mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

No need to keep specifying ".Nm foo" since the Nm macro remembers

Browse Source 
the argument it was first called with and uses it if none is
specified.  Also fix a few minor formatting errors and
regen bulleted lists in the .man.in files.
This commit is contained in:
Todd C. Miller 2014-11-11 15:29:19 -07:00
parent fbac05467b
commit 4d04c5644b
11 changed files with 155 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/sudo.conf.mdoc.in
View File

@ -30,7 +30,7 @@ It specifies the security policy and I/O logging plugins, debug flags
as well as plugin-agnostic path names and settings.
.Pp
The
.Nm sudo.conf
.Nm
file supports the following directives, described in detail below.
.Bl -tag -width 8n
.It Plugin
@ -73,7 +73,7 @@ or
are silently ignored.
.Pp
The
.Nm sudo.conf
.Nm
file is always parsed in the
.Dq Li C
locale.
@ -86,7 +86,7 @@ logging plugins to work seamlessly with the
.Nm sudo
front end.
Plugins are dynamically loaded based on the contents of
.Nm sudo.conf .
.Nm .
.Pp
A
.Li Plugin
@ -154,7 +154,7 @@ policy plugin may be specified.
This limitation does not apply to I/O plugins.
.Pp
If no
.Nm sudo.conf
.Nm
file is present, or if it contains no
.Li Plugin
lines, the
@ -235,7 +235,7 @@ The default value is
.El
.Ss Other settings
The
.Nm sudo.conf
.Nm
file also supports the following front end settings:
.Bl -tag -width 8n
.It disable_coredump
@ -247,7 +247,7 @@ To aid in debugging
crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump
to false in
.Nm sudo.conf
.Nm
as follows:
.Bd -literal -offset indent
Set disable_coredump false

22
doc/sudo.man.in
View File

@ -636,37 +636,37 @@ option was specified).
.PP
The following parameters may be specified by security policy:
.TP 4n
\fBo\fR
\fB\(bu\fR
real and effective user ID
.TP 4n
\fBo\fR
\fB\(bu\fR
real and effective group ID
.TP 4n
\fBo\fR
\fB\(bu\fR
supplementary group IDs
.TP 4n
\fBo\fR
\fB\(bu\fR
the environment list
.TP 4n
\fBo\fR
\fB\(bu\fR
current working directory
.TP 4n
\fBo\fR
\fB\(bu\fR
file creation mode mask (umask)
.TP 4n
\fBo\fR
\fB\(bu\fR
SELinux role and type
.TP 4n
\fBo\fR
\fB\(bu\fR
Solaris project
.TP 4n
\fBo\fR
\fB\(bu\fR
Solaris privileges
.TP 4n
\fBo\fR
\fB\(bu\fR
BSD login class
.TP 4n
\fBo\fR
\fB\(bu\fR
scheduling priority (aka nice value)
.SS "Process model"
When

