mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

No need to keep specifying ".Nm foo" since the Nm macro remembers

Browse Source 
the argument it was first called with and uses it if none is
specified.  Also fix a few minor formatting errors and
regen bulleted lists in the .man.in files.
This commit is contained in:
Todd C. Miller 2014-11-11 15:29:19 -07:00
parent fbac05467b
commit 4d04c5644b
11 changed files with 155 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/sudo.conf.mdoc.in
View File

@ -30,7 +30,7 @@ It specifies the security policy and I/O logging plugins, debug flags
as well as plugin-agnostic path names and settings. as well as plugin-agnostic path names and settings.
.Pp .Pp
The The
.Nm sudo.conf .Nm
file supports the following directives, described in detail below. file supports the following directives, described in detail below.
.Bl -tag -width 8n .Bl -tag -width 8n
.It Plugin .It Plugin
@ -73,7 +73,7 @@ or
are silently ignored. are silently ignored.
.Pp .Pp
The The
.Nm sudo.conf .Nm
file is always parsed in the file is always parsed in the
.Dq Li C .Dq Li C
locale. locale.
@ -86,7 +86,7 @@ logging plugins to work seamlessly with the
.Nm sudo .Nm sudo
front end. front end.
Plugins are dynamically loaded based on the contents of Plugins are dynamically loaded based on the contents of
.Nm sudo.conf . .Nm .
.Pp .Pp
A A
.Li Plugin .Li Plugin
@ -154,7 +154,7 @@ policy plugin may be specified.
This limitation does not apply to I/O plugins. This limitation does not apply to I/O plugins.
.Pp .Pp
If no If no
.Nm sudo.conf .Nm
file is present, or if it contains no file is present, or if it contains no
.Li Plugin .Li Plugin
lines, the lines, the
@ -235,7 +235,7 @@ The default value is
.El .El
.Ss Other settings .Ss Other settings
The The
.Nm sudo.conf .Nm
file also supports the following front end settings: file also supports the following front end settings:
.Bl -tag -width 8n .Bl -tag -width 8n
.It disable_coredump .It disable_coredump
@ -247,7 +247,7 @@ To aid in debugging
crashes, you may wish to re-enable core dumps by setting crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump .Dq disable_coredump
to false in to false in
.Nm sudo.conf .Nm
as follows: as follows:
.Bd -literal -offset indent .Bd -literal -offset indent
Set disable_coredump false Set disable_coredump false

22
doc/sudo.man.in
View File

@ -636,37 +636,37 @@ option was specified).
.PP .PP
The following parameters may be specified by security policy: The following parameters may be specified by security policy:
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
real and effective user ID real and effective user ID
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
real and effective group ID real and effective group ID
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
supplementary group IDs supplementary group IDs
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
the environment list the environment list
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
current working directory current working directory
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
file creation mode mask (umask) file creation mode mask (umask)
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
SELinux role and type SELinux role and type
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
Solaris project Solaris project
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
Solaris privileges Solaris privileges
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
BSD login class BSD login class
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
scheduling priority (aka nice value) scheduling priority (aka nice value)
.SS "Process model" .SS "Process model"
When When

