sudo_plugin.h header file.
TThhee ssuuddoo..ccoonnff FFiillee TThhee ssuuddoo..ccoonnff ffiillee
The _/_e_t_c_/_s_u_d_o_._c_o_n_f file contains plugin configuration directives. The The _/_e_t_c_/_s_u_d_o_._c_o_n_f file contains plugin configuration directives. The
primary keyword is the Plugin directive, which causes a plugin to be primary keyword is the Plugin directive, which causes a plugin to be
loaded. loaded.
@ -57,7 +57,7 @@ DDEESSCCRRIIPPTTIIOONN
Plugin sudoers_policy sudoers.so Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so Plugin sudoers_io sudoers.so
PPoolliiccyy PPlluuggiinn AAPPII PPoolliiccyy pplluuggiinn AAPPII
A policy plugin must declare and populate a policy_plugin struct in the A policy plugin must declare and populate a policy_plugin struct in the
global scope. This structure contains pointers to the functions that global scope. This structure contains pointers to the functions that
implement the ssuuddoo policy checks. The name of the symbol should be implement the ssuuddoo policy checks. The name of the symbol should be
@ -709,7 +709,7 @@ DDEESSCCRRIIPPTTIIOONN
the hook type is not supported and -1 if the major version in the hook type is not supported and -1 if the major version in
struct hook does not match the front end's major hook API version. struct hook does not match the front end's major hook API version.
See the _H_o_o_k _F_u_n_c_t_i_o_n _A_P_I section below for more information about See the _H_o_o_k _f_u_n_c_t_i_o_n _A_P_I section below for more information about
hooks. hooks.
NOTE: the rreeggiisstteerr__hhooookkss() function is only available starting with NOTE: the rreeggiisstteerr__hhooookkss() function is only available starting with
@ -733,7 +733,7 @@ DDEESSCCRRIIPPTTIIOONN
the plugin tries to deregister a hook that the front end does not the plugin tries to deregister a hook that the front end does not
support, deregister_hook will return an error. support, deregister_hook will return an error.
See the _H_o_o_k _F_u_n_c_t_i_o_n _A_P_I section below for more information about See the _H_o_o_k _f_u_n_c_t_i_o_n _A_P_I section below for more information about
hooks. hooks.
NOTE: the ddeerreeggiisstteerr__hhooookkss() function is only available starting NOTE: the ddeerreeggiisstteerr__hhooookkss() function is only available starting
@ -759,7 +759,7 @@ DDEESSCCRRIIPPTTIIOONN
*(vp) = (*(vp) & 0xffff0000) | (n); \ *(vp) = (*(vp) & 0xffff0000) | (n); \
} while(0) } while(0)
II//OO PPlluuggiinn AAPPII II//OO pplluuggiinn AAPPII
struct io_plugin { struct io_plugin {
#define SUDO_IO_PLUGIN 2 #define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */ unsigned int type; /* always SUDO_IO_PLUGIN */
@ -860,7 +860,7 @@ DDEESSCCRRIIPPTTIIOONN
equal sign (`=') since the _n_a_m_e field will never include one equal sign (`=') since the _n_a_m_e field will never include one
itself but the _v_a_l_u_e might. itself but the _v_a_l_u_e might.
See the _P_o_l_i_c_y _P_l_u_g_i_n _A_P_I section for a list of all possible See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a list of all possible
settings. settings.
user_info user_info
@ -872,7 +872,7 @@ DDEESSCCRRIIPPTTIIOONN
equal sign (`=') since the _n_a_m_e field will never include one equal sign (`=') since the _n_a_m_e field will never include one
itself but the _v_a_l_u_e might. itself but the _v_a_l_u_e might.
See the _P_o_l_i_c_y _P_l_u_g_i_n _A_P_I section for a list of all possible See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a list of all possible
strings. strings.
argc The number of elements in _a_r_g_v, not counting the final NULL argc The number of elements in _a_r_g_v, not counting the final NULL
@ -1014,18 +1014,18 @@ DDEESSCCRRIIPPTTIIOONN
len The length of _b_u_f in bytes. len The length of _b_u_f in bytes.
register_hooks register_hooks
See the _P_o_l_i_c_y _P_l_u_g_i_n _A_P_I section for a description of See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a description of
register_hooks. register_hooks.
deregister_hooks deregister_hooks
See the _P_o_l_i_c_y _P_l_u_g_i_n _A_P_I section for a description of See the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I section for a description of
deregister_hooks. deregister_hooks.
_I_/_O _P_l_u_g_i_n _V_e_r_s_i_o_n _M_a_c_r_o_s _I_/_O _P_l_u_g_i_n _V_e_r_s_i_o_n _M_a_c_r_o_s
Same as for the _P_o_l_i_c_y _P_l_u_g_i_n _A_P_I. Same as for the _P_o_l_i_c_y _p_l_u_g_i_n _A_P_I.
HHooookk FFuunnccttiioonn AAPPII HHooookk ffuunnccttiioonn AAPPII
Beginning with plugin API version 1.2, it is possible to install hooks Beginning with plugin API version 1.2, it is possible to install hooks
for certain functions called by the ssuuddoo front end. for certain functions called by the ssuuddoo front end.
@ -1223,7 +1223,7 @@ DDEESSCCRRIIPPTTIIOONN
See the sample plugin for an example of the ccoonnvveerrssaattiioonn() function See the sample plugin for an example of the ccoonnvveerrssaattiioonn() function
usage. usage.
SSuuddooeerrss GGrroouupp PPlluuggiinn AAPPII SSuuddooeerrss ggrroouupp pplluuggiinn AAPPII
The _s_u_d_o_e_r_s module supports a plugin interface to allow non-Unix group The _s_u_d_o_e_r_s module supports a plugin interface to allow non-Unix group
lookups. This can be used to query a group source other than the lookups. This can be used to query a group source other than the
standard Unix group database. A sample group plugin is bundled with ssuuddoo standard Unix group database. A sample group plugin is bundled with ssuuddoo

