Sort tags lexically in the sudoers manual

doc/sudoers.cat

@@ -461,9 +461,9 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
 
      Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
 
-     Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
-                   'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
-                   'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:')
+     Tag_Spec ::= ('NOEXEC:' | 'EXEC:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+                   'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' |
+                   'NOPASSWD:' | 'PASSWD:' | 'SETENV:' | 'NOSETENV:')
 
      A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as
      what user) on specified hosts.  By default, commands are run as rroooott, but
@@ -577,12 +577,48 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
 
    TTaagg__SSppeecc
      A command may have zero or more tags associated with it.  There are ten
-     possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,
-     LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT, NOLOG_OUTPUT, MAIL and NOMAIL.  Once
+     possible tag values: NOEXEC, EXEC, LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT,
+     NOLOG_OUTPUT, MAIL, NOMAIL, NOPASSWD, PASSWD, SETENV, and NOSETENV.  Once
      a tag is set on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit
      the tag unless it is overridden by the opposite tag (in other words,
      PASSWD overrides NOPASSWD and NOEXEC overrides EXEC).
 
+     _N_O_E_X_E_C and _E_X_E_C
+
+       If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying
+       operating system supports it, the NOEXEC tag can be used to prevent a
+       dynamically-linked executable from running further commands itself.
+
+       In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and
+       _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled.
+
+       aaron   shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+       See the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section below for more details on how
+       NOEXEC works and whether or not it will work on your system.
+
+     _L_O_G___I_N_P_U_T and _N_O_L_O_G___I_N_P_U_T
+
+       These tags override the value of the _l_o_g___i_n_p_u_t option on a per-command
+       basis.  For more information, see the description of _l_o_g___i_n_p_u_t in the
+       _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below.
+
+     _L_O_G___O_U_T_P_U_T and _N_O_L_O_G___O_U_T_P_U_T
+
+       These tags override the value of the _l_o_g___o_u_t_p_u_t option on a per-command
+       basis.  For more information, see the description of _l_o_g___o_u_t_p_u_t in the
+       _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below.
+
+     _M_A_I_L and _N_O_M_A_I_L
+
+       These tags provide fine-grained control over whether mail will be sent
+       when a user runs a command by overriding the value of the
+       _m_a_i_l___a_l_l___c_m_n_d_s option on a per-command basis.  They have no effect when
+       ssuuddoo is run with the --ll or --vv options.  A _N_O_M_A_I_L tag will also override
+       the _m_a_i_l___a_l_w_a_y_s and _m_a_i_l___n_o___p_e_r_m_s options.  For more information, see
+       the descriptions of _m_a_i_l___a_l_l___c_m_n_d_s, _m_a_i_l___a_l_w_a_y_s, and _m_a_i_l___n_o___p_e_r_m_s in
+       the _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below.
+
      _N_O_P_A_S_S_W_D and _P_A_S_S_W_D
 
        By default, ssuuddoo requires that a user authenticate him or herself
@@ -610,20 +646,6 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        entries that pertain to the current host.  This behavior may be
        overridden via the _v_e_r_i_f_y_p_w and _l_i_s_t_p_w options.
 
-     _N_O_E_X_E_C and _E_X_E_C
-
-       If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying
-       operating system supports it, the NOEXEC tag can be used to prevent a
-       dynamically-linked executable from running further commands itself.
-
-       In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and
-       _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled.
-
-       aaron   shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-
-       See the _P_r_e_v_e_n_t_i_n_g _s_h_e_l_l _e_s_c_a_p_e_s section below for more details on how
-       NOEXEC works and whether or not it will work on your system.
-
      _S_E_T_E_N_V and _N_O_S_E_T_E_N_V
 
        These tags override the value of the _s_e_t_e_n_v option on a per-command
@@ -636,28 +658,6 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        tag is implied for that command; this default may be overridden by use
        of the NOSETENV tag.
 
