mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller 2008-02-18 16:05:20 +00:00
parent b072179192
commit 795a303ea1
8 changed files with 306 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
sudo.cat
View File

@ -1,7 +1,7 @@
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
NNAAMMEE
@ -14,8 +14,7 @@ SSYYNNOOPPSSIISS
_m_a_n_d]
ssuuddoo [--bbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e]
[{--ii | --ss] [<_c_o_m_m_a_n_d}]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [{--ii | --ss] [<_c_o_m_m_a_n_d}]
ssuuddooeeddiitt [--SS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] file ...
@ -58,19 +57,19 @@ DDEESSCCRRIIPPTTIIOONN
SUDO_USER.
ssuuddoo can log both successful and unsuccessful attempts (as well as
1.7 February 15, 2008 1
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
errors) to _s_y_s_l_o_g(3), a log file, or both. By default ssuuddoo will log
1.7 February 18, 2008 1
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
via _s_y_s_l_o_g(3) but this is changeable at configure time or via the _s_u_d_o_-
_e_r_s file.
@ -95,7 +94,7 @@ OOPPTTIIOONNSS
starting point above the standard error (file descriptor
three). Values less than three are not permitted. This
option is only available if the administrator has enabled
the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(4).
the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(5).
-c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified com-
mand with resources limited by the specified login class.
@ -110,9 +109,9 @@ OOPPTTIIOONNSS
login classes.
-E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will override the
_e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)). It is only available when
_e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(5)). It is only available when
either the matching command has the SETENV tag or the
_s_e_t_e_n_v option is set in _s_u_d_o_e_r_s(4).
_s_e_t_e_n_v option is set in _s_u_d_o_e_r_s(5).
-e The --ee (_e_d_i_t) option indicates that, instead of running a
command, the user wishes to edit one or more files. In
@ -123,22 +122,22 @@ OOPPTTIIOONNSS
1. Temporary copies are made of the files to be edited
with the owner set to the invoking user.
2. The editor specified by the VISUAL or EDITOR
2. The editor specified by the VISUAL or EDITOR environ-
ment variables is run to edit the temporary files. If
1.7 February 15, 2008 2
1.7 February 18, 2008 2
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
environment variables is run to edit the temporary
files. If neither VISUAL nor EDITOR are set, the pro-
gram listed in the _e_d_i_t_o_r _s_u_d_o_e_r_s variable is used.
neither VISUAL nor EDITOR are set, the program listed
in the _e_d_i_t_o_r _s_u_d_o_e_r_s variable is used.
3. If they have been modified, the temporary files are
copied back to their original location and the tempo-
@ -164,15 +163,15 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-H The --HH (_H_O_M_E) option sets the HOME environment variable to
the homedir of the target user (root by default) as speci-
fied in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify HOME
(see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)).
fied in _p_a_s_s_w_d(5). By default, ssuuddoo does not modify HOME
(see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(5)).
-h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message
and exit.
-i [command]
The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell spec-
ified in the _p_a_s_s_w_d(4) entry of the target user as a login
ified in the _p_a_s_s_w_d(5) entry of the target user as a login
shell. This means that login-specific resource files such
as .profile or .login will be read by the shell. If a com-
mand is specified, it is passed to the shell for execution.
@ -190,19 +189,19 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's times-
tamp by setting the time on it to the Epoch. The next time
1.7 February 15, 2008 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
ssuuddoo is run a password will be required. This option does
1.7 February 18, 2008 3
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
not require a password and was added to allow a user to
revoke ssuuddoo permissions from a .logout file.
@ -255,36 +254,27 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
system password prompt on systems that support PAM unless
the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
-r _r_o_l_e The --rr (_r_o_l_e) option causes the new (SELinux) security
1.7 February 15, 2008 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
context to have the role specified by _r_o_l_e.
-S The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from
the standard input instead of the terminal device.
1.7 February 18, 2008 4
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
-s [command]
The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L
environment variable if it is set or the shell as specified
in _p_a_s_s_w_d(4). If a command is specified, it is passed to
in _p_a_s_s_w_d(5). If a command is specified, it is passed to
the shell for execution. Otherwise, an interactive shell
is executed.
-t _t_y_p_e The --tt (_t_y_p_e) option causes the new (SELinux) security con-
text to have the type specified by _t_y_p_e. If no type is
specified, the default type is derived from the specified