124
doc/sudo.mdoc.in
View File

@ -72,18 +72,18 @@
.Op Fl u Ar user .Op Fl u Ar user
.Ar .Ar
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm sudo .Nm
allows a permitted user to execute a allows a permitted user to execute a
.Ar command .Ar command
as the superuser or another user, as specified by the security as the superuser or another user, as specified by the security
policy. policy.
.Pp .Pp
.Nm sudo .Nm
supports a plugin architecture for security policies and input/output supports a plugin architecture for security policies and input/output
logging. logging.
Third parties can develop and distribute their own policy and I/O Third parties can develop and distribute their own policy and I/O
logging plugins to work seamlessly with the logging plugins to work seamlessly with the
.Nm sudo .Nm
front end. front end.
The default security policy is The default security policy is
.Em sudoers , .Em sudoers ,
@ -96,11 +96,11 @@ section for more information.
.Pp .Pp
The security policy determines what privileges, if any, a user has The security policy determines what privileges, if any, a user has
to run to run
.Nm sudo . .Nm .
The policy may require that users authenticate themselves with a The policy may require that users authenticate themselves with a
password or another authentication mechanism. password or another authentication mechanism.
If authentication is required, If authentication is required,
.Nm sudo .Nm
will exit if the user's password is not entered within a configurable will exit if the user's password is not entered within a configurable
time limit. time limit.
This limit is policy-specific; the default password prompt timeout This limit is policy-specific; the default password prompt timeout
@ -112,7 +112,7 @@ minutes.
.Pp .Pp
Security policies may support credential caching to allow the user Security policies may support credential caching to allow the user
to run to run
.Nm sudo .Nm
again for a period of time without requiring authentication. again for a period of time without requiring authentication.
The The
.Em sudoers .Em sudoers
@ -121,7 +121,7 @@ policy caches credentials for
minutes, unless overridden in minutes, unless overridden in
.Xr sudoers @mansectform@ . .Xr sudoers @mansectform@ .
By running By running
.Nm sudo .Nm
with the with the
.Fl v .Fl v
option, a user can update the cached credentials without running a option, a user can update the cached credentials without running a
@ -134,7 +134,7 @@ the
option (described below), is implied. option (described below), is implied.
.Pp .Pp
Security policies may log successful and failed attempts to use Security policies may log successful and failed attempts to use
.Nm sudo . .Nm .
If an I/O plugin is configured, the running command's input and If an I/O plugin is configured, the running command's input and
output may be logged as well. output may be logged as well.
.Pp .Pp
@ -142,7 +142,7 @@ The options are as follows:
.Bl -tag -width Fl .Bl -tag -width Fl
.It Fl A , -askpass .It Fl A , -askpass
Normally, if Normally, if
.Nm sudo .Nm
requires a password, it will read it from the user's terminal. requires a password, it will read it from the user's terminal.
If the If the
.Fl A Pq Em askpass .Fl A Pq Em askpass
@ -164,7 +164,7 @@ Path askpass /usr/X11R6/bin/ssh-askpass
.Ed .Ed
.Pp .Pp
If no askpass program is available, If no askpass program is available,
.Nm sudo .Nm
will exit with an error. will exit with an error.
.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type .It Fl a Ar type , Fl -auth-type Ns = Ns Ar type
Use the specified BSD authentication Use the specified BSD authentication
@ -181,7 +181,7 @@ This option is only available on systems that support BSD authentication.
Run the given command in the background. Run the given command in the background.
Note that it is not possible to use shell job control to manipulate Note that it is not possible to use shell job control to manipulate
background processes started by background processes started by
.Nm sudo . .Nm .
Most interactive commands will fail to work properly in background Most interactive commands will fail to work properly in background
mode. mode.
.It Fl C Ar num , Fl -close-from Ns = Ns Ar num .It Fl C Ar num , Fl -close-from Ns = Ns Ar num
@ -190,7 +190,7 @@ Close all file descriptors greater than or equal to
before executing a command. before executing a command.
Values less than three are not permitted. Values less than three are not permitted.
By default, By default,
.Nm sudo .Nm
will close all open file descriptors other than standard input, will close all open file descriptors other than standard input,
standard output and standard error when executing a command. standard output and standard error when executing a command.
The security policy may restrict the user's ability to use this option. The security policy may restrict the user's ability to use this option.
@ -218,7 +218,7 @@ is
.Cm - , .Cm - ,
the default login class of the target user will be used. the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or Otherwise, the command must be run as the superuser (user ID 0), or
.Nm sudo .Nm
must be run from a shell that is already running as the superuser. must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional If the command is being run as a login shell, additional
.Pa /etc/login.conf .Pa /etc/login.conf
@ -270,7 +270,7 @@ Note that unlike most commands run by
.Em sudo , .Em sudo ,
the editor is run with the invoking user's environment unmodified. the editor is run with the invoking user's environment unmodified.
If, for some reason, If, for some reason,
.Nm sudo .Nm
is unable to update a file with its edited version, the user will is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary receive a warning and the edited copy will remain in a temporary
file. file.
@ -328,7 +328,7 @@ via the shell's
.Fl c .Fl c
option. option.
If no command is specified, an interactive shell is executed. If no command is specified, an interactive shell is executed.
.Nm sudo .Nm
attempts to change to that user's home directory before running the attempts to change to that user's home directory before running the
shell. shell.
The command is run with an environment similar to the one The command is run with an environment similar to the one
@ -352,21 +352,21 @@ Not all security policies support credential caching.
.It Fl k , -reset-timestamp .It Fl k , -reset-timestamp
When used without a command, invalidates the user's cached credentials. When used without a command, invalidates the user's cached credentials.
In other words, the next time In other words, the next time
.Nm sudo .Nm
is run a password will be required. is run a password will be required.
This option does not require a password and was added to allow a This option does not require a password and was added to allow a
user to revoke user to revoke
.Nm sudo .Nm
permissions from a permissions from a
.Pa .logout .Pa .logout
file. file.
.Pp .Pp
When used in conjunction with a command or an option that may require When used in conjunction with a command or an option that may require
a password, this option will cause a password, this option will cause
.Nm sudo .Nm
to ignore the user's cached credentials. to ignore the user's cached credentials.
As a result, As a result,
.Nm sudo .Nm
will prompt for a password (if one is required by the security will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials. policy) and will not update the user's cached credentials.