24
doc/sudo_plugin.man.in
View File

@ -47,7 +47,7 @@ major version matches.
The plugin API is defined by the The plugin API is defined by the
\fRsudo_plugin.h\fR \fRsudo_plugin.h\fR
header file. header file.
.SS "The sudo.conf File" .SS "The sudo.conf file"
The The
\fI@sysconfdir@/sudo.conf\fR \fI@sysconfdir@/sudo.conf\fR
file contains plugin configuration directives. file contains plugin configuration directives.
@ -119,7 +119,7 @@ Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so Plugin sudoers_io sudoers.so
.RE .RE
.fi .fi
.SS "Policy Plugin API" .SS "Policy plugin API"
A policy plugin must declare and populate a A policy plugin must declare and populate a
\fRpolicy_plugin\fR \fRpolicy_plugin\fR
struct in the global scope. struct in the global scope.
@ -1293,7 +1293,7 @@ if the major version in
does not match the front end's major hook API version. does not match the front end's major hook API version.
.sp .sp
See the See the
\fIHook Function API\fR \fIHook function API\fR
section below for more information section below for more information
about hooks. about hooks.
.sp .sp
@ -1349,7 +1349,7 @@ If the plugin tries to deregister a hook that the front end does not support,
will return an error. will return an error.
.sp .sp
See the See the
\fIHook Function API\fR \fIHook function API\fR
section below for more information section below for more information
about hooks. about hooks.
.sp .sp
@ -1388,7 +1388,7 @@ will not be called.
} while(0) } while(0)
.RE .RE
.fi .fi
.SS "I/O Plugin API" .SS "I/O plugin API"
.nf .nf
.RS 0n .RS 0n
struct io_plugin { struct io_plugin {
@ -1566,7 +1566,7 @@ itself but the
might. might.
.sp .sp
See the See the
\fIPolicy Plugin API\fR \fIPolicy plugin API\fR
section for a list of all possible settings. section for a list of all possible settings.
.TP 6n .TP 6n
user_info user_info
@ -1591,7 +1591,7 @@ itself but the
might. might.
.sp .sp
See the See the
\fIPolicy Plugin API\fR \fIPolicy plugin API\fR
section for a list of all possible strings. section for a list of all possible strings.
.TP 6n .TP 6n
argc argc
@ -1891,22 +1891,22 @@ in bytes.
.TP 6n .TP 6n
register_hooks register_hooks
See the See the
\fIPolicy Plugin API\fR \fIPolicy plugin API\fR
section for a description of section for a description of
\fRregister_hooks\fR. \fRregister_hooks\fR.
.PD .PD
.TP 6n .TP 6n
deregister_hooks deregister_hooks
See the See the
\fIPolicy Plugin API\fR \fIPolicy plugin API\fR
section for a description of section for a description of
\fRderegister_hooks.\fR \fRderegister_hooks.\fR
.PP .PP
\fII/O Plugin Version Macros\fR \fII/O Plugin Version Macros\fR
.PP .PP
Same as for the Same as for the
\fIPolicy Plugin API\fR. \fIPolicy plugin API\fR.
.SS "Hook Function API" .SS "Hook function API"
Beginning with plugin API version 1.2, it is possible to install Beginning with plugin API version 1.2, it is possible to install
hooks for certain functions called by the hooks for certain functions called by the
\fBsudo\fR \fBsudo\fR
@ -2258,7 +2258,7 @@ setting.
See the sample plugin for an example of the See the sample plugin for an example of the
\fBconversation\fR() \fBconversation\fR()
function usage. function usage.
.SS "Sudoers Group Plugin API" .SS "Sudoers group plugin API"
The The
\fIsudoers\fR \fIsudoers\fR
module supports a plugin interface to allow non-Unix module supports a plugin interface to allow non-Unix