role.
-U _u_s_e_r The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the
--ll option to specify the user whose privileges should be
listed. Only root or a user with ssuuddoo ALL on the current
@ -295,7 +285,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as a _u_i_d,
many shells require that the '#' be escaped with a back-
slash ('\'). Note that if the _t_a_r_g_e_t_p_w Defaults option is
set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands
set (see _s_u_d_o_e_r_s(5)) it is not possible to run commands
with a uid not listed in the password database.
-V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version
@ -321,18 +311,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
ables with one important exception. If the _s_e_t_e_n_v option is set in
_s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command
matched is ALL, the user may set variables that would overwise be for-
bidden. See _s_u_d_o_e_r_s(4) for more information.
1.7 February 15, 2008 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
bidden. See _s_u_d_o_e_r_s(5) for more information.
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the return value from ssuuddoo will
@ -343,6 +322,18 @@ RREETTUURRNN VVAALLUUEESS
In the latter case the error string is printed to stderr. If ssuuddoo can-
not _s_t_a_t(2) one or more entries in the user's PATH an error is printed
on stderr. (If the directory does not exist or if it is not really a
1.7 February 18, 2008 5
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
directory, the entry is ignored and no error is printed.) This should
not happen under normal circumstances. The most common reason for
_s_t_a_t(2) to return "permission denied" is if you are running an auto-
@ -388,18 +379,6 @@ SSEECCUURRIITTYY NNOOTTEESS
ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o
by default) and ignore the directory's contents if it is not owned by
root or if it is writable by a user other than root. On systems that
1.7 February 15, 2008 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp
directory is located in a directory writable by anyone (e.g., _/_t_m_p), it
is possible for a user to create the timestamp directory before ssuuddoo is
@ -409,6 +388,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
since once the timestamp dir is owned by root and inaccessible by any
other user, the user placing files there would be unable to get them
back out. To get around this issue you can use a directory that is not
1.7 February 18, 2008 6
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
world-writable for the timestamps (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or cre-
ate _/_v_a_r_/_r_u_n_/_s_u_d_o with the appropriate owner (root) and permissions
(0700) in the system startup files.
@ -427,7 +418,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
when giving users access to commands via ssuuddoo to verify that the com-
mand does not inadvertently give the user an effective root shell. For
more information, please see the PREVENTING SHELL ESCAPES section in
_s_u_d_o_e_r_s(4).
_s_u_d_o_e_r_s(5).
EENNVVIIRROONNMMEENNTT
ssuuddoo utilizes the following environment variables:
@ -454,18 +445,6 @@ EENNVVIIRROONNMMEENNTT
SUDO_GID Set to the gid of the user who invoked sudo
1.7 February 15, 2008 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO_PS1 If set, PS1 will be set to its value
USER Set to the target user (root unless the --uu option is
@ -475,11 +454,25 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
FFIILLEESS
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
1.7 February 18, 2008 7
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
_/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps
_/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mmooddee oonn LLiinnuuxx aanndd AAIIXX
_/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on Linux and
AIX
EEXXAAMMPPLLEESS
Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries.
Note: the following examples assume suitable _s_u_d_o_e_r_s(5) entries.
To get a file listing of an unreadable directory:
@ -505,8 +498,7 @@ EEXXAAMMPPLLEESS
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
SSEEEE AALLSSOO
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),
_v_i_s_u_d_o(1m)
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(5), _s_u_d_o_e_r_s(5), _v_i_s_u_d_o(8)
AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this version consists
@ -520,27 +512,26 @@ AAUUTTHHOORRSS
CCAAVVEEAATTSS
There is no easy way to prevent a user from gaining a root shell if
that user is allowed to run arbitrary commands via ssuuddoo. Also, many
1.7 February 15, 2008 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
programs (such as editors) allow the user to run commands via shell
escapes, thus avoiding ssuuddoo's checks. However, on most systems it is
possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality.
See the _s_u_d_o_e_r_s(4) manual for details.
See the _s_u_d_o_e_r_s(5) manual for details.
It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected
1.7 February 18, 2008 8
SUDO(8) MAINTENANCE COMMANDS SUDO(8)
since when the command exits the parent process (your shell) will still
be the same. Please see the EXAMPLES section for more information.
@ -589,6 +580,15 @@ DDIISSCCLLAAIIMMEERR
1.7 February 15, 2008 9
1.7 February 18, 2008 9