.Pp .Pp
@ -390,12 +390,12 @@ arguments.
If If
.Ar command .Ar command
is specified but not allowed, is specified but not allowed,
.Nm sudo .Nm
will exit with a status value of 1. will exit with a status value of 1.
.It Fl n , -non-interactive .It Fl n , -non-interactive
Avoid prompting the user for input of any kind. Avoid prompting the user for input of any kind.
If a password is required for the command to run, If a password is required for the command to run,
.Nm sudo .Nm
will display an error message and exit. will display an error message and exit.
.It Fl P , -preserve-groups .It Fl P , -preserve-groups
Preserve the invoking user's group vector unaltered. Preserve the invoking user's group vector unaltered.
@ -514,13 +514,13 @@ option is not set.
Other security policies may not support this. Other security policies may not support this.
.It Fl V , -version .It Fl V , -version
Print the Print the
.Nm sudo .Nm
version string as well as the version string of the security version string as well as the version string of the security
policy plugin and any I/O plugins. policy plugin and any I/O plugins.
If the invoking user is already root the If the invoking user is already root the
.Fl V .Fl V
option will display the arguments passed to configure when option will display the arguments passed to configure when
.Nm sudo .Nm
was built and plugins may display more verbose information such as was built and plugins may display more verbose information such as
default options. default options.
.It Fl v , -validate .It Fl v , -validate
@ -529,7 +529,7 @@ if necessary.
For the For the
.Em sudoers .Em sudoers
plugin, this extends the plugin, this extends the
.Nm sudo .Nm
timeout for another timeout for another
.Li @timeout@ .Li @timeout@
minutes by default, but does not run a command. minutes by default, but does not run a command.
@ -538,7 +538,7 @@ Not all security policies support cached credentials.
The The
.Fl - .Fl -
option indicates that option indicates that
.Nm sudo .Nm
should stop processing command line arguments. should stop processing command line arguments.
.El .El
.Pp .Pp
@ -568,7 +568,7 @@ See
for more information. for more information.
.Sh COMMAND EXECUTION .Sh COMMAND EXECUTION
When When
.Nm sudo .Nm
executes a command, the security policy specifies the execution executes a command, the security policy specifies the execution
environment for the command. environment for the command.
Typically, the real and effective user and group and IDs are set to Typically, the real and effective user and group and IDs are set to
@ -605,21 +605,21 @@ scheduling priority (aka nice value)
.El .El
.Ss Process model .Ss Process model
When When
.Nm sudo .Nm
runs a command, it calls runs a command, it calls
.Xr fork 2 , .Xr fork 2 ,
sets up the execution environment as described above, and calls the sets up the execution environment as described above, and calls the
.Xr execve .Xr execve
system call in the child process. system call in the child process.
The main The main
.Nm sudo .Nm
process waits until the command has completed, then passes the process waits until the command has completed, then passes the
command's exit status to the security policy's close function and exits. command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal explicitly requests it, a new pseudo-terminal
.Pq Dq pty .Pq Dq pty
is created and a second is created and a second
.Nm sudo .Nm
process is used to relay job control signals between the user's process is used to relay job control signals between the user's
existing pty and the new pty the command is being run in. existing pty and the new pty the command is being run in.
This extra process makes it possible to, for example, suspend This extra process makes it possible to, for example, suspend
@ -629,7 +629,7 @@ Without it, the command would be in what POSIX terms an
and it would not receive any job control signals. and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close As a special case, if the policy plugin does not define a close
function and no pty is required, function and no pty is required,
.Nm sudo .Nm
will execute the command directly instead of calling will execute the command directly instead of calling
.Xr fork 2 .Xr fork 2
first. first.
@ -648,9 +648,9 @@ and
are enabled by default on systems using PAM. are enabled by default on systems using PAM.
.Ss Signal handling .Ss Signal handling
When the command is run as a child of the When the command is run as a child of the
.Nm sudo .Nm
process, process,
.Nm sudo .Nm
will relay signals it receives to the command. will relay signals it receives to the command.
Unless the command is being run in a new pty, the Unless the command is being run in a new pty, the
.Dv SIGHUP , .Dv SIGHUP ,
@ -672,10 +672,10 @@ As a general rule,
should be used instead of should be used instead of
.Dv SIGSTOP .Dv SIGSTOP
when you wish to suspend a command being run by when you wish to suspend a command being run by
.Nm sudo . .Nm .
.Pp .Pp
As a special case, As a special case,
.Nm sudo .Nm
will not relay signals that were sent by the command it is running. will not relay signals that were sent by the command it is running.
This prevents the command from accidentally killing itself. This prevents the command from accidentally killing itself.
On some systems, the On some systems, the
@ -685,7 +685,7 @@ command sends
to all non-system processes other than itself before rebooting to all non-system processes other than itself before rebooting
the system. the system.
This prevents This prevents
.Nm sudo .Nm
from relaying the from relaying the
.Dv SIGTERM .Dv SIGTERM
signal it received back to signal it received back to
@ -693,14 +693,14 @@ signal it received back to
which might then exit before the system was actually rebooted, which might then exit before the system was actually rebooted,
leaving it in a half-dead state similar to single user mode. leaving it in a half-dead state similar to single user mode.
Note, however, that this check only applies to the command run by Note, however, that this check only applies to the command run by
.Nm sudo .Nm
and not any other processes that the command may create. and not any other processes that the command may create.
As a result, running a script that calls As a result, running a script that calls
.Xr reboot @mansectsu@ .Xr reboot @mansectsu@
or or
.Xr shutdown @mansectsu@ .Xr shutdown @mansectsu@
via via
.Nm sudo .Nm
may cause the system to end up in this undefined state unless the may cause the system to end up in this undefined state unless the
.Xr reboot @mansectsu@ .Xr reboot @mansectsu@
or or
@ -716,7 +716,7 @@ defined a
.Fn close .Fn close
function, set a command timeout or required that the command be function, set a command timeout or required that the command be
run in a new pty, run in a new pty,
.Nm sudo .Nm
may execute the command directly instead of running it as a child process. may execute the command directly instead of running it as a child process.
.Ss Plugins .Ss Plugins
Plugins may be specified via Plugins may be specified via
@ -726,14 +726,14 @@ directives in the
file. file.
They may be loaded as dynamic shared objects (on systems that support them), They may be loaded as dynamic shared objects (on systems that support them),
or compiled directly into the or compiled directly into the
.Nm sudo .Nm
binary. binary.
If no If no