124
doc/sudo.mdoc.in
View File

@ -72,18 +72,18 @@
.Op Fl u Ar user
.Ar
.Sh DESCRIPTION
.Nm sudo
.Nm
allows a permitted user to execute a
.Ar command
as the superuser or another user, as specified by the security
policy.
.Pp
.Nm sudo
.Nm
supports a plugin architecture for security policies and input/output
logging.
Third parties can develop and distribute their own policy and I/O
logging plugins to work seamlessly with the
.Nm sudo
.Nm
front end.
The default security policy is
.Em sudoers ,
@ -96,11 +96,11 @@ section for more information.
.Pp
The security policy determines what privileges, if any, a user has
to run
.Nm sudo .
.Nm .
The policy may require that users authenticate themselves with a
password or another authentication mechanism.
If authentication is required,
.Nm sudo
.Nm
will exit if the user's password is not entered within a configurable
time limit.
This limit is policy-specific; the default password prompt timeout
@ -112,7 +112,7 @@ minutes.
.Pp
Security policies may support credential caching to allow the user
to run
.Nm sudo
.Nm
again for a period of time without requiring authentication.
The
.Em sudoers
@ -121,7 +121,7 @@ policy caches credentials for
minutes, unless overridden in
.Xr sudoers @mansectform@ .
By running
.Nm sudo
.Nm
with the
.Fl v
option, a user can update the cached credentials without running a
@ -134,7 +134,7 @@ the
option (described below), is implied.
.Pp
Security policies may log successful and failed attempts to use
.Nm sudo .
.Nm .
If an I/O plugin is configured, the running command's input and
output may be logged as well.
.Pp
@ -142,7 +142,7 @@ The options are as follows:
.Bl -tag -width Fl
.It Fl A , -askpass
Normally, if
.Nm sudo
.Nm
requires a password, it will read it from the user's terminal.
If the
.Fl A Pq Em askpass
@ -164,7 +164,7 @@ Path askpass /usr/X11R6/bin/ssh-askpass
.Ed
.Pp
If no askpass program is available,
.Nm sudo
.Nm
will exit with an error.
.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type
Use the specified BSD authentication
@ -181,7 +181,7 @@ This option is only available on systems that support BSD authentication.
Run the given command in the background.
Note that it is not possible to use shell job control to manipulate
background processes started by
.Nm sudo .
.Nm .
Most interactive commands will fail to work properly in background
mode.
.It Fl C Ar num , Fl -close-from Ns = Ns Ar num
@ -190,7 +190,7 @@ Close all file descriptors greater than or equal to
before executing a command.
Values less than three are not permitted.
By default,
.Nm sudo
.Nm
will close all open file descriptors other than standard input,
standard output and standard error when executing a command.
The security policy may restrict the user's ability to use this option.
@ -218,7 +218,7 @@ is
.Cm - ,
the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or
.Nm sudo
.Nm
must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional
.Pa /etc/login.conf
@ -270,7 +270,7 @@ Note that unlike most commands run by
.Em sudo ,
the editor is run with the invoking user's environment unmodified.
If, for some reason,
.Nm sudo
.Nm
is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary
file.
@ -328,7 +328,7 @@ via the shell's
.Fl c
option.
If no command is specified, an interactive shell is executed.
.Nm sudo
.Nm
attempts to change to that user's home directory before running the
shell.
The command is run with an environment similar to the one
@ -352,21 +352,21 @@ Not all security policies support credential caching.
.It Fl k , -reset-timestamp
When used without a command, invalidates the user's cached credentials.
In other words, the next time
.Nm sudo
.Nm
is run a password will be required.
This option does not require a password and was added to allow a
user to revoke
.Nm sudo
.Nm
permissions from a
.Pa .logout
file.
.Pp
When used in conjunction with a command or an option that may require
a password, this option will cause
.Nm sudo
.Nm
to ignore the user's cached credentials.
As a result,
.Nm sudo
.Nm