94
sudo.man.in
View File

@ -150,7 +150,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "February 15, 2008" "1.7" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "February 18, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
@ -160,14 +160,20 @@ sudo, sudoedit \- execute a command as another user
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR]
.PP
\&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
\&\fBsudo\fR [\fB\-bEHPS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
@SEMAN@[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
[\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}]
.PP
\&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
\&\fBsudoedit\fR [\fB\-S\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] file ...
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
@ -218,14 +224,14 @@ or via the \fIsudoers\fR file.
.SH "OPTIONS"
.IX Header "OPTIONS"
\&\fBsudo\fR accepts the following command line options:
.IP "\-a \fItype\fR" 12
.IX Item "-a type"
The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
specified authentication type when validating the user, as allowed
by \fI/etc/login.conf\fR. The system administrator may specify a list
of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R"
entry in \fI/etc/login.conf\fR. This option is only available on systems
that support \s-1BSD\s0 authentication.
@BAMAN@.IP "\-a \fItype\fR" 12
@BAMAN@.IX Item "-a type"
@BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
@BAMAN@specified authentication type when validating the user, as allowed
@BAMAN@by \fI/etc/login.conf\fR. The system administrator may specify a list
@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R"
@BAMAN@entry in \fI/etc/login.conf\fR. This option is only available on systems
@BAMAN@that support \s-1BSD\s0 authentication.
.IP "\-b" 12
.IX Item "-b"
The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
@ -240,17 +246,17 @@ above the standard error (file descriptor three). Values less than
three are not permitted. This option is only available if the
administrator has enabled the \fIclosefrom_override\fR option in
\&\fIsudoers\fR\|(@mansectform@).
.IP "\-c \fIclass\fR" 12
.IX Item "-c class"
The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
with resources limited by the specified login class. The \fIclass\fR
argument can be either a class name as defined in \fI/etc/login.conf\fR,
or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
that the command should be run restricted by the default login
capabilities for the user the command is run as. If the \fIclass\fR
argument specifies an existing user class, the command must be run
as root, or the \fBsudo\fR command must be run from a shell that is already
root. This option is only available on systems with \s-1BSD\s0 login classes.
@LCMAN@.IP "\-c \fIclass\fR" 12
@LCMAN@.IX Item "-c class"
@LCMAN@The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
@LCMAN@with resources limited by the specified login class. The \fIclass\fR
@LCMAN@argument can be either a class name as defined in \fI/etc/login.conf\fR,
@LCMAN@or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
@LCMAN@that the command should be run restricted by the default login
@LCMAN@capabilities for the user the command is run as. If the \fIclass\fR
@LCMAN@argument specifies an existing user class, the command must be run
@LCMAN@as root, or the \fBsudo\fR command must be run from a shell that is already
@LCMAN@root. This option is only available on systems with \s-1BSD\s0 login classes.
.IP "\-E" 12
.IX Item "-E"
The \fB\-E\fR (\fIpreserve\fR \fIenvironment\fR) option will override the
@ -395,10 +401,10 @@ The prompt specified by the \fB\-p\fR option will override the system
password prompt on systems that support \s-1PAM\s0 unless the
\&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR.
.RE
.IP "\-r \fIrole\fR" 12
.IX Item "-r role"
The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to
have the role specified by \fIrole\fR.
@SEMAN@.IP "\-r \fIrole\fR" 12
@SEMAN@.IX Item "-r role"
@SEMAN@The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to
@SEMAN@have the role specified by \fIrole\fR.
.IP "\-S" 12
.IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
@ -409,11 +415,11 @@ The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\
environment variable if it is set or the shell as specified in
\&\fIpasswd\fR\|(@mansectform@). If a command is specified, it is passed to the shell
for execution. Otherwise, an interactive shell is executed.
.IP "\-t \fItype\fR" 12
.IX Item "-t type"
The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to
have the type specified by \fItype\fR. If no type is specified, the default
type is derived from the specified role.
@SEMAN@.IP "\-t \fItype\fR" 12
@SEMAN@.IX Item "-t type"
@SEMAN@The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to
@SEMAN@have the type specified by \fItype\fR. If no type is specified, the default
@SEMAN@type is derived from the specified role.
.IP "\-U \fIuser\fR" 12
.IX Item "-U user"
The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR
@ -595,17 +601,15 @@ Set to the target user (root unless the \fB\-u\fR option is specified)
Default editor to use in \fB\-e\fR (sudoedit) mode
.SH "FILES"
.IX Header "FILES"
.ie n .IP "\fI@sysconfdir@/sudoers\fR\*(C` \*(C'List of who can run what" 4
.el .IP "\fI@sysconfdir@/sudoers\fR\f(CW\*(C` \*(C'\fRList of who can run what" 4
.IX Item "@sysconfdir@/sudoers List of who can run what"
.PD 0
.ie n .IP "\fI@timedir@\fR\*(C` \*(C'Directory containing timestamps" 4
.el .IP "\fI@timedir@\fR\f(CW\*(C` \*(C'\fRDirectory containing timestamps" 4
.IX Item "@timedir@ Directory containing timestamps"
.ie n .IP "\fI/etc/environment\fR\*(C` \*(C'\fRInitial environment for \fB\-i mode on Linux and \s-1AIX\s0" 4
.el .IP "\fI/etc/environment\fR\f(CW\*(C` \*(C'\fRInitial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0" 4
.IX Item "/etc/environment Initial environment for -i mode on Linux and AIX"
.PD
.IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers"
List of who can run what
.IP "\fI@timedir@\fR" 24
.IX Item "@timedir@"
Directory containing timestamps
.IP "\fI/etc/environment\fR" 24
.IX Item "/etc/environment"
Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries.