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
file is present, or it contains no file is present, or it contains no
.Li Plugin .Li Plugin
lines, lines,
.Nm sudo .Nm
will use the traditional will use the traditional
.Em sudoers .Em sudoers
security policy and I/O logging. security policy and I/O logging.
@ -744,7 +744,7 @@ manual for details of the
file and the file and the
.Xr sudo_plugin @mansectsu@ .Xr sudo_plugin @mansectsu@
manual for more information about the manual for more information about the
.Nm sudo .Nm
plugin architecture. plugin architecture.
.Sh EXIT VALUE .Sh EXIT VALUE
Upon successful execution of a program, the exit status from Upon successful execution of a program, the exit status from
@ -752,14 +752,14 @@ Upon successful execution of a program, the exit status from
will simply be the exit status of the program that was executed. will simply be the exit status of the program that was executed.
.Pp .Pp
Otherwise, Otherwise,
.Nm sudo .Nm
exits with a value of 1 if there is a configuration/permission exits with a value of 1 if there is a configuration/permission
problem or if problem or if
.Nm sudo .Nm
cannot execute the given command. cannot execute the given command.
In the latter case the error string is printed to the standard error. In the latter case the error string is printed to the standard error.
If If
.Nm sudo .Nm
cannot cannot
.Xr stat 2 .Xr stat 2
one or more entries in the user's one or more entries in the user's
@ -777,11 +777,11 @@ your
.Ev PATH .Ev PATH
is on a machine that is currently unreachable. is on a machine that is currently unreachable.
.Sh SECURITY NOTES .Sh SECURITY NOTES
.Nm sudo .Nm
tries to be safe when executing external commands. tries to be safe when executing external commands.
.Pp .Pp
To prevent command spoofing, To prevent command spoofing,
.Nm sudo .Nm
checks "." and "" (both denoting current directory) last when checks "." and "" (both denoting current directory) last when
searching for a command in the user's searching for a command in the user's
.Ev PATH .Ev PATH
@ -792,11 +792,11 @@ Note, however, that the actual
environment variable is environment variable is
.Em not .Em not
modified and is passed unchanged to the program that modified and is passed unchanged to the program that
.Nm sudo .Nm
executes. executes.
.Pp .Pp
Please note that Please note that
.Nm sudo .Nm
will normally only log the command it explicitly runs. will normally only log the command it explicitly runs.
If a user runs a command such as If a user runs a command such as
.Li sudo su .Li sudo su
@ -810,7 +810,7 @@ most editors).
If I/O logging is enabled, subsequent commands will have their input and/or If I/O logging is enabled, subsequent commands will have their input and/or
output logged, but there will not be traditional logs for those commands. output logged, but there will not be traditional logs for those commands.
Because of this, care must be taken when giving users access to commands via Because of this, care must be taken when giving users access to commands via
.Nm sudo .Nm
to verify that the command does not inadvertently give the user an to verify that the command does not inadvertently give the user an
effective root shell. effective root shell.
For more information, please see the For more information, please see the
@ -819,11 +819,11 @@ section in
.Xr sudoers @mansectform@ . .Xr sudoers @mansectform@ .
.Pp .Pp
To prevent the disclosure of potentially sensitive information, To prevent the disclosure of potentially sensitive information,
.Nm sudo .Nm
disables core dumps by default while it is executing (they are disables core dumps by default while it is executing (they are
re-enabled for the command that is run). re-enabled for the command that is run).
To aid in debugging To aid in debugging
.Nm sudo .Nm
crashes, you may wish to re-enable core dumps by setting crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump .Dq disable_coredump
to false in the to false in the
@ -837,7 +837,7 @@ See the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
manual for more information. manual for more information.
.Sh ENVIRONMENT .Sh ENVIRONMENT
.Nm sudo .Nm
utilizes the following environment variables. utilizes the following environment variables.
The security policy has control over the actual content of the command's The security policy has control over the actual content of the command's
environment. environment.
@ -918,7 +918,7 @@ is not set.
.Sh FILES .Sh FILES
.Bl -tag -width 24n .Bl -tag -width 24n
.It Pa @sysconfdir@/sudo.conf .It Pa @sysconfdir@/sudo.conf
.Nm sudo .Nm
front end configuration front end configuration
.El .El
.Sh EXAMPLES .Sh EXAMPLES
@ -978,26 +978,26 @@ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
.Xr visudo @mansectsu@ .Xr visudo @mansectsu@
.Sh HISTORY .Sh HISTORY
See the HISTORY file in the See the HISTORY file in the
.Nm sudo .Nm
distribution (http://www.sudo.ws/sudo/history.html) for a brief distribution (http://www.sudo.ws/sudo/history.html) for a brief
history of sudo. history of sudo.
.Sh AUTHORS .Sh AUTHORS
Many people have worked on Many people have worked on
.Nm sudo .Nm
over the years; this version consists of code written primarily by: over the years; this version consists of code written primarily by:
.Bd -ragged -offset indent .Bd -ragged -offset indent
Todd C. Miller Todd C. Miller
.Ed .Ed
.Pp .Pp
See the CONTRIBUTORS file in the See the CONTRIBUTORS file in the
.Nm sudo .Nm
distribution (http://www.sudo.ws/sudo/contributors.html) for an distribution (http://www.sudo.ws/sudo/contributors.html) for an
exhaustive list of people who have contributed to exhaustive list of people who have contributed to
.Nm sudo . .Nm .
.Sh CAVEATS .Sh CAVEATS
There is no easy way to prevent a user from gaining a root shell There is no easy way to prevent a user from gaining a root shell
if that user is allowed to run arbitrary commands via if that user is allowed to run arbitrary commands via
.Nm sudo . .Nm .
Also, many programs (such as editors) allow the user to run commands Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding via shell escapes, thus avoiding
.Nm sudo Ns 's .Nm sudo Ns 's
@ -1022,25 +1022,25 @@ Please see the
section for more information. section for more information.
.Pp .Pp
Running shell scripts via Running shell scripts via
.Nm sudo .Nm
can expose the same kernel bugs that make setuid shell scripts can expose the same kernel bugs that make setuid shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory, unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe). setuid shell scripts are generally safe).
.Sh BUGS .Sh BUGS
If you feel you have found a bug in If you feel you have found a bug in
.Nm sudo , .Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/ please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT .Sh SUPPORT
Limited free support is available via the sudo-users mailing list, Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives. search the archives.
.Sh DISCLAIMER .Sh DISCLAIMER
.Nm sudo .Nm
is provided is provided
.Dq AS IS .Dq AS IS
and any express or implied warranties, including, but not limited and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed. particular purpose are disclaimed.
See the LICENSE file distributed with See the LICENSE file distributed with
.Nm sudo .Nm
or http://www.sudo.ws/sudo/license.html for complete details. or http://www.sudo.ws/sudo/license.html for complete details.