will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials.
.Pp
@ -390,12 +390,12 @@ arguments.
If
.Ar command
is specified but not allowed,
.Nm sudo
.Nm
will exit with a status value of 1.
.It Fl n , -non-interactive
Avoid prompting the user for input of any kind.
If a password is required for the command to run,
.Nm sudo
.Nm
will display an error message and exit.
.It Fl P , -preserve-groups
Preserve the invoking user's group vector unaltered.
@ -514,13 +514,13 @@ option is not set.
Other security policies may not support this.
.It Fl V , -version
Print the
.Nm sudo
.Nm
version string as well as the version string of the security
policy plugin and any I/O plugins.
If the invoking user is already root the
.Fl V
option will display the arguments passed to configure when
.Nm sudo
.Nm
was built and plugins may display more verbose information such as
default options.
.It Fl v , -validate
@ -529,7 +529,7 @@ if necessary.
For the
.Em sudoers
plugin, this extends the
.Nm sudo
.Nm
timeout for another
.Li @timeout@
minutes by default, but does not run a command.
@ -538,7 +538,7 @@ Not all security policies support cached credentials.
The
.Fl -
option indicates that
.Nm sudo
.Nm
should stop processing command line arguments.
.El
.Pp
@ -568,7 +568,7 @@ See
for more information.
.Sh COMMAND EXECUTION
When
.Nm sudo
.Nm
executes a command, the security policy specifies the execution
environment for the command.
Typically, the real and effective user and group and IDs are set to
@ -605,21 +605,21 @@ scheduling priority (aka nice value)
.El
.Ss Process model
When
.Nm sudo
.Nm
runs a command, it calls
.Xr fork 2 ,
sets up the execution environment as described above, and calls the
.Xr execve
system call in the child process.
The main
.Nm sudo
.Nm
process waits until the command has completed, then passes the
command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal
.Pq Dq pty
is created and a second
.Nm sudo
.Nm
process is used to relay job control signals between the user's
existing pty and the new pty the command is being run in.
This extra process makes it possible to, for example, suspend
@ -629,7 +629,7 @@ Without it, the command would be in what POSIX terms an
and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close
function and no pty is required,
.Nm sudo
.Nm
will execute the command directly instead of calling
.Xr fork 2
first.
@ -648,9 +648,9 @@ and
are enabled by default on systems using PAM.
.Ss Signal handling
When the command is run as a child of the
.Nm sudo
.Nm
process,
.Nm sudo
.Nm
will relay signals it receives to the command.
Unless the command is being run in a new pty, the
.Dv SIGHUP ,
@ -672,10 +672,10 @@ As a general rule,
should be used instead of
.Dv SIGSTOP
when you wish to suspend a command being run by
.Nm sudo .
.Nm .
.Pp
As a special case,
.Nm sudo
.Nm
will not relay signals that were sent by the command it is running.
This prevents the command from accidentally killing itself.
On some systems, the
@ -685,7 +685,7 @@ command sends
to all non-system processes other than itself before rebooting
the system.
This prevents
.Nm sudo
.Nm
from relaying the
.Dv SIGTERM
signal it received back to
@ -693,14 +693,14 @@ signal it received back to
which might then exit before the system was actually rebooted,
leaving it in a half-dead state similar to single user mode.
Note, however, that this check only applies to the command run by
.Nm sudo
.Nm
and not any other processes that the command may create.
As a result, running a script that calls
.Xr reboot @mansectsu@
or
.Xr shutdown @mansectsu@
via
.Nm sudo
.Nm
may cause the system to end up in this undefined state unless the
.Xr reboot @mansectsu@
or
@ -716,7 +716,7 @@ defined a
.Fn close
function, set a command timeout or required that the command be
run in a new pty,
.Nm sudo
.Nm
may execute the command directly instead of running it as a child process.
.Ss Plugins
Plugins may be specified via
@ -726,14 +726,14 @@ directives in the
file.
They may be loaded as dynamic shared objects (on systems that support them),
