mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 15:25:58 +00:00
Code Issues Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2025-02-10 08:40:27 -07:00
parent d3293c528a
commit 8feff96d37
4 changed files with 101 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
docs/sudo.man.in
View File

@@ -1521,8 +1521,9 @@ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
Error messages produced by Error messages produced by
\fBsudo\fR \fBsudo\fR
include: include:
.TP 6n .PP
\fRediting files in a writable directory is not permitted\fR editing files in a writable directory is not permitted
.RS 4n
By default, By default,
\fBsudoedit\fR \fBsudoedit\fR
does not permit editing a file when any of the parent directories are writable does not permit editing a file when any of the parent directories are writable
@@ -1534,8 +1535,10 @@ See the
option in option in
sudoers(@mansectform@) sudoers(@mansectform@)
for more information. for more information.
.TP 6n .RE
\fRediting symbolic links is not permitted\fR .PP
editing symbolic links is not permitted
.RS 4n
By default, By default,
\fBsudoedit\fR \fBsudoedit\fR
does not follow symbolic links when opening files. does not follow symbolic links when opening files.
@@ -1544,8 +1547,10 @@ See the
option in option in
sudoers(@mansectform@) sudoers(@mansectform@)
for more information. for more information.
.TP 6n .RE
\fReffective uid is not 0, is sudo installed setuid root?\fR .PP
effective uid is not 0, is sudo installed setuid root?
.RS 4n
\fBsudo\fR \fBsudo\fR
was not run with root privileges. was not run with root privileges.
The The
@@ -1554,8 +1559,11 @@ binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the Also, it must not be located on a file system mounted with the
\(oqnosuid\(cq \(oqnosuid\(cq
option or on an NFS file system that maps uid 0 to an unprivileged uid. option or on an NFS file system that maps uid 0 to an unprivileged uid.
.TP 6n .RE
\fReffective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\fR .PP
effective uid is not 0, is sudo on a file system with the 'nosuid'
option set or an NFS file system without root privileges?
.RS 4n
\fBsudo\fR \fBsudo\fR
was not run with root privileges. was not run with root privileges.
The The
@@ -1567,12 +1575,16 @@ The most common reason for this is that the file system the
binary is located on is mounted with the binary is located on is mounted with the
\(oqnosuid\(cq \(oqnosuid\(cq
option or it is an NFS file system that maps uid 0 to an unprivileged uid. option or it is an NFS file system that maps uid 0 to an unprivileged uid.
.TP 6n .RE
\fRfatal error, unable to load plugins\fR .PP
fatal error, unable to load plugins
.RS 4n
An error occurred while loading or initializing the plugins specified in An error occurred while loading or initializing the plugins specified in
sudo.conf(@mansectform@). sudo.conf(@mansectform@).
.TP 6n .RE
\fRinvalid environment variable name\fR .PP
invalid environment variable name
.RS 4n
One or more environment variable names specified via the One or more environment variable names specified via the
\fB\-E\fR \fB\-E\fR
option contained an equal sign option contained an equal sign
@@ -1580,8 +1592,10 @@ option contained an equal sign
The arguments to the The arguments to the
\fB\-E\fR \fB\-E\fR
option should be environment variable names without an associated value. option should be environment variable names without an associated value.
.TP 6n .RE
\fRno password was provided\fR .PP
no password was provided
.RS 4n
When When
\fBsudo\fR \fBsudo\fR
tried to read the password, it did not receive any characters. tried to read the password, it did not receive any characters.
@@ -1589,8 +1603,10 @@ This may happen if no terminal is available (or the
\fB\-S\fR \fB\-S\fR
option is specified) and the standard input has been redirected from option is specified) and the standard input has been redirected from
\fI/dev/null\fR. \fI/dev/null\fR.
.TP 6n .RE
\fRa terminal is required to read the password\fR .PP
a terminal is required to read the password
.RS 4n
\fBsudo\fR \fBsudo\fR
needs to read the password but there is no mechanism available for it needs to read the password but there is no mechanism available for it
to do so. to do so.
@@ -1613,13 +1629,19 @@ sudo.conf(@mansectform@)
file or by setting the file or by setting the
\fRSUDO_ASKPASS\fR \fRSUDO_ASKPASS\fR
environment variable. environment variable.
.TP 6n .RE
\fRno writable temporary directory found\fR .PP
no writable temporary directory found
.RS 4n
\fBsudoedit\fR \fBsudoedit\fR
was unable to find a usable temporary directory in which to store its was unable to find a usable temporary directory in which to store its
intermediate files. intermediate files.
.TP 6n .RE
\fRThe\fR \(lqno new privileges\(rq flag is set, which prevents sudo from running as root. .PP
The
\(lqno new privileges\(rq
flag is set, which prevents sudo from running as root.
.RS 4n
\fBsudo\fR \fBsudo\fR
was run by a process that has the Linux was run by a process that has the Linux
\(lqno new privileges\(rq \(lqno new privileges\(rq
@@ -1633,31 +1655,42 @@ The most likely cause for this is running
within a container that sets this flag. within a container that sets this flag.
Check the documentation to see if it is possible to configure the Check the documentation to see if it is possible to configure the
container such that the flag is not set. container such that the flag is not set.
.TP 6n .RE
\fRsudo must be owned by uid 0 and have the setuid bit set\fR .PP
sudo must be owned by uid 0 and have the setuid bit set
.RS 4n
\fBsudo\fR \fBsudo\fR
was not run with root privileges. was not run with root privileges.
The The
\fBsudo\fR \fBsudo\fR
binary does not have the correct owner or permissions. binary does not have the correct owner or permissions.
It must be owned by the root user and have the set-user-ID bit set. It must be owned by the root user and have the set-user-ID bit set.
.TP 6n .RE
\fRsudoedit is not supported on this platform\fR .PP
sudoedit is not supported on this platform
.RS 4n
It is only possible to run It is only possible to run
\fBsudoedit\fR \fBsudoedit\fR
on systems that support setting the effective user-ID. on systems that support setting the effective user-ID.
.TP 6n .RE
\fRtimed out reading password\fR .PP
timed out reading password
.RS 4n
The user did not enter a password before the password timeout The user did not enter a password before the password timeout
(5 minutes by default) expired. (5 minutes by default) expired.
.TP 6n .RE
\fRyou do not exist in the passwd database\fR .PP
you do not exist in the passwd database
.RS 4n
Your user-ID does not appear in the system passwd database. Your user-ID does not appear in the system passwd database.
.TP 6n .RE
\fRyou may not specify environment variables in edit mode\fR .PP
you may not specify environment variables in edit mode
.RS 4n
It is only possible to specify environment variables when running a It is only possible to specify environment variables when running a
\fIcommand\fR. \fIcommand\fR.
When editing a file, the editor is run with the user's environment unmodified. When editing a file, the editor is run with the user's environment unmodified.
.RE
.SH "SEE ALSO" .SH "SEE ALSO"
su(1), su(1),
stat(2), stat(2),

2
docs/sudo_logsrv.proto.man.in
View File

@@ -726,7 +726,7 @@ submitgroups StringList submit user's supplementary group names
.PP .PP
submituid int64 submit user's user-ID submituid int64 submit user's user-ID
.PP .PP
ttyname string the terminal the command was submitted from ttyname string terminal the command was submitted from
.TE .TE
.PP .PP
The server must accept other variables not listed above but may The server must accept other variables not listed above but may

38
docs/sudoers.man.in
View File

@@ -6174,34 +6174,34 @@ locale.
If the user is not allowed to run the command, the reason for the denial If the user is not allowed to run the command, the reason for the denial
will follow the user name. will follow the user name.
Possible reasons include: Possible reasons include:
.TP 3n .TP 6n
user NOT in sudoers user NOT in sudoers
The user is not listed in the The user is not listed in the
\fIsudoers\fR \fIsudoers\fR
file. file.
.TP 3n .TP 6n
user NOT authorized on host user NOT authorized on host
The user is listed in the The user is listed in the
\fIsudoers\fR \fIsudoers\fR
file but is not allowed to run commands on the host. file but is not allowed to run commands on the host.
.TP 3n .TP 6n
command not allowed command not allowed
The user is listed in the The user is listed in the
\fIsudoers\fR \fIsudoers\fR
file for the host but they are not allowed to run the specified command. file for the host but they are not allowed to run the specified command.
.TP 3n .TP 6n
3 incorrect password attempts 3 incorrect password attempts
The user failed to enter their password after 3 tries. The user failed to enter their password after 3 tries.
The actual number of tries will vary based on the number of The actual number of tries will vary based on the number of
failed attempts and the value of the failed attempts and the value of the
\fIpasswd_tries\fR \fIpasswd_tries\fR
option. option.
.TP 3n .TP 6n
a password is required a password is required
The The
\fB\-n\fR \fB\-n\fR
option was specified but a password was required. option was specified but a password was required.
.TP 3n .TP 6n
sorry, you are not allowed to set the following environment variables sorry, you are not allowed to set the following environment variables
The user specified environment variables on the command line that The user specified environment variables on the command line that
were not allowed by were not allowed by
@@ -6212,13 +6212,13 @@ If an error occurs,
will log a message and, in most cases, send a message to the will log a message and, in most cases, send a message to the
administrator via email. administrator via email.
Possible errors include: Possible errors include:
.TP 3n .TP 6n
parse error in @sysconfdir@/sudoers near line N parse error in @sysconfdir@/sudoers near line N
\fBsudoers\fR \fBsudoers\fR
encountered an error when parsing the specified file. encountered an error when parsing the specified file.
In some cases, the actual error may be one line above or below the In some cases, the actual error may be one line above or below the
line number listed, depending on the type of error. line number listed, depending on the type of error.
.TP 3n .TP 6n
problem with defaults entries problem with defaults entries
The The
\fIsudoers\fR \fIsudoers\fR
@@ -6229,12 +6229,12 @@ from running, but the
\fIsudoers\fR \fIsudoers\fR
file should be checked using file should be checked using
\fBvisudo\fR. \fBvisudo\fR.
.TP 3n .TP 6n
timestamp owner (username): \&No such user timestamp owner (username): \&No such user
The time stamp directory owner, as specified by the The time stamp directory owner, as specified by the
\fItimestampowner\fR \fItimestampowner\fR
setting, could not be found in the password database. setting, could not be found in the password database.
.TP 3n .TP 6n
unable to open/read @sysconfdir@/sudoers unable to open/read @sysconfdir@/sudoers
The The
\fIsudoers\fR \fIsudoers\fR
@@ -6262,17 +6262,17 @@ file) to the end of the
line in the line in the
sudo.conf(@mansectform@) sudo.conf(@mansectform@)
file. file.
.TP 3n .TP 6n
unable to open @sysconfdir@/sudoers unable to open @sysconfdir@/sudoers
The The
\fI@sysconfdir@/sudoers\fR \fI@sysconfdir@/sudoers\fR
file is missing. file is missing.
.TP 3n .TP 6n
@sysconfdir@/sudoers is not a regular file @sysconfdir@/sudoers is not a regular file
The The
\fI@sysconfdir@/sudoers\fR \fI@sysconfdir@/sudoers\fR
file exists but is not a regular file or symbolic link. file exists but is not a regular file or symbolic link.
.TP 3n .TP 6n
@sysconfdir@/sudoers is owned by uid N, should be 0 @sysconfdir@/sudoers is owned by uid N, should be 0
The The
\fIsudoers\fR \fIsudoers\fR
@@ -6291,7 +6291,7 @@ file) to the
line in the line in the
sudo.conf(@mansectform@) sudo.conf(@mansectform@)
file. file.
.TP 3n .TP 6n
@sysconfdir@/