16
doc/sudo_plugin.man.in
View File

@ -1924,29 +1924,29 @@ while the plugin functions are run.
The following signals are trapped by default before the command is The following signals are trapped by default before the command is
executed: executed:
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGALRM\fR \fRSIGALRM\fR
.PD 0 .PD 0
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGHUP\fR \fRSIGHUP\fR
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGINT\fR \fRSIGINT\fR
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGQUIT\fR \fRSIGQUIT\fR
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGTERM\fR \fRSIGTERM\fR
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGTSTP\fR \fRSIGTSTP\fR
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGUSR1\fR \fRSIGUSR1\fR
.TP 4n .TP 4n
\fBo\fR \fB\(bu\fR
\fRSIGUSR2\fR \fRSIGUSR2\fR
.PD .PD
.PP .PP

8
doc/sudoers.cat
View File

@ -4,7 +4,7 @@ NNAAMMEE
ssuuddooeerrss - default sudo security policy plugin ssuuddooeerrss - default sudo security policy plugin
DDEESSCCRRIIPPTTIIOONN DDEESSCCRRIIPPTTIIOONN
The _s_u_d_o_e_r_s policy plugin determines a user's ssuuddoo privileges. It is the The ssuuddooeerrss policy plugin determines a user's ssuuddoo privileges. It is the
default ssuuddoo policy plugin. The policy is driven by the _/_e_t_c_/_s_u_d_o_e_r_s default ssuuddoo policy plugin. The policy is driven by the _/_e_t_c_/_s_u_d_o_e_r_s
file or, optionally in LDAP. The policy format is described in detail in file or, optionally in LDAP. The policy format is described in detail in
the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s the _S_U_D_O_E_R_S _F_I_L_E _F_O_R_M_A_T section. For information on storing _s_u_d_o_e_r_s
@ -155,9 +155,9 @@ DDEESSCCRRIIPPTTIIOONN
variables in the PAM environment may be merged in to the environment. If variables in the PAM environment may be merged in to the environment. If
a variable in the PAM environment is already present in the user's a variable in the PAM environment is already present in the user's
environment, the value will only be overridden if the variable was not environment, the value will only be overridden if the variable was not
preserved by ssuuddooeerrss.. When _e_n_v___r_e_s_e_t is enabled, variables preserved from preserved by ssuuddooeerrss. When _e_n_v___r_e_s_e_t is enabled, variables preserved
the invoking user's environment by the _e_n_v___k_e_e_p list take precedence over from the invoking user's environment by the _e_n_v___k_e_e_p list take precedence
those in the PAM environment. When _e_n_v___r_e_s_e_t is disabled, variables over those in the PAM environment. When _e_n_v___r_e_s_e_t is disabled, variables
present the invoking user's environment take precedence over those in the present the invoking user's environment take precedence over those in the
PAM environment unless they match a pattern in the _e_n_v___d_e_l_e_t_e list. PAM environment unless they match a pattern in the _e_n_v___d_e_l_e_t_e list.

4
doc/sudoers.man.in
View File

@ -29,7 +29,7 @@
\- default sudo security policy plugin \- default sudo security policy plugin
.SH "DESCRIPTION" .SH "DESCRIPTION"
The The
\fIsudoers\fR \fBsudoers\fR
policy plugin determines a user's policy plugin determines a user's
\fBsudo\fR \fBsudo\fR
privileges. privileges.
@ -375,7 +375,7 @@ variables in the PAM environment may be merged in to the environment.
If a variable in the PAM environment is already present in the If a variable in the PAM environment is already present in the
user's environment, the value will only be overridden if the variable user's environment, the value will only be overridden if the variable
was not preserved by was not preserved by
\fBsudoers.\fR \fBsudoers\fR.
When When
\fIenv_reset\fR \fIenv_reset\fR
is enabled, variables preserved from the invoking user's environment is enabled, variables preserved from the invoking user's environment