or compiled directly into the
.Nm sudo
.Nm
binary.
If no
.Xr sudo.conf @mansectform@
file is present, or it contains no
.Li Plugin
lines,
.Nm sudo
.Nm
will use the traditional
.Em sudoers
security policy and I/O logging.
@ -744,7 +744,7 @@ manual for details of the
file and the
.Xr sudo_plugin @mansectsu@
manual for more information about the
.Nm sudo
.Nm
plugin architecture.
.Sh EXIT VALUE
Upon successful execution of a program, the exit status from
@ -752,14 +752,14 @@ Upon successful execution of a program, the exit status from
will simply be the exit status of the program that was executed.
.Pp
Otherwise,
.Nm sudo
.Nm
exits with a value of 1 if there is a configuration/permission
problem or if
.Nm sudo
.Nm
cannot execute the given command.
In the latter case the error string is printed to the standard error.
If
.Nm sudo
.Nm
cannot
.Xr stat 2
one or more entries in the user's
@ -777,11 +777,11 @@ your
.Ev PATH
is on a machine that is currently unreachable.
.Sh SECURITY NOTES
.Nm sudo
.Nm
tries to be safe when executing external commands.
.Pp
To prevent command spoofing,
.Nm sudo
.Nm
checks "." and "" (both denoting current directory) last when
searching for a command in the user's
.Ev PATH
@ -792,11 +792,11 @@ Note, however, that the actual
environment variable is
.Em not
modified and is passed unchanged to the program that
.Nm sudo
.Nm
executes.
.Pp
Please note that
.Nm sudo
.Nm
will normally only log the command it explicitly runs.
If a user runs a command such as
.Li sudo su
@ -810,7 +810,7 @@ most editors).
If I/O logging is enabled, subsequent commands will have their input and/or
output logged, but there will not be traditional logs for those commands.
Because of this, care must be taken when giving users access to commands via
.Nm sudo
.Nm
to verify that the command does not inadvertently give the user an
effective root shell.
For more information, please see the
@ -819,11 +819,11 @@ section in
.Xr sudoers @mansectform@ .
.Pp
To prevent the disclosure of potentially sensitive information,
.Nm sudo
.Nm
disables core dumps by default while it is executing (they are
re-enabled for the command that is run).
To aid in debugging
.Nm sudo
.Nm
crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump
to false in the
@ -837,7 +837,7 @@ See the
.Xr sudo.conf @mansectform@
manual for more information.
.Sh ENVIRONMENT
.Nm sudo
.Nm
utilizes the following environment variables.
The security policy has control over the actual content of the command's
environment.
@ -918,7 +918,7 @@ is not set.
.Sh FILES
.Bl -tag -width 24n
.It Pa @sysconfdir@/sudo.conf
.Nm sudo
.Nm
front end configuration
.El
.Sh EXAMPLES
@ -978,26 +978,26 @@ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
.Xr visudo @mansectsu@
.Sh HISTORY
See the HISTORY file in the
.Nm sudo
.Nm
distribution (http://www.sudo.ws/sudo/history.html) for a brief
history of sudo.
.Sh AUTHORS
Many people have worked on
.Nm sudo
.Nm
over the years; this version consists of code written primarily by:
.Bd -ragged -offset indent
Todd C. Miller
.Ed
.Pp
See the CONTRIBUTORS file in the
.Nm sudo
.Nm
distribution (http://www.sudo.ws/sudo/contributors.html) for an
exhaustive list of people who have contributed to
.Nm sudo .
.Nm .
.Sh CAVEATS
There is no easy way to prevent a user from gaining a root shell
if that user is allowed to run arbitrary commands via
.Nm sudo .
.Nm .
Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding
.Nm sudo Ns 's
@ -1022,25 +1022,25 @@ Please see the
section for more information.
.Pp
Running shell scripts via
.Nm sudo
.Nm
can expose the same kernel bugs that make setuid shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe).
.Sh BUGS
If you feel you have found a bug in
.Nm sudo ,
.Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT
Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives.
.Sh DISCLAIMER
.Nm sudo
.Nm
is provided
.Dq AS IS
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
See the LICENSE file distributed with
.Nm sudo
.Nm
or http://www.sudo.ws/sudo/license.html for complete details.