24
doc/sudo_plugin.mdoc.in
View File

@ -45,7 +45,7 @@ major version matches.
The plugin API is defined by the The plugin API is defined by the
.Li sudo_plugin.h .Li sudo_plugin.h
header file. header file.
.Ss The sudo.conf File .Ss The sudo.conf file
The The
.Pa @sysconfdir@/sudo.conf .Pa @sysconfdir@/sudo.conf
file contains plugin configuration directives. file contains plugin configuration directives.
@ -114,7 +114,7 @@ This limitation does not apply to I/O plugins.
Plugin sudoers_policy sudoers.so Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so Plugin sudoers_io sudoers.so
.Ed .Ed
.Ss Policy Plugin API .Ss Policy plugin API
A policy plugin must declare and populate a A policy plugin must declare and populate a
.Li policy_plugin .Li policy_plugin
struct in the global scope. struct in the global scope.
@ -1130,7 +1130,7 @@ if the major version in
does not match the front end's major hook API version. does not match the front end's major hook API version.
.Pp .Pp
See the See the
.Sx Hook Function API .Sx Hook function API
section below for more information section below for more information
about hooks. about hooks.
.Pp .Pp
@ -1178,7 +1178,7 @@ If the plugin tries to deregister a hook that the front end does not support,
will return an error. will return an error.
.Pp .Pp
See the See the
.Sx Hook Function API .Sx Hook function API
section below for more information section below for more information
about hooks. about hooks.
.Pp .Pp
@ -1213,7 +1213,7 @@ will not be called.
*(vp) = (*(vp) & 0xffff0000) | (n); \e *(vp) = (*(vp) & 0xffff0000) | (n); \e
} while(0) } while(0)
.Ed .Ed
.Ss I/O Plugin API .Ss I/O plugin API
.Bd -literal .Bd -literal
struct io_plugin { struct io_plugin {
#define SUDO_IO_PLUGIN 2 #define SUDO_IO_PLUGIN 2
@ -1381,7 +1381,7 @@ itself but the
might. might.
.Pp .Pp
See the See the
.Sx Policy Plugin API .Sx Policy plugin API
section for a list of all possible settings. section for a list of all possible settings.
.It user_info .It user_info
A vector of information about the user running the command in the form of A vector of information about the user running the command in the form of
@ -1405,7 +1405,7 @@ itself but the
might. might.
.Pp .Pp
See the See the
.Sx Policy Plugin API .Sx Policy plugin API
section for a list of all possible strings. section for a list of all possible strings.
.It argc .It argc
The number of elements in The number of elements in
@ -1640,12 +1640,12 @@ in bytes.
.El .El
.It register_hooks .It register_hooks
See the See the
.Sx Policy Plugin API .Sx Policy plugin API
section for a description of section for a description of
.Li register_hooks . .Li register_hooks .
.It deregister_hooks .It deregister_hooks
See the See the
.Sx Policy Plugin API .Sx Policy plugin API
section for a description of section for a description of
.Li deregister_hooks. .Li deregister_hooks.
.El .El
@ -1653,8 +1653,8 @@ section for a description of
.Em I/O Plugin Version Macros .Em I/O Plugin Version Macros
.Pp .Pp
Same as for the Same as for the
.Sx Policy Plugin API . .Sx Policy plugin API .
.Ss Hook Function API .Ss Hook function API
Beginning with plugin API version 1.2, it is possible to install Beginning with plugin API version 1.2, it is possible to install
hooks for certain functions called by the hooks for certain functions called by the
.Nm sudo .Nm sudo
@ -1954,7 +1954,7 @@ setting.
See the sample plugin for an example of the See the sample plugin for an example of the
.Fn conversation .Fn conversation
function usage. function usage.
.Ss Sudoers Group Plugin API .Ss Sudoers group plugin API
The The
.Em sudoers .Em sudoers
module supports a plugin interface to allow non-Unix module supports a plugin interface to allow non-Unix