-     _L_O_G___I_N_P_U_T and _N_O_L_O_G___I_N_P_U_T
-
-       These tags override the value of the _l_o_g___i_n_p_u_t option on a per-command
-       basis.  For more information, see the description of _l_o_g___i_n_p_u_t in the
-       _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below.
-
-     _L_O_G___O_U_T_P_U_T and _N_O_L_O_G___O_U_T_P_U_T
-
-       These tags override the value of the _l_o_g___o_u_t_p_u_t option on a per-command
-       basis.  For more information, see the description of _l_o_g___o_u_t_p_u_t in the
-       _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below.
-
-     _M_A_I_L and _N_O_M_A_I_L
-
-       These tags provide fine-grained control over whether mail will be sent
-       when a user runs a command by overriding the value of the
-       _m_a_i_l___a_l_l___c_m_n_d_s option on a per-command basis.  They have no effect when
-       ssuuddoo is run with the --ll or --vv options.  A _N_O_M_A_I_L tag will also override
-       the _m_a_i_l___a_l_w_a_y_s and _m_a_i_l___n_o___p_e_r_m_s options.  For more information, see
-       the descriptions of _m_a_i_l___a_l_l___c_m_n_d_s, _m_a_i_l___a_l_w_a_y_s, and _m_a_i_l___n_o___p_e_r_m_s in
-       the _S_U_D_O_E_R_S _O_P_T_I_O_N_S section below.
-
    WWiillddccaarrddss
      ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob characters) to be
      used in host names, path names and command line arguments in the _s_u_d_o_e_r_s

doc/sudoers.man.in

@@ -955,9 +955,9 @@ SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
 
 Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
 
-Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
-              'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
-              'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:')
+Tag_Spec ::= ('NOEXEC:' | 'EXEC:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+              'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' |
+	      'NOPASSWD:' | 'PASSWD:' | 'SETENV:' | 'NOSETENV:')
 .RE
 .fi
 .PP
@@ -1208,19 +1208,19 @@ character.
 A command may have zero or more tags associated with it.
 There are
 ten possible tag values:
-\fRNOPASSWD\fR,
-\fRPASSWD\fR,
 \fRNOEXEC\fR,
 \fREXEC\fR,
-\fRSETENV\fR,
-\fRNOSETENV\fR,
 \fRLOG_INPUT\fR,
 \fRNOLOG_INPUT\fR,
 \fRLOG_OUTPUT\fR,
 \fRNOLOG_OUTPUT\fR,
-\fRMAIL\fR
+\fRMAIL\fR,
+\fRNOMAIL\fR,
+\fRNOPASSWD\fR,
+\fRPASSWD\fR,
+\fRSETENV\fR,
 and
-\fRNOMAIL\fR.
+\fRNOSETENV\fR.
 Once a tag is set on a
 \fRCmnd\fR,
 subsequent
@@ -1236,6 +1236,91 @@ and
 overrides
 \fREXEC\fR).
 .TP 2n
+\fINOEXEC\fR and \fIEXEC\fR
+.sp
+If
+\fBsudo\fR
+has been compiled with
+\fInoexec\fR
+support and the underlying operating system supports it, the
+\fRNOEXEC\fR
+tag can be used to prevent a dynamically-linked executable from
+running further commands itself.
+.sp
+In the following example, user
+\fBaaron\fR
+may run
+\fI/usr/bin/more\fR
+and
+\fI/usr/bin/vi\fR
+but shell escapes will be disabled.
+.nf
+.sp
+.RS 2n
+aaron	shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.RE
+.fi
+.RS 2n
+.sp
+See the
+\fIPreventing shell escapes\fR
+section below for more details on how
+\fRNOEXEC\fR
+works and whether or not it will work on your system.
+.RE
+.TP 2n