16
doc/sudo_plugin.man.in
View File

@ -1924,29 +1924,29 @@ while the plugin functions are run.
The following signals are trapped by default before the command is
executed:
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGALRM\fR
.PD 0
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGHUP\fR
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGINT\fR
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGQUIT\fR
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGTERM\fR
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGTSTP\fR
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGUSR1\fR
.TP 4n
\fBo\fR
\fB\(bu\fR
\fRSIGUSR2\fR
.PD
.PP

8
doc/sudoers.cat
View File

@ -4,7 +4,7 @@ NNAAMMEE
ssuuddooeerrss - default sudo security policy plugin
DDEESSCCRRIIPPTTIIOONN
The _s_u_d_o_e_r_s policy plugin determines a user's ssuuddoo privileges. It is the
The ssuuddooeerrss policy plugin determines a user's ssuuddoo privileges. It is the
default ssuuddoo policy plugin. The policy is driven by the _/_e_t_c_/_s_u_d_o_e_r_s
file or, optionally in LDAP. The policy format is described in detail in
the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s
@ -155,9 +155,9 @@ DDEESSCCRRIIPPTTIIOONN
variables in the PAM environment may be merged in to the environment. If
a variable in the PAM environment is already present in the user's
environment, the value will only be overridden if the variable was not
preserved by ssuuddooeerrss.. When _e_n_v___r_e_s_e_t is enabled, variables preserved from
the invoking user's environment by the _e_n_v___k_e_e_p list take precedence over
those in the PAM environment. When _e_n_v___r_e_s_e_t is disabled, variables
preserved by ssuuddooeerrss. When _e_n_v___r_e_s_e_t is enabled, variables preserved
from the invoking user's environment by the _e_n_v___k_e_e_p list take precedence
over those in the PAM environment. When _e_n_v___r_e_s_e_t is disabled, variables
present the invoking user's environment take precedence over those in the
PAM environment unless they match a pattern in the _e_n_v___d_e_l_e_t_e list.

4
doc/sudoers.man.in
View File

@ -29,7 +29,7 @@
\- default sudo security policy plugin
.SH "DESCRIPTION"
The
\fIsudoers\fR
\fBsudoers\fR
policy plugin determines a user's
\fBsudo\fR
privileges.
@ -375,7 +375,7 @@ variables in the PAM environment may be merged in to the environment.
If a variable in the PAM environment is already present in the
user's environment, the value will only be overridden if the variable
was not preserved by
\fBsudoers.\fR
\fBsudoers\fR.
When
\fIenv_reset\fR
is enabled, variables preserved from the invoking user's environment