44
doc/sudoers.mdoc.in
View File

@ -27,7 +27,7 @@
.Nd default sudo security policy plugin .Nd default sudo security policy plugin
.Sh DESCRIPTION .Sh DESCRIPTION
The The
.Em sudoers .Nm
policy plugin determines a user's policy plugin determines a user's
.Nm sudo .Nm sudo
privileges. privileges.
@ -56,12 +56,12 @@ If no
file is present, or if it contains no file is present, or if it contains no
.Li Plugin .Li Plugin
lines, lines,
.Nm sudoers .Nm
will be used for policy decisions and I/O logging. will be used for policy decisions and I/O logging.
To explicitly configure To explicitly configure
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
to use the to use the
.Nm sudoers .Nm
plugin, the following configuration can be used. plugin, the following configuration can be used.
.Bd -literal -offset indent .Bd -literal -offset indent
Plugin sudoers_policy sudoers.so Plugin sudoers_policy sudoers.so
@ -71,7 +71,7 @@ Plugin sudoers_io sudoers.so
Starting with Starting with
.Nm sudo .Nm sudo
1.8.5, it is possible to specify optional arguments to the 1.8.5, it is possible to specify optional arguments to the
.Nm sudoers .Nm
plugin in the plugin in the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
file. file.
@ -361,7 +361,7 @@ variables in the PAM environment may be merged in to the environment.
If a variable in the PAM environment is already present in the If a variable in the PAM environment is already present in the
user's environment, the value will only be overridden if the variable user's environment, the value will only be overridden if the variable
was not preserved by was not preserved by
.Nm sudoers. .Nm .
When When
.Em env_reset .Em env_reset
is enabled, variables preserved from the invoking user's environment is enabled, variables preserved from the invoking user's environment
@ -1906,7 +1906,7 @@ In the
file, the first host name of the entry is considered to be the file, the first host name of the entry is considered to be the
.Dq canonical .Dq canonical
name; subsequent names are aliases that are not used by name; subsequent names are aliases that are not used by
.Nm sudoers . .Nm .
For example, the following hosts file line for the machine For example, the following hosts file line for the machine
.Dq xyzzy .Dq xyzzy
has the fully-qualified domain name as the has the fully-qualified domain name as the
@ -1922,7 +1922,7 @@ option will not be effective if it is queried before DNS.
Beware that when using DNS for host name resolution, turning on Beware that when using DNS for host name resolution, turning on
.Em fqdn .Em fqdn
requires requires
.Nm sudoers .Nm
to make DNS lookups which renders to make DNS lookups which renders
.Nm sudo .Nm sudo
unusable if DNS stops working (for example if the machine is disconnected unusable if DNS stops working (for example if the machine is disconnected
@ -2766,7 +2766,7 @@ Once the local sequence number reaches the value of
it will it will
.Dq roll over .Dq roll over
to zero, after which to zero, after which
.Nm sudoers .Nm
will truncate and re-use any existing I/O log path names. will truncate and re-use any existing I/O log path names.
.Pp .Pp
This setting is only supported by version 1.8.7 or higher. This setting is only supported by version 1.8.7 or higher.
@ -3229,7 +3229,7 @@ option.
.El .El
.Sh GROUP PROVIDER PLUGINS .Sh GROUP PROVIDER PLUGINS
The The
.Nm sudoers .Nm
plugin supports its own plugin interface to allow non-Unix plugin supports its own plugin interface to allow non-Unix
group lookups which can query a group source other group lookups which can query a group source other
than the standard Unix group database. than the standard Unix group database.
@ -3283,7 +3283,7 @@ Defaults group_plugin=system_group.so
The group provider plugin API is described in detail in The group provider plugin API is described in detail in
.Xr sudo_plugin @mansectsu@ . .Xr sudo_plugin @mansectsu@ .
.Sh LOG FORMAT .Sh LOG FORMAT
.Nm sudoers .Nm
can log events using either can log events using either
.Xr syslog 3 .Xr syslog 3
or a simple log file. or a simple log file.
@ -3397,13 +3397,13 @@ were not allowed by
.El .El
.Ss Error log entries .Ss Error log entries
If an error occurs, If an error occurs,
.Nm sudoers .Nm
will log a message and, in most cases, send a message to the will log a message and, in most cases, send a message to the
administrator via email. administrator via email.
Possible errors include: Possible errors include:
.Bl -tag -width 4 .Bl -tag -width 4
.It parse error in @sysconfdir@/sudoers near line N .It parse error in @sysconfdir@/sudoers near line N
.Nm sudoers .Nm
encountered an error when parsing the specified file. encountered an error when parsing the specified file.
In some cases, the actual error may be one line above or below the In some cases, the actual error may be one line above or below the
line number listed, depending on the type of error. line number listed, depending on the type of error.
@ -3430,7 +3430,7 @@ This can happen when the
file is located on a remote file system that maps user ID 0 to file is located on a remote file system that maps user ID 0 to
a different value. a different value.
Normally, Normally,
.Nm sudoers .Nm
tries to open tries to open
.Em sudoers .Em sudoers
using group permissions to avoid this problem. using group permissions to avoid this problem.
@ -3443,7 +3443,7 @@ or adding an argument like
is the user ID that owns the is the user ID that owns the
.Em sudoers .Em sudoers
file) to the end of the file) to the end of the
.Nm sudoers .Nm
.Li Plugin .Li Plugin
line in the line in the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
@ -3469,7 +3469,7 @@ file owner, please add
is the user ID that owns the is the user ID that owns the
.Em sudoers .Em sudoers
file) to the file) to the
.Nm sudoers .Nm
.Li Plugin .Li Plugin
line in the line in the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
@ -3485,7 +3485,7 @@ is 0440 (readable by owner and group, writable by none).
The default mode may be changed via the The default mode may be changed via the
.Dq sudoers_mode .Dq sudoers_mode
option to the option to the
.Nm sudoers .Nm
.Li Plugin .Li Plugin
line in the line in the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
@ -3503,7 +3503,7 @@ file group ownership, please add
is the group ID that owns the is the group ID that owns the
.Em sudoers .Em sudoers
file) to the file) to the
.Nm sudoers .Nm
.Li Plugin .Li Plugin
line in the line in the
.Xr sudo.conf @mansectform@ .Xr sudo.conf @mansectform@
@ -3556,7 +3556,7 @@ On most systems,
.Xr syslog 3 .Xr syslog 3
has a relatively small log buffer. has a relatively small log buffer.
To prevent the command line arguments from being truncated, To prevent the command line arguments from being truncated,
.Nm sudoers .Nm
will split up log messages that are larger than 960 characters will split up log messages that are larger than 960 characters
(not including the date, hostname, and the string (not including the date, hostname, and the string
.Dq sudo ) . .Dq sudo ) .
@ -4256,7 +4256,7 @@ without entering a password when logging out and back in again
on the same terminal. on the same terminal.
.Sh DEBUGGING .Sh DEBUGGING
Versions 1.8.4 and higher of the Versions 1.8.4 and higher of the
.Nm sudoers .Nm
plugin support a flexible debugging framework that can help track plugin support a flexible debugging framework that can help track
down what the plugin is doing internally if there is a problem. down what the plugin is doing internally if there is a problem.
This can be configured in the This can be configured in the
@ -4264,14 +4264,14 @@ This can be configured in the
file. file.
.Pp .Pp
The The
.Nm sudoers .Nm
plugin uses the same debug flag format as the plugin uses the same debug flag format as the
.Nm sudo .Nm sudo
front-end: front-end:
.Em subsystem Ns @ Ns Em priority . .Em subsystem Ns @ Ns Em priority .
.Pp .Pp
The priorities used by The priorities used by
.Nm sudoers , .Nm ,
in order of decreasing severity, in order of decreasing severity,
are: are:
.Em crit , err , warn , notice , diag , info , trace .Em crit , err , warn , notice , diag , info , trace
@ -4286,7 +4286,7 @@ would include debug messages logged at
and higher. and higher.
.Pp .Pp
The following subsystems are used by the The following subsystems are used by the
.Nm sudoers .Nm
plugin: plugin:
.Bl -tag -width 8n .Bl -tag -width 8n
.It Em alias .It Em alias