16
doc/sudoers.cat
View File

@ -10,7 +10,7 @@ DDEESSCCRRIIPPTTIIOONN
the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s
policy information in LDAP, please see sudoers.ldap(4). policy information in LDAP, please see sudoers.ldap(4).
AAuutthheennttiiccaattiioonn aanndd LLooggggiinngg AAuutthheennttiiccaattiioonn aanndd llooggggiinngg
The _s_u_d_o_e_r_s security policy requires that most users authenticate The _s_u_d_o_e_r_s security policy requires that most users authenticate
themselves before they can use ssuuddoo. A password is not required if the themselves before they can use ssuuddoo. A password is not required if the
invoking user is root, if the target user is the same as the invoking invoking user is root, if the target user is the same as the invoking
@ -55,7 +55,7 @@ DDEESSCCRRIIPPTTIIOONN
_l_o_g___o_u_t_p_u_t Defaults flags as well as the LOG_INPUT and LOG_OUTPUT command _l_o_g___o_u_t_p_u_t Defaults flags as well as the LOG_INPUT and LOG_OUTPUT command
tags. tags.
CCoommmmaanndd EEnnvviirroonnmmeenntt CCoommmmaanndd eennvviirroonnmmeenntt
Since environment variables can influence program behavior, _s_u_d_o_e_r_s Since environment variables can influence program behavior, _s_u_d_o_e_r_s
provides a means to restrict which variables from the user's environment provides a means to restrict which variables from the user's environment
are inherited by the command to be run. There are two distinct ways are inherited by the command to be run. There are two distinct ways
@ -332,7 +332,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
See _S_U_D_O_E_R_S _O_P_T_I_O_N_S for a list of supported Defaults parameters. See _S_U_D_O_E_R_S _O_P_T_I_O_N_S for a list of supported Defaults parameters.
UUsseerr SSppeecciiffiiccaattiioonn UUsseerr ssppeecciiffiiccaattiioonn
User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \ User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
(':' Host_List '=' Cmnd_Spec_List)* (':' Host_List '=' Cmnd_Spec_List)*
@ -507,7 +507,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
See the _P_r_e_v_e_n_t_i_n_g _S_h_e_l_l _E_s_c_a_p_e_s section below for more details on how See the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section below for more details on how
NOEXEC works and whether or not it will work on your system. NOEXEC works and whether or not it will work on your system.
_S_E_T_E_N_V _a_n_d _N_O_S_E_T_E_N_V _S_E_T_E_N_V _a_n_d _N_O_S_E_T_E_N_V
@ -903,7 +903,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
noexec If set, all commands run via ssuuddoo will behave as if the noexec If set, all commands run via ssuuddoo will behave as if the
NOEXEC tag has been set, unless overridden by a EXEC NOEXEC tag has been set, unless overridden by a EXEC
tag. See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as tag. See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as
well as the _P_r_e_v_e_n_t_i_n_g _S_h_e_l_l _E_s_c_a_p_e_s section at the end well as the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section at the end
of this manual. This flag is _o_f_f by default. of this manual. This flag is _o_f_f by default.
path_info Normally, ssuuddoo will tell the user when a command could path_info Normally, ssuuddoo will tell the user when a command could
@ -1640,7 +1640,7 @@ SSUUDDOO..CCOONNFF
Plugin policy_plugin sudoers.so Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so Plugin io_plugin sudoers.so
PPlluuggiinn OOppttiioonnss PPlluuggiinn ooppttiioonnss
Starting with ssuuddoo 1.8.5, it is possible to pass options to the _s_u_d_o_e_r_s Starting with ssuuddoo 1.8.5, it is possible to pass options to the _s_u_d_o_e_r_s
plugin. Options may be listed after the path to the plugin (i.e. after plugin. Options may be listed after the path to the plugin (i.e. after
_s_u_d_o_e_r_s_._s_o); multiple options should be space-separated. For example: _s_u_d_o_e_r_s_._s_o); multiple options should be space-separated. For example:
@ -1668,7 +1668,7 @@ SSUUDDOO..CCOONNFF
file mode for the sudoers file. It should be specified as an file mode for the sudoers file. It should be specified as an
octal value. octal value.
DDeebbuugg FFllaaggss DDeebbuugg ffllaaggss
Versions 1.8.4 and higher of the _s_u_d_o_e_r_s plugin supports a debugging Versions 1.8.4 and higher of the _s_u_d_o_e_r_s plugin supports a debugging
framework that can help track down what the plugin is doing internally if framework that can help track down what the plugin is doing internally if
there is a problem. This can be configured in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file as there is a problem. This can be configured in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file as
@ -1952,7 +1952,7 @@ SSEECCUURRIITTYY NNOOTTEESS
User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by
changing to _/_u_s_r_/_b_i_n and running ./passwd root instead. changing to _/_u_s_r_/_b_i_n and running ./passwd root instead.
PPrreevveennttiinngg SShheellll EEssccaappeess PPrreevveennttiinngg sshheellll eessccaappeess
Once ssuuddoo executes a program, that program is free to do whatever it Once ssuuddoo executes a program, that program is free to do whatever it
pleases, including run other programs. This can be a security issue pleases, including run other programs. This can be a security issue
since it is not uncommon for a program to allow shell escapes, which lets since it is not uncommon for a program to allow shell escapes, which lets