116
sudoers.cat
View File

@ -1,7 +1,7 @@
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
NNAAMMEE
@ -61,13 +61,13 @@ DDEESSCCRRIIPPTTIIOONN
1.7 January 21, 2008 1
1.7 February 18, 2008 1
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
Host_Alias ::= NAME '=' Host_List
@ -127,13 +127,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 2
1.7 February 18, 2008 2
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
Host ::= '!'* hostname |
@ -193,13 +193,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 3
1.7 February 18, 2008 3
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
users on any host, all users on a specific host, a specific user, a
@ -259,13 +259,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 4
1.7 February 18, 2008 4
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
Let's break that down into its constituent parts:
@ -325,13 +325,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 5
1.7 February 18, 2008 5
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
Cmnd_Spec_List, inherit the tag unless it is overridden by the opposite
@ -391,13 +391,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 6
1.7 February 18, 2008 6
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
WWiillddccaarrddss
@ -457,13 +457,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 7
1.7 February 18, 2008 7
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss
@ -523,13 +523,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.7 January 21, 2008 8
1.7 February 18, 2008 8
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
env_editor If set, vviissuuddoo will use the value of the EDITOR or
@ -572,30 +572,30 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fied. This flag is _o_f_f by default.
ignore_local_sudoers
If set via LDAP, parsing of @sysconfdir@/sudoers will
be skipped. This is intended for Enterprises that wish
to prevent the usage of local sudoers files so that
only LDAP is used. This thwarts the efforts of rogue
operators who would attempt to add roles to
@sysconfdir@/sudoers. When this option is present,
@sysconfdir@/sudoers does not even need to exist.
Since this option tells ssuuddoo how to behave when no spe-
cific LDAP entries have been matched, this sudoOption
is only meaningful for the cn=defaults section. This
flag is _o_f_f by default.
If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be
skipped. This is intended for Enterprises that wish to
prevent the usage of local sudoers files so that only
LDAP is used. This thwarts the efforts of rogue opera-
tors who would attempt to add roles to _/_e_t_c_/_s_u_d_o_e_r_s.
When this option is present, _/_e_t_c_/_s_u_d_o_e_r_s does not even
need to exist. Since this option tells ssuuddoo how to
behave when no specific LDAP entries have been matched,
this sudoOption is only meaningful for the cn=defaults
section. This flag is _o_f_f by default.
insults If set, ssuuddoo will insult users when they enter an
incorrect password. This flag is _o_f_f by default.
1.7 January 21, 2008 9
1.7 February 18, 2008 9
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
log_host If set, the hostname will be logged in the (non-syslog)
@ -655,13 +655,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 10
1.7 February 18, 2008 10
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
normally only be used if the passwod prompt provided by
@ -721,13 +721,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 11
1.7 February 18, 2008 11
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
setenv Allow the user to disable the _e_n_v___r_e_s_e_t option from the
@ -787,13 +787,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 12
1.7 February 18, 2008 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
password before ssuuddoo logs the failure and exits. The
@ -853,13 +853,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 13
1.7 February 18, 2008 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
environment variable. The following percent (`%')
@ -919,13 +919,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 14
1.7 February 18, 2008 14
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
once Only lecture the user the first time they run ssuuddoo.
@ -985,13 +985,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 15
1.7 February 18, 2008 15
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
syslog Syslog facility if syslog is being used for logging (negate
@ -1051,13 +1051,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 16
1.7 February 18, 2008 16
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
env_keep Environment variables to be preserved in the user's
@ -1080,7 +1080,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
FFIILLEESS
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
_/_e_t_c_/_g_r_o_u_p Local groups file
_/_e_t_c_/_n_e_t_g_r_o_u_p List of network groups
EEXXAAMMPPLLEESS
@ -1115,15 +1117,13 @@ EEXXAAMMPPLLEESS
1.7 January 21, 2008 17
1.7 February 18, 2008 17
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
# Cmnd alias specification
@ -1183,13 +1183,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 18
1.7 February 18, 2008 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
@ -1249,13 +1249,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 19
1.7 February 18, 2008 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
jen ALL, !SERVERS = ALL
@ -1315,13 +1315,13 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
1.7 January 21, 2008 20
1.7 February 18, 2008 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
that permit shell escapes include shells (obviously), editors, pagina-
@ -1381,13 +1381,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7 January 21, 2008 21
1.7 February 18, 2008 21
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(5) MAINTENANCE COMMANDS SUDOERS(5)
Note that restricting shell escapes is not a panacea. Programs running
@ -1397,7 +1397,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
approach is to give the user permission to run ssuuddooeeddiitt.
SSEEEE AALLSSOO
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8)
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(8), _v_i_s_u_d_o(8)
CCAAVVEEAATTSS
The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which
@ -1447,6 +1447,6 @@ DDIISSCCLLAAIIMMEERR
1.7 January 21, 2008 22
1.7 February 18, 2008 22