44
doc/sudoers.mdoc.in
View File

@ -27,7 +27,7 @@
.Nd default sudo security policy plugin
.Sh DESCRIPTION
The
.Em sudoers
.Nm
policy plugin determines a user's
.Nm sudo
privileges.
@ -56,12 +56,12 @@ If no
file is present, or if it contains no
.Li Plugin
lines,
.Nm sudoers
.Nm
will be used for policy decisions and I/O logging.
To explicitly configure
.Xr sudo.conf @mansectform@
to use the
.Nm sudoers
.Nm
plugin, the following configuration can be used.
.Bd -literal -offset indent
Plugin sudoers_policy sudoers.so
@ -71,7 +71,7 @@ Plugin sudoers_io sudoers.so
Starting with
.Nm sudo
1.8.5, it is possible to specify optional arguments to the
.Nm sudoers
.Nm
plugin in the
.Xr sudo.conf @mansectform@
file.
@ -361,7 +361,7 @@ variables in the PAM environment may be merged in to the environment.
If a variable in the PAM environment is already present in the
user's environment, the value will only be overridden if the variable
was not preserved by
.Nm sudoers.
.Nm .
When
.Em env_reset
is enabled, variables preserved from the invoking user's environment
@ -1906,7 +1906,7 @@ In the
file, the first host name of the entry is considered to be the
.Dq canonical
name; subsequent names are aliases that are not used by
.Nm sudoers .
.Nm .
For example, the following hosts file line for the machine
.Dq xyzzy
has the fully-qualified domain name as the
@ -1922,7 +1922,7 @@ option will not be effective if it is queried before DNS.
Beware that when using DNS for host name resolution, turning on
.Em fqdn
requires
.Nm sudoers
.Nm
to make DNS lookups which renders
.Nm sudo
unusable if DNS stops working (for example if the machine is disconnected
@ -2766,7 +2766,7 @@ Once the local sequence number reaches the value of
it will
.Dq roll over
to zero, after which
.Nm sudoers
.Nm
will truncate and re-use any existing I/O log path names.
.Pp
This setting is only supported by version 1.8.7 or higher.
@ -3229,7 +3229,7 @@ option.
.El
.Sh GROUP PROVIDER PLUGINS
The
.Nm sudoers
.Nm
plugin supports its own plugin interface to allow non-Unix
group lookups which can query a group source other
than the standard Unix group database.
@ -3283,7 +3283,7 @@ Defaults group_plugin=system_group.so
The group provider plugin API is described in detail in
.Xr sudo_plugin @mansectsu@ .
.Sh LOG FORMAT
.Nm sudoers
.Nm
can log events using either
.Xr syslog 3
or a simple log file.
@ -3397,13 +3397,13 @@ were not allowed by
.El
.Ss Error log entries
If an error occurs,
.Nm sudoers
.Nm
will log a message and, in most cases, send a message to the
administrator via email.
Possible errors include:
.Bl -tag -width 4
.It parse error in @sysconfdir@/sudoers near line N
.Nm sudoers
.Nm
encountered an error when parsing the specified file.
In some cases, the actual error may be one line above or below the
line number listed, depending on the type of error.
@ -3430,7 +3430,7 @@ This can happen when the
file is located on a remote file system that maps user ID 0 to
a different value.
Normally,
.Nm sudoers
.Nm
tries to open
.Em sudoers
using group permissions to avoid this problem.
@ -3443,7 +3443,7 @@ or adding an argument like
is the user ID that owns the
.Em sudoers
file) to the end of the
.Nm sudoers
.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
@ -3469,7 +3469,7 @@ file owner, please add
is the user ID that owns the
.Em sudoers
file) to the
.Nm sudoers
.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
@ -3485,7 +3485,7 @@ is 0440 (readable by owner and group, writable by none).
The default mode may be changed via the
.Dq sudoers_mode
option to the
.Nm sudoers
.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
@ -3503,7 +3503,7 @@ file group ownership, please add
is the group ID that owns the
.Em sudoers
file) to the
.Nm sudoers
.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
@ -3556,7 +3556,7 @@ On most systems,
.Xr syslog 3
has a relatively small log buffer.
To prevent the command line arguments from being truncated,
.Nm sudoers
.Nm
will split up log messages that are larger than 960 characters
(not including the date, hostname, and the string
.Dq sudo ) .
@ -4256,7 +4256,7 @@ without entering a password when logging out and back in again
on the same terminal.
.Sh DEBUGGING
Versions 1.8.4 and higher of the
.Nm sudoers
.Nm
plugin support a flexible debugging framework that can help track
down what the plugin is doing internally if there is a problem.
This can be configured in the
@ -4264,14 +4264,14 @@ This can be configured in the
file.
.Pp
The
.Nm sudoers
.Nm
plugin uses the same debug flag format as the
.Nm sudo
front-end:
.Em subsystem Ns @ Ns Em priority .
.Pp
The priorities used by
.Nm sudoers ,
.Nm ,
in order of decreasing severity,
are:
.Em crit , err , warn , notice , diag , info , trace
@ -4286,7 +4286,7 @@ would include debug messages logged at
and higher.
.Pp
The following subsystems are used by the
.Nm sudoers
.Nm
plugin:
.Bl -tag -width 8n
.It Em alias