+\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
+.sp
+These tags override the value of the
+\fIlog_input\fR
+option on a per-command basis.
+For more information, see the description of
+\fIlog_input\fR
+in the
+\fISUDOERS OPTIONS\fR
+section below.
+.TP 2n
+\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR
+.sp
+These tags override the value of the
+\fIlog_output\fR
+option on a per-command basis.
+For more information, see the description of
+\fIlog_output\fR
+in the
+\fISUDOERS OPTIONS\fR
+section below.
+.TP 2n
+\fIMAIL\fR and \fINOMAIL\fR
+.sp
+These tags provide fine-grained control over whether
+mail will be sent when a user runs a command by
+overriding the value of the
+\fImail_all_cmnds\fR
+option on a per-command basis.
+They have no effect when
+\fBsudo\fR
+is run with the
+\fB\-l\fR
+or
+\fB\-v\fR
+options.
+A
+\fINOMAIL\fR
+tag will also override the
+\fImail_always\fR
+and
+\fImail_no_perms\fR
+options.
+For more information, see the descriptions of
+\fImail_all_cmnds\fR,
+\fImail_always\fR,
+and
+\fImail_no_perms\fR
+in the
+\fISUDOERS OPTIONS\fR
+section below.
+.TP 2n
 \fINOPASSWD\fR and \fIPASSWD\fR
 .sp
 By default,
@@ -1311,39 +1396,6 @@ and
 options.
 .RE
 .TP 2n
-\fINOEXEC\fR and \fIEXEC\fR
-.sp
-If
-\fBsudo\fR
-has been compiled with
-\fInoexec\fR
-support and the underlying operating system supports it, the
-\fRNOEXEC\fR
-tag can be used to prevent a dynamically-linked executable from
-running further commands itself.
-.sp
-In the following example, user
-\fBaaron\fR
-may run
-\fI/usr/bin/more\fR
-and
-\fI/usr/bin/vi\fR
-but shell escapes will be disabled.
-.nf
-.sp
-.RS 2n
-aaron	shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-.RE
-.fi
-.RS 2n
-.sp
-See the
-\fIPreventing shell escapes\fR
-section below for more details on how
-\fRNOEXEC\fR
-works and whether or not it will work on your system.
-.RE
-.TP 2n
 \fISETENV\fR and \fINOSETENV\fR
 .sp
 These tags override the value of the
@@ -1370,58 +1422,6 @@ the
 tag is implied for that command; this default may be overridden by use of the
 \fRNOSETENV\fR
 tag.
-.TP 2n
-\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
-.sp
-These tags override the value of the
-\fIlog_input\fR
-option on a per-command basis.
-For more information, see the description of
-\fIlog_input\fR
-in the
-\fISUDOERS OPTIONS\fR
-section below.
-.TP 2n
-\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR
-.sp
-These tags override the value of the
-\fIlog_output\fR
-option on a per-command basis.
-For more information, see the description of
-\fIlog_output\fR
-in the
-\fISUDOERS OPTIONS\fR
-section below.
-.TP 2n
-\fIMAIL\fR and \fINOMAIL\fR
-.sp
-These tags provide fine-grained control over whether
-mail will be sent when a user runs a command by
-overriding the value of the
-\fImail_all_cmnds\fR
-option on a per-command basis.
-They have no effect when
-\fBsudo\fR
-is run with the
-\fB\-l\fR
-or
-\fB\-v\fR
-options.
-A
-\fINOMAIL\fR
-tag will also override the
-\fImail_always\fR
-and
-\fImail_no_perms\fR
-options.
-For more information, see the descriptions of
-\fImail_all_cmnds\fR,
-\fImail_always\fR,
-and
-\fImail_no_perms\fR
-in the
-\fISUDOERS OPTIONS\fR
-section below.
 .SS "Wildcards"
 \fBsudo\fR
 allows shell-style