52
sudoers.ldap.cat
View File

@ -1,7 +1,7 @@
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
NNAAMMEE
@ -61,13 +61,13 @@ DDEESSCCRRIIPPTTIIOONN
1.7 February 9, 2008 1
1.7 February 18, 2008 1
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s. In the following
@ -127,13 +127,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 2
1.7 February 18, 2008 2
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
dn: cn=%wheel,ou=SUDOers,dc=example,dc=com
@ -193,13 +193,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 3
1.7 February 18, 2008 3
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
# LDAP equivalent of puddles
@ -251,7 +251,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
Typically, this file is shared amongst different LDAP-aware clients.
As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo
parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from
those described in the _l_d_a_p_._c_o_n_f(4) manual.
those described in the _l_d_a_p_._c_o_n_f(5) manual.
Also note that on systems using the OpenLDAP libraries, default values
specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are
@ -259,13 +259,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 4
1.7 February 18, 2008 4
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
Only those options explicitly listed in _/_e_t_c_/_l_d_a_p_._c_o_n_f that are sup-
@ -325,13 +325,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 5
1.7 February 18, 2008 5
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
BBIINNDDDDNN DN
@ -391,13 +391,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 6
1.7 February 18, 2008 6
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
OpenLDAP libraries.
@ -457,13 +457,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 7
1.7 February 18, 2008 7
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
SSAASSLL__SSEECCPPRROOPPSS none/properties
@ -523,13 +523,13 @@ EEXXAAMMPPLLEESS
1.7 February 9, 2008 8
1.7 February 18, 2008 8
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
# Either specify one or more URIs or one or more host:port pairs.
@ -589,13 +589,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 9
1.7 February 18, 2008 9
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
#tls_cacertfile /etc/certs/trusted_signers.pem
@ -655,13 +655,13 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7 February 9, 2008 10
1.7 February 18, 2008 10
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
attributetype ( 1.3.6.1.4.1.15953.9.1.2
@ -715,19 +715,19 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SSEEEE AALLSSOO
_l_d_a_p_._c_o_n_f(4), _s_u_d_o_e_r_s(5)
_l_d_a_p_._c_o_n_f(5), _s_u_d_o_e_r_s(5)
1.7 February 9, 2008 11
1.7 February 18, 2008 11
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(5) MAINTENANCE COMMANDS SUDOERS.LDAP(5)
CCAAVVEEAATTSS
@ -787,6 +787,6 @@ DDIISSCCLLAAIIMMEERR
1.7 February 9, 2008 12
1.7 February 18, 2008 12