2
doc/sudoers.ldap.cat
View File

@ -232,7 +232,7 @@ DDEESSCCRRIIPPTTIIOONN
sudoHost: ALL sudoHost: ALL
sudoHost: !web01 sudoHost: !web01
SSuuddooeerrss SScchheemmaa SSuuddooeerrss sscchheemmaa
In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed on In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed on
your LDAP server. In addition, be sure to index the sudoUser attribute. your LDAP server. In addition, be sure to index the sudoUser attribute.

2
doc/sudoers.ldap.man.in
View File

@ -396,7 +396,7 @@ sudoHost: ALL
sudoHost: !web01 sudoHost: !web01
.RE .RE
.fi .fi
.SS "Sudoers Schema" .SS "Sudoers schema"
In order to use In order to use
\fBsudo\fR's \fBsudo\fR's
LDAP support, the LDAP support, the

2
doc/sudoers.ldap.mdoc.in
View File

@ -373,7 +373,7 @@ sudoUser: !joe
sudoHost: ALL sudoHost: ALL
sudoHost: !web01 sudoHost: !web01
.Ed .Ed
.Ss Sudoers Schema .Ss Sudoers schema
In order to use In order to use
.Nm sudo Ns No 's .Nm sudo Ns No 's
LDAP support, the LDAP support, the

16
doc/sudoers.man.in
View File

@ -48,7 +48,7 @@ For information on storing
policy information policy information
in LDAP, please see in LDAP, please see
sudoers.ldap(@mansectform@). sudoers.ldap(@mansectform@).
.SS "Authentication and Logging" .SS "Authentication and logging"
The The
\fIsudoers\fR \fIsudoers\fR
security policy requires that most users authenticate security policy requires that most users authenticate
@ -164,7 +164,7 @@ Defaults flags as well as the
and and
\fRLOG_OUTPUT\fR \fRLOG_OUTPUT\fR
command tags. command tags.
.SS "Command Environment" .SS "Command environment"
Since environment variables can influence program behavior, Since environment variables can influence program behavior,
\fIsudoers\fR \fIsudoers\fR
provides a means to restrict which variables from the user's provides a means to restrict which variables from the user's
@ -733,7 +733,7 @@ defaults.
See See
\fISUDOERS OPTIONS\fR \fISUDOERS OPTIONS\fR
for a list of supported Defaults parameters. for a list of supported Defaults parameters.
.SS "User Specification" .SS "User specification"
.nf .nf
.RS 0n .RS 0n
User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e
@ -1128,7 +1128,7 @@ aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.fi .fi
.PP .PP
See the See the
\fIPreventing Shell Escapes\fR \fIPreventing shell escapes\fR
section below for more details on how section below for more details on how
\fRNOEXEC\fR \fRNOEXEC\fR
works and whether or not it will work on your system. works and whether or not it will work on your system.
@ -1979,7 +1979,7 @@ tag.
See the description of See the description of
\fINOEXEC and EXEC\fR \fINOEXEC and EXEC\fR
below as well as the below as well as the
\fIPreventing Shell Escapes\fR \fIPreventing shell escapes\fR
section at the end of this manual. section at the end of this manual.
This flag is This flag is
\fIoff\fR \fIoff\fR
@ -3415,7 +3415,7 @@ Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so Plugin io_plugin sudoers.so
.RE .RE
.fi .fi
.SS "Plugin Options" .SS "Plugin options"
Starting with Starting with
\fBsudo\fR \fBsudo\fR
1.8.5, it is possible to pass options to the 1.8.5, it is possible to pass options to the
@ -3459,7 +3459,7 @@ The
\fIsudoers_mode\fR \fIsudoers_mode\fR
option can be used to override the default file mode for the sudoers file. option can be used to override the default file mode for the sudoers file.
It should be specified as an octal value. It should be specified as an octal value.
.SS "Debug Flags" .SS "Debug flags"
Versions 1.8.4 and higher of the Versions 1.8.4 and higher of the
\fIsudoers\fR \fIsudoers\fR
plugin supports a debugging framework that can help track down what the plugin supports a debugging framework that can help track down what the
@ -4049,7 +4049,7 @@ is enabled by changing to
and running and running
\fR./passwd root\fR \fR./passwd root\fR
instead. instead.
.SS "Preventing Shell Escapes" .SS "Preventing shell escapes"
Once Once
\fBsudo\fR \fBsudo\fR
executes a program, that program is free to do whatever executes a program, that program is free to do whatever