doc/sudoers.mdoc.in

@@ -908,9 +908,9 @@ SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
 
 Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
 
-Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
-              'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
-              'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:')
+Tag_Spec ::= ('NOEXEC:' | 'EXEC:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+              'LOG_OUTPUT:' | 'NOLOG_OUTPUT:' | 'MAIL:' | 'NOMAIL:' |
+	      'NOPASSWD:' | 'PASSWD:' | 'SETENV:' | 'NOSETENV:')
 .Ed
 .Pp
 A
@@ -1131,19 +1131,19 @@ character.
 A command may have zero or more tags associated with it.
 There are
 ten possible tag values:
-.Li NOPASSWD ,
-.Li PASSWD ,
 .Li NOEXEC ,
 .Li EXEC ,
-.Li SETENV ,
-.Li NOSETENV ,
 .Li LOG_INPUT ,
 .Li NOLOG_INPUT ,
 .Li LOG_OUTPUT ,
 .Li NOLOG_OUTPUT ,
-.Li MAIL
+.Li MAIL ,
+.Li NOMAIL ,
+.Li NOPASSWD ,
+.Li PASSWD ,
+.Li SETENV ,
 and
-.Li NOMAIL .
+.Li NOSETENV .
 Once a tag is set on a
 .Li Cmnd ,
 subsequent
@@ -1159,6 +1159,82 @@ and
 overrides
 .Li EXEC ) .
 .Bl -hang -width 0n
+.It Em NOEXEC No and Em EXEC
+.sp
+If
+.Nm sudo
+has been compiled with
+.Em noexec
+support and the underlying operating system supports it, the
+.Li NOEXEC
+tag can be used to prevent a dynamically-linked executable from
+running further commands itself.
+.Pp
+In the following example, user
+.Sy aaron
+may run
+.Pa /usr/bin/more
+and
+.Pa /usr/bin/vi
+but shell escapes will be disabled.
+.Bd -literal
+aaron	shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.Ed
+.Pp
+See the
+.Sx Preventing shell escapes
+section below for more details on how
+.Li NOEXEC
+works and whether or not it will work on your system.
+.It Em LOG_INPUT No and Em NOLOG_INPUT
+.sp
+These tags override the value of the
+.Em log_input
+option on a per-command basis.
+For more information, see the description of
+.Em log_input
+in the
+.Sx SUDOERS OPTIONS
+section below.
+.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT
+.sp
+These tags override the value of the
+.Em log_output
+option on a per-command basis.
+For more information, see the description of
+.Em log_output
+in the
+.Sx SUDOERS OPTIONS
+section below.
+.It Em MAIL No and Em NOMAIL
+.sp
+These tags provide fine-grained control over whether
+mail will be sent when a user runs a command by
+overriding the value of the
+.Em mail_all_cmnds
+option on a per-command basis.
+They have no effect when
+.Nm sudo
+is run with the
+.Fl l
+or
+.Fl v
+options.
+A
+.Em NOMAIL
+tag will also override the
+.Em mail_always
+and
+.Em mail_no_perms
+options.
+For more information, see the descriptions of
+.Em mail_all_cmnds ,
+.Em mail_always ,
+and
+.Em mail_no_perms
+in the
+.Sx SUDOERS OPTIONS
+section below.
 .It Em NOPASSWD No and Em PASSWD
 .sp
 By default,
@@ -1225,33 +1301,6 @@ This behavior may be overridden via the
 and
 .Em listpw
 options.
-.It Em NOEXEC No and Em EXEC
-.sp
-If
-.Nm sudo
-has been compiled with
-.Em noexec
-support and the underlying operating system supports it, the
-.Li NOEXEC
-tag can be used to prevent a dynamically-linked executable from
-running further commands itself.
-.Pp
-In the following example, user
-.Sy aaron
-may run
-.Pa /usr/bin/more
-and
-.Pa /usr/bin/vi
-but shell escapes will be disabled.
-.Bd -literal
-aaron	shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-.Ed
-.Pp
-See the
-.Sx Preventing shell escapes
-section below for more details on how
-.Li NOEXEC
-works and whether or not it will work on your system.
 .It Em SETENV No and Em NOSETENV
 .sp
 These tags override the value of the
@@ -1278,55 +1327,6 @@ the
 tag is implied for that command; this default may be overridden by use of the
 .Li NOSETENV
 tag.
-.It Em LOG_INPUT No and Em NOLOG_INPUT
-.sp
-These tags override the value of the
-.Em log_input
-option on a per-command basis.
-For more information, see the description of
-.Em log_input
-in the
-.Sx SUDOERS OPTIONS
-section below.
-.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT
-.sp
-These tags override the value of the
-.Em log_output
-option on a per-command basis.
-For more information, see the description of
-.Em log_output
-in the
-.Sx SUDOERS OPTIONS
-section below.
-.It Em MAIL No and Em NOMAIL
-.sp
-These tags provide fine-grained control over whether
-mail will be sent when a user runs a command by
-overriding the value of the
-.Em mail_all_cmnds
-option on a per-command basis.
-They have no effect when
-.Nm sudo
-is run with the
-.Fl l
-or
-.Fl v
-options.
-A
-.Em NOMAIL
-tag will also override the
-.Em mail_always
-and
-.Em mail_no_perms
-options.
-For more information, see the descriptions of
-.Em mail_all_cmnds ,
-.Em mail_always ,
-and
-.Em mail_no_perms
-in the
-.Sx SUDOERS OPTIONS
-section below.
 .El
 .Ss Wildcards
 .Nm sudo