2
sudoers.ldap.man.in
View File

@ -146,7 +146,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS.LDAP @mansectform@"
.TH SUDOERS.LDAP @mansectform@ "February 9, 2008" "1.7" "MAINTENANCE COMMANDS"
.TH SUDOERS.LDAP @mansectform@ "February 18, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers.ldap \- sudo LDAP configuration
.SH "DESCRIPTION"

56
sudoers.man.in
View File

@ -150,7 +150,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "January 21, 2008" "1.7" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "February 18, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
@ -724,14 +724,14 @@ environment variable; the \f(CW\*(C`PATH\*(C'\fR itself is not modified. This
flag is \fI@ignore_dot@\fR by default.
.IP "ignore_local_sudoers" 16
.IX Item "ignore_local_sudoers"
If set via \s-1LDAP\s0, parsing of \f(CW@sysconfdir\fR@/sudoers will be skipped.
If set via \s-1LDAP\s0, parsing of \fI@sysconfdir@/sudoers\fR will be skipped.
This is intended for Enterprises that wish to prevent the usage of local
sudoers files so that only \s-1LDAP\s0 is used. This thwarts the efforts of
rogue operators who would attempt to add roles to \f(CW@sysconfdir\fR@/sudoers.
When this option is present, \f(CW@sysconfdir\fR@/sudoers does not even need to exist.
Since this option tells \fBsudo\fR how to behave when no specific \s-1LDAP\s0 entries
have been matched, this sudoOption is only meaningful for the cn=defaults
section. This flag is \fIoff\fR by default.
rogue operators who would attempt to add roles to \fI@sysconfdir@/sudoers\fR.
When this option is present, \fI@sysconfdir@/sudoers\fR does not even need to
exist. Since this option tells \fBsudo\fR how to behave when no specific \s-1LDAP\s0
entries have been matched, this sudoOption is only meaningful for the
\&\f(CW\*(C`cn=defaults\*(C'\fR section. This flag is \fIoff\fR by default.
.IP "insults" 16
.IX Item "insults"
If set, \fBsudo\fR will insult users when they enter an incorrect
@ -885,11 +885,11 @@ If set, users must authenticate on a per-tty basis. Normally,
the user running it. With this flag enabled, \fBsudo\fR will use a
file named for the tty the user is logged in on in that directory.
This flag is \fI@tty_tickets@\fR by default.
.IP "use_loginclass" 16
.IX Item "use_loginclass"
If set, \fBsudo\fR will apply the defaults specified for the target user's
login class if one exists. Only available if \fBsudo\fR is configured with
the \-\-with\-logincap option. This flag is \fIoff\fR by default.
@LCMAN@.IP "use_loginclass" 16
@LCMAN@.IX Item "use_loginclass"
@LCMAN@If set, \fBsudo\fR will apply the defaults specified for the target user's
@LCMAN@login class if one exists. Only available if \fBsudo\fR is configured with
@LCMAN@the \-\-with\-logincap option. This flag is \fIoff\fR by default.
.PP
\&\fBIntegers\fR:
.IP "closefrom" 16
@ -990,6 +990,12 @@ two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW
.Sp
The default value is \f(CW\*(C`@passprompt@\*(C'\fR.
.RE
@SEMAN@.IP "role" 16
@SEMAN@.IX Item "role"
@SEMAN@The default SELinux role to use when constructing a new security
@SEMAN@context to run the command. The default role may be overridden on
@SEMAN@a per-command basis in \fIsudoers\fR or via command line options.
@SEMAN@This option is only available whe \fBsudo\fR is built with SELinux support.
.IP "runas_default" 16
.IX Item "runas_default"
The default user to run commands as if the \fB\-u\fR flag is not specified
@ -1012,6 +1018,12 @@ The default is \fI@timedir@\fR.
.IX Item "timestampowner"
The owner of the timestamp directory and the timestamps stored therein.
The default is \f(CW\*(C`root\*(C'\fR.
@SEMAN@.IP "type" 16
@SEMAN@.IX Item "type"
@SEMAN@The default SELinux type to use when constructing a new security
@SEMAN@context to run the command. The default type may be overridden on
@SEMAN@a per-command basis in \fIsudoers\fR or via command line options.
@SEMAN@This option is only available whe \fBsudo\fR is built with SELinux support.
.PP
\&\fBStrings that can be used in a boolean context\fR:
.IP "exempt_group" 12
@ -1172,17 +1184,15 @@ supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo
\&\fBnotice\fR, and \fBwarning\fR.
.SH "FILES"
.IX Header "FILES"
.ie n .IP "\fI@sysconfdir@/sudoers\fR\*(C` \*(C' List of who can run what" 4
.el .IP "\fI@sysconfdir@/sudoers\fR\f(CW\*(C` \*(C'\fR List of who can run what" 4
.IX Item "@sysconfdir@/sudoers List of who can run what"
.PD 0
.ie n .IP "\fI/etc/group\fR\*(C` \*(C' Local groups file" 4
.el .IP "\fI/etc/group\fR\f(CW\*(C` \*(C'\fR Local groups file" 4
.IX Item "/etc/group Local groups file"
.ie n .IP "\fI/etc/netgroup\fR\*(C` \*(C' List of network groups" 4
.el .IP "\fI/etc/netgroup\fR\f(CW\*(C` \*(C'\fR List of network groups" 4
.IX Item "/etc/netgroup List of network groups"
.PD
.IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers"
List of who can run what
.IP "\fI/etc/group\fR" 24
.IX Item "/etc/group"
Local groups file
.IP "\fI/etc/netgroup\fR" 24
.IX Item "/etc/netgroup"
List of network groups
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Below are example \fIsudoers\fR entries. Admittedly, some of