16
doc/sudoers.mdoc.in
View File

@ -46,7 +46,7 @@ For information on storing
policy information policy information
in LDAP, please see in LDAP, please see
.Xr sudoers.ldap @mansectform@ . .Xr sudoers.ldap @mansectform@ .
.Ss Authentication and Logging .Ss Authentication and logging
The The
.Em sudoers .Em sudoers
security policy requires that most users authenticate security policy requires that most users authenticate
@ -163,7 +163,7 @@ Defaults flags as well as the
and and
.Li LOG_OUTPUT .Li LOG_OUTPUT
command tags. command tags.
.Ss Command Environment .Ss Command environment
Since environment variables can influence program behavior, Since environment variables can influence program behavior,
.Em sudoers .Em sudoers
provides a means to restrict which variables from the user's provides a means to restrict which variables from the user's
@ -706,7 +706,7 @@ defaults.
See See
.Sx SUDOERS OPTIONS .Sx SUDOERS OPTIONS
for a list of supported Defaults parameters. for a list of supported Defaults parameters.
.Ss User Specification .Ss User specification
.Bd -literal .Bd -literal
User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e
(':' Host_List '=' Cmnd_Spec_List)* (':' Host_List '=' Cmnd_Spec_List)*
@ -1061,7 +1061,7 @@ aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.Ed .Ed
.Pp .Pp
See the See the
.Sx Preventing Shell Escapes .Sx Preventing shell escapes
section below for more details on how section below for more details on how
.Li NOEXEC .Li NOEXEC
works and whether or not it will work on your system. works and whether or not it will work on your system.
@ -1867,7 +1867,7 @@ tag.
See the description of See the description of
.Em NOEXEC and EXEC .Em NOEXEC and EXEC
below as well as the below as well as the
.Sx Preventing Shell Escapes .Sx Preventing shell escapes
section at the end of this manual. section at the end of this manual.
This flag is This flag is
.Em off .Em off
@ -3178,7 +3178,7 @@ file.
Plugin policy_plugin sudoers.so Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so Plugin io_plugin sudoers.so
.Ed .Ed
.Ss Plugin Options .Ss Plugin options
Starting with Starting with
.Nm sudo .Nm sudo
1.8.5, it is possible to pass options to the 1.8.5, it is possible to pass options to the
@ -3217,7 +3217,7 @@ The
option can be used to override the default file mode for the sudoers file. option can be used to override the default file mode for the sudoers file.
It should be specified as an octal value. It should be specified as an octal value.
.El .El
.Ss Debug Flags .Ss Debug flags
Versions 1.8.4 and higher of the Versions 1.8.4 and higher of the
.Em sudoers .Em sudoers
plugin supports a debugging framework that can help track down what the plugin supports a debugging framework that can help track down what the
@ -3725,7 +3725,7 @@ is enabled by changing to
and running and running
.Li ./passwd root .Li ./passwd root
instead. instead.
.Ss Preventing Shell Escapes .Ss Preventing shell escapes
Once Once
.Nm sudo .Nm sudo
executes a program, that program is free to do whatever executes a program, that program is free to do whatever