30
doc/sudoreplay.mdoc.in
View File

@ -29,17 +29,17 @@
.Op Fl s Ar num .Op Fl s Ar num
ID ID
.Pp .Pp
.Nm sudoreplay .Nm
.Op Fl h .Op Fl h
.Op Fl d Ar dir .Op Fl d Ar dir
.Fl l .Fl l
.Op search expression .Op search expression
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm sudoreplay .Nm
plays back or lists the output logs created by plays back or lists the output logs created by
.Nm sudo . .Nm sudo .
When replaying, When replaying,
.Nm sudoreplay .Nm
can play the session back in real-time, or the playback speed may be can play the session back in real-time, or the playback speed may be
adjusted (faster or slower) based on the command line options. adjusted (faster or slower) based on the command line options.
.Pp .Pp
@ -71,12 +71,12 @@ may also be determined using
list mode. list mode.
.Pp .Pp
In list mode, In list mode,
.Nm sudoreplay .Nm
can be used to find the ID of a session based on a number of criteria can be used to find the ID of a session based on a number of criteria
such as the user, tty or command run. such as the user, tty or command run.
.Pp .Pp
In replay mode, if the standard output has not been redirected, In replay mode, if the standard output has not been redirected,
.Nm sudoreplay .Nm
will act on the following keys: will act on the following keys:
.Bl -tag -width 12n .Bl -tag -width 12n
.It So Li \en Sc No or So Li \er Sc .It So Li \en Sc No or So Li \er Sc
@ -99,7 +99,7 @@ instead of the default,
.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter .It Fl f Ar filter , Fl -filter Ns = Ns Ar filter
Select which I/O type(s) to display. Select which I/O type(s) to display.
By default, By default,
.Nm sudoreplay .Nm
will display the command's standard output, standard error and tty output. will display the command's standard output, standard error and tty output.
The The
.Ar filter .Ar filter
@ -114,7 +114,7 @@ Display a short help message to the standard output and exit.
Enable Enable
.Dq list mode . .Dq list mode .
In this mode, In this mode,
.Nm sudoreplay .Nm
will list available sessions in a format similar to the will list available sessions in a format similar to the
.Nm sudo .Nm sudo
log file format, sorted by file name (or sequence number). log file format, sorted by file name (or sequence number).
@ -198,13 +198,13 @@ unless separated by an
.It Fl m , -max-wait Ar max_wait .It Fl m , -max-wait Ar max_wait
Specify an upper bound on how long to wait between key presses or output data. Specify an upper bound on how long to wait between key presses or output data.
By default, By default,
.Nm sudoreplay .Nm
will accurately reproduce the delays between key presses or program output. will accurately reproduce the delays between key presses or program output.
However, this can be tedious when the session includes long pauses. However, this can be tedious when the session includes long pauses.
When the When the
.Fl m .Fl m
option is specified, option is specified,
.Nm sudoreplay .Nm
will limit these pauses to at most will limit these pauses to at most
.Em max_wait .Em max_wait
seconds. seconds.
@ -212,7 +212,7 @@ The value may be specified as a floating point number, e.g.\&
.Em 2.5 . .Em 2.5 .
.It Fl s , -speed Ar speed_factor .It Fl s , -speed Ar speed_factor
This option causes This option causes
.Nm sudoreplay .Nm
to adjust the number of seconds it will wait between key presses or to adjust the number of seconds it will wait between key presses or
program output. program output.
This can be used to slow down or speed up the display. This can be used to slow down or speed up the display.
@ -227,7 +227,7 @@ of
would make the output twice as slow. would make the output twice as slow.
.It Fl V , -version .It Fl V , -version
Print the Print the
.Nm sudoreplay .Nm
versions version number and exit. versions version number and exit.
.El .El
.Ss Date and time format .Ss Date and time format
@ -296,9 +296,9 @@ For example,
will result in a time exactly two weeks from now, which is probably will result in a time exactly two weeks from now, which is probably
not what was intended. not what was intended.
This will be addressed in a future version of This will be addressed in a future version of
.Nm sudoreplay . .Nm .
.Ss Debugging sudoreplay .Ss Debugging sudoreplay
.Nm sudoreplay .Nm
versions 1.8.4 and higher support a flexible debugging framework versions 1.8.4 and higher support a flexible debugging framework
that is configured via that is configured via
.Li Debug .Li Debug
@ -372,14 +372,14 @@ List sessions run by jeff or bob on the console:
Todd C. Miller Todd C. Miller
.Sh BUGS .Sh BUGS
If you feel you have found a bug in If you feel you have found a bug in
.Nm sudoreplay , .Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/ please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT .Sh SUPPORT
Limited free support is available via the sudo-users mailing list, Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives. search the archives.
.Sh DISCLAIMER .Sh DISCLAIMER
.Nm sudoreplay .Nm
is provided is provided
.Dq AS IS .Dq AS IS
and any express or implied warranties, including, but not limited and any express or implied warranties, including, but not limited

2
doc/visudo.cat
View File

@ -30,7 +30,7 @@ DDEESSCCRRIIPPTTIIOONN
may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used changes, or `Q' to quit and save changes. The `Q' option should be used
with extreme care because if vviissuuddoo believes there to be a parse error, with extreme care because if vviissuuddoo believes there to be a parse error,
so will ssuuddoo and no one will be able to ssuuddoo again until the error is so will ssuuddoo and no one will be able to run ssuuddoo again until the error is
fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has
been detected, the cursor will be placed on the line where the error been detected, the cursor will be placed on the line where the error
occurred (if the editor supports this feature). occurred (if the editor supports this feature).

2
doc/visudo.man.in
View File

@ -112,7 +112,7 @@ option should be used with extreme care because if
believes there to be a parse error, so will believes there to be a parse error, so will
\fBsudo\fR \fBsudo\fR
and no one and no one
will be able to will be able to run
\fBsudo\fR \fBsudo\fR
again until the error is fixed. again until the error is fixed.
If If