30
doc/sudoreplay.mdoc.in
View File

@ -29,17 +29,17 @@
.Op Fl s Ar num
ID
.Pp
.Nm sudoreplay
.Nm
.Op Fl h
.Op Fl d Ar dir
.Fl l
.Op search expression
.Sh DESCRIPTION
.Nm sudoreplay
.Nm
plays back or lists the output logs created by
.Nm sudo .
When replaying,
.Nm sudoreplay
.Nm
can play the session back in real-time, or the playback speed may be
adjusted (faster or slower) based on the command line options.
.Pp
@ -71,12 +71,12 @@ may also be determined using
list mode.
.Pp
In list mode,
.Nm sudoreplay
.Nm
can be used to find the ID of a session based on a number of criteria
such as the user, tty or command run.
.Pp
In replay mode, if the standard output has not been redirected,
.Nm sudoreplay
.Nm
will act on the following keys:
.Bl -tag -width 12n
.It So Li \en Sc No or So Li \er Sc
@ -99,7 +99,7 @@ instead of the default,
.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter
Select which I/O type(s) to display.
By default,
.Nm sudoreplay
.Nm
will display the command's standard output, standard error and tty output.
The
.Ar filter
@ -114,7 +114,7 @@ Display a short help message to the standard output and exit.
Enable
.Dq list mode .
In this mode,
.Nm sudoreplay
.Nm
will list available sessions in a format similar to the
.Nm sudo
log file format, sorted by file name (or sequence number).
@ -198,13 +198,13 @@ unless separated by an
.It Fl m , -max-wait Ar max_wait
Specify an upper bound on how long to wait between key presses or output data.
By default,
.Nm sudoreplay
.Nm
will accurately reproduce the delays between key presses or program output.
However, this can be tedious when the session includes long pauses.
When the
.Fl m
option is specified,
.Nm sudoreplay
.Nm
will limit these pauses to at most
.Em max_wait
seconds.
@ -212,7 +212,7 @@ The value may be specified as a floating point number, e.g.\&
.Em 2.5 .
.It Fl s , -speed Ar speed_factor
This option causes
.Nm sudoreplay
.Nm
to adjust the number of seconds it will wait between key presses or
program output.
This can be used to slow down or speed up the display.
@ -227,7 +227,7 @@ of
would make the output twice as slow.
.It Fl V , -version
Print the
.Nm sudoreplay
.Nm
versions version number and exit.
.El
.Ss Date and time format
@ -296,9 +296,9 @@ For example,
will result in a time exactly two weeks from now, which is probably
not what was intended.
This will be addressed in a future version of
.Nm sudoreplay .
.Nm .
.Ss Debugging sudoreplay
.Nm sudoreplay
.Nm
versions 1.8.4 and higher support a flexible debugging framework
that is configured via
.Li Debug
@ -372,14 +372,14 @@ List sessions run by jeff or bob on the console:
Todd C. Miller
.Sh BUGS
If you feel you have found a bug in
.Nm sudoreplay ,
.Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT
Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives.
.Sh DISCLAIMER
.Nm sudoreplay
.Nm
is provided
.Dq AS IS
and any express or implied warranties, including, but not limited

2
doc/visudo.cat
View File

@ -30,7 +30,7 @@ DDEESSCCRRIIPPTTIIOONN
may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used
with extreme care because if vviissuuddoo believes there to be a parse error,
so will ssuuddoo and no one will be able to ssuuddoo again until the error is
so will ssuuddoo and no one will be able to run ssuuddoo again until the error is
fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has
been detected, the cursor will be placed on the line where the error
occurred (if the editor supports this feature).

2
doc/visudo.man.in
View File

@ -112,7 +112,7 @@ option should be used with extreme care because if
believes there to be a parse error, so will
\fBsudo\fR
and no one
will be able to
will be able to run
\fBsudo\fR
again until the error is fixed.
If