18
visudo.cat
View File

@ -1,7 +1,7 @@
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
NNAAMMEE
@ -11,7 +11,7 @@ SSYYNNOOPPSSIISS
vviissuuddoo [--cc] [--qq] [--ss] [--VV] [--ff _s_u_d_o_e_r_s]
DDEESSCCRRIIPPTTIIOONN
vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m).
vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(8).
vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, pro-
vides basic sanity checks, and checks for parse errors. If the _s_u_d_o_e_r_s
file is currently being edited you will receive a message to try again
@ -61,13 +61,13 @@ OOPPTTIIOONNSS
1.7 January 21, 2008 1
1.7 February 18, 2008 1
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
combined with the --cc flag.
@ -92,6 +92,7 @@ EENNVVIIRROONNMMEENNTT
FFIILLEESS
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
_/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo
DDIIAAGGNNOOSSTTIICCSS
@ -118,7 +119,7 @@ DDIIAAGGNNOOSSTTIICCSS
--ss (strict) mode this is an error, not a warning.
SSEEEE AALLSSOO
_v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8)
_v_i(1), _s_u_d_o_e_r_s(5), _s_u_d_o(8), _v_i_p_w(8)
AAUUTTHHOORR
Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo
@ -126,14 +127,13 @@ AAUUTTHHOORR
1.7 January 21, 2008 2
1.7 February 18, 2008 2
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
VISUDO(8) MAINTENANCE COMMANDS VISUDO(8)
Todd Miller
@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR
1.7 January 21, 2008 3
1.7 February 18, 2008 3

16
visudo.man.in
View File

@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
.TH VISUDO @mansectsu@ "January 21, 2008" "1.7" "MAINTENANCE COMMANDS"
.TH VISUDO @mansectsu@ "February 18, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"
@ -235,14 +235,12 @@ Invoked by visudo as the editor to use
Used by visudo if \s-1VISUAL\s0 is not set
.SH "FILES"
.IX Header "FILES"
.ie n .IP "\fI@sysconfdir@/sudoers\fR\*(C` \*(C'List of who can run what" 4
.el .IP "\fI@sysconfdir@/sudoers\fR\f(CW\*(C` \*(C'\fRList of who can run what" 4
.IX Item "@sysconfdir@/sudoers List of who can run what"
.PD 0
.ie n .IP "\fI@sysconfdir@/sudoers.tmp\fR\*(C` \*(C'Lock file for visudo" 4
.el .IP "\fI@sysconfdir@/sudoers.tmp\fR\f(CW\*(C` \*(C'\fRLock file for visudo" 4
.IX Item "@sysconfdir@/sudoers.tmp Lock file for visudo"
.PD
.IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers"
List of who can run what
.IP "\fI@sysconfdir@/sudoers.tmp\fR" 24
.IX Item "@sysconfdir@/sudoers.tmp"
Lock file for visudo
.SH "DIAGNOSTICS"
.IX Header "DIAGNOSTICS"
.IP "sudoers file busy, try again later." 4