46
doc/visudo.mdoc.in
View File

@ -31,12 +31,12 @@
.Op Fl f Ar sudoers .Op Fl f Ar sudoers
.Op Fl x Ar output_file .Op Fl x Ar output_file
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm visudo .Nm
edits the edits the
.Em sudoers .Em sudoers
file in a safe fashion, analogous to file in a safe fashion, analogous to
.Xr vipw @mansectsu@ . .Xr vipw @mansectsu@ .
.Nm visudo .Nm
locks the locks the
.Em sudoers .Em sudoers
file against multiple simultaneous edits, provides basic sanity checks, file against multiple simultaneous edits, provides basic sanity checks,
@ -46,7 +46,7 @@ If the
file is currently being edited you will receive a message to try again later. file is currently being edited you will receive a message to try again later.
.Pp .Pp
There is a hard-coded list of one or more editors that There is a hard-coded list of one or more editors that
.Nm visudo .Nm
will use set at compile-time that may be overridden via the will use set at compile-time that may be overridden via the
.Em editor .Em editor
.Em sudoers .Em sudoers
@ -55,7 +55,7 @@ variable.
This list defaults to This list defaults to
.Li "@editor@" . .Li "@editor@" .
Normally, Normally,
.Nm visudo .Nm
does not honor the does not honor the
.Ev VISUAL .Ev VISUAL
or or
@ -63,7 +63,7 @@ or
environment variables unless they contain an editor in the aforementioned environment variables unless they contain an editor in the aforementioned
editors list. editors list.
However, if However, if
.Nm visudo .Nm
is configured with the is configured with the
.Li --with-env-editor .Li --with-env-editor
option or the option or the
@ -71,7 +71,7 @@ option or the
.Li Default .Li Default
variable is set in variable is set in
.Em sudoers , .Em sudoers ,
.Nm visudo .Nm
will use any the editor defines by will use any the editor defines by
.Ev VISUAL .Ev VISUAL
or or
@ -82,13 +82,13 @@ execute any program they wish simply by setting
or or
.Ev EDITOR . .Ev EDITOR .
.Pp .Pp
.Nm visudo .Nm
parses the parses the
.Em sudoers .Em sudoers
file after the edit and will file after the edit and will
not save the changes if there is a syntax error. not save the changes if there is a syntax error.
Upon finding an error, Upon finding an error,
.Nm visudo .Nm
will print a message stating the line number(s) will print a message stating the line number(s)
where the error occurred and the user will receive the where the error occurred and the user will receive the
.Dq What now? .Dq What now?
@ -105,11 +105,11 @@ to quit and save changes.
The The
.Ql Q .Ql Q
option should be used with extreme care because if option should be used with extreme care because if
.Nm visudo .Nm
believes there to be a parse error, so will believes there to be a parse error, so will
.Nm sudo .Nm sudo
and no one and no one
will be able to will be able to run
.Nm sudo .Nm sudo
again until the error is fixed. again until the error is fixed.
If If
@ -135,17 +135,17 @@ unless the
.Fl q .Fl q
option was specified. option was specified.
If the check completes successfully, If the check completes successfully,
.Nm visudo .Nm
will exit with a value of 0. will exit with a value of 0.
If an error is encountered, If an error is encountered,
.Nm visudo .Nm
will exit with a value of 1. will exit with a value of 1.
.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers .It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers
Specify an alternate Specify an alternate
.Em sudoers .Em sudoers
file location. file location.
With this option, With this option,
.Nm visudo .Nm
will edit (or check) the will edit (or check) the
.Em sudoers .Em sudoers
file of your choice, file of your choice,
@ -183,7 +183,7 @@ checking of the
.Em sudoers .Em sudoers
file. file.
If an alias is used before it is defined, If an alias is used before it is defined,
.Nm visudo .Nm
will consider this a parse error. will consider this a parse error.
Note that it is not possible to differentiate between an Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase alias and a host name or user name that consists solely of uppercase
@ -192,7 +192,7 @@ letters, digits, and the underscore
character. character.
.It Fl V , -version .It Fl V , -version
Print the Print the
.Nm visudo .Nm
and and
.Em sudoers .Em sudoers
grammar versions and exit. grammar versions and exit.
@ -226,7 +226,7 @@ ambiguity of the
format. format.
.El .El
.Ss Debugging and sudoers plugin arguments .Ss Debugging and sudoers plugin arguments
.Nm visudo .Nm
versions 1.8.4 and higher support a flexible debugging framework versions 1.8.4 and higher support a flexible debugging framework
that is configured via that is configured via
.Li Debug .Li Debug
@ -237,7 +237,7 @@ file.
Starting with Starting with
.Nm sudo .Nm sudo
1.8.12, 1.8.12,
.Nm visudo .Nm
will also parse the arguments to the will also parse the arguments to the
.Em sudoers .Em sudoers
plugin to override the default plugin to override the default
@ -291,11 +291,11 @@ settings:
.Bl -tag -width 15n .Bl -tag -width 15n
.It Ev VISUAL .It Ev VISUAL
Invoked by Invoked by
.Nm visudo .Nm
as the editor to use as the editor to use
.It Ev EDITOR .It Ev EDITOR
Used by Used by
.Nm visudo .Nm
if if
.Ev VISUAL .Ev VISUAL
is not set is not set
@ -317,7 +317,7 @@ Someone else is currently editing the
file. file.
.It Li @sysconfdir@/sudoers.tmp: Permission denied .It Li @sysconfdir@/sudoers.tmp: Permission denied
You didn't run You didn't run
.Nm visudo .Nm
as root. as root.
.It Li Can't find you in the passwd database .It Li Can't find you in the passwd database
Your user ID does not appear in the system passwd file. Your user ID does not appear in the system passwd file.
@ -379,18 +379,18 @@ exhaustive list of people who have contributed to
.Sh CAVEATS .Sh CAVEATS
There is no easy way to prevent a user from gaining a root shell if There is no easy way to prevent a user from gaining a root shell if
the editor used by the editor used by
.Nm visudo .Nm
allows shell escapes. allows shell escapes.
.Sh BUGS .Sh BUGS
If you feel you have found a bug in If you feel you have found a bug in
.Nm visudo , .Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/ please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT .Sh SUPPORT
Limited free support is available via the sudo-users mailing list, Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives. search the archives.
.Sh DISCLAIMER .Sh DISCLAIMER
.Nm visudo .Nm
is provided is provided
.Dq AS IS .Dq AS IS
and any express or implied warranties, including, but not limited and any express or implied warranties, including, but not limited