46
doc/visudo.mdoc.in
View File

@ -31,12 +31,12 @@
.Op Fl f Ar sudoers
.Op Fl x Ar output_file
.Sh DESCRIPTION
.Nm visudo
.Nm
edits the
.Em sudoers
file in a safe fashion, analogous to
.Xr vipw @mansectsu@ .
.Nm visudo
.Nm
locks the
.Em sudoers
file against multiple simultaneous edits, provides basic sanity checks,
@ -46,7 +46,7 @@ If the
file is currently being edited you will receive a message to try again later.
.Pp
There is a hard-coded list of one or more editors that
.Nm visudo
.Nm
will use set at compile-time that may be overridden via the
.Em editor
.Em sudoers
@ -55,7 +55,7 @@ variable.
This list defaults to
.Li "@editor@" .
Normally,
.Nm visudo
.Nm
does not honor the
.Ev VISUAL
or
@ -63,7 +63,7 @@ or
environment variables unless they contain an editor in the aforementioned
editors list.
However, if
.Nm visudo
.Nm
is configured with the
.Li --with-env-editor
option or the
@ -71,7 +71,7 @@ option or the
.Li Default
variable is set in
.Em sudoers ,
.Nm visudo
.Nm
will use any the editor defines by
.Ev VISUAL
or
@ -82,13 +82,13 @@ execute any program they wish simply by setting
or
.Ev EDITOR .
.Pp
.Nm visudo
.Nm
parses the
.Em sudoers
file after the edit and will
not save the changes if there is a syntax error.
Upon finding an error,
.Nm visudo
.Nm
will print a message stating the line number(s)
where the error occurred and the user will receive the
.Dq What now?
@ -105,11 +105,11 @@ to quit and save changes.
The
.Ql Q
option should be used with extreme care because if
.Nm visudo
.Nm
believes there to be a parse error, so will
.Nm sudo
and no one
will be able to
will be able to run
.Nm sudo
again until the error is fixed.
If
@ -135,17 +135,17 @@ unless the
.Fl q
option was specified.
If the check completes successfully,
.Nm visudo
.Nm
will exit with a value of 0.
If an error is encountered,
.Nm visudo
.Nm
will exit with a value of 1.
.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers
Specify an alternate
.Em sudoers
file location.
With this option,
.Nm visudo
.Nm
will edit (or check) the
.Em sudoers
file of your choice,
@ -183,7 +183,7 @@ checking of the
.Em sudoers
file.
If an alias is used before it is defined,
.Nm visudo
.Nm
will consider this a parse error.
Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase
@ -192,7 +192,7 @@ letters, digits, and the underscore
character.
.It Fl V , -version
Print the
.Nm visudo
.Nm
and
.Em sudoers
grammar versions and exit.
@ -226,7 +226,7 @@ ambiguity of the
format.
.El
.Ss Debugging and sudoers plugin arguments
.Nm visudo
.Nm
versions 1.8.4 and higher support a flexible debugging framework
that is configured via
.Li Debug
@ -237,7 +237,7 @@ file.
Starting with
.Nm sudo
1.8.12,
.Nm visudo
.Nm
will also parse the arguments to the
.Em sudoers
plugin to override the default
@ -291,11 +291,11 @@ settings:
.Bl -tag -width 15n
.It Ev VISUAL
Invoked by
.Nm visudo
.Nm
as the editor to use
.It Ev EDITOR
Used by
.Nm visudo
.Nm
if
.Ev VISUAL
is not set
@ -317,7 +317,7 @@ Someone else is currently editing the
file.
.It Li @sysconfdir@/sudoers.tmp: Permission denied
You didn't run
.Nm visudo
.Nm
as root.
.It Li Can't find you in the passwd database
Your user ID does not appear in the system passwd file.
@ -379,18 +379,18 @@ exhaustive list of people who have contributed to
.Sh CAVEATS
There is no easy way to prevent a user from gaining a root shell if
the editor used by
.Nm visudo
.Nm
allows shell escapes.
.Sh BUGS
If you feel you have found a bug in
.Nm visudo ,
.Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT
Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives.
.Sh DISCLAIMER
.Nm visudo
.Nm
is provided
.Dq AS IS
and any express or implied warranties, including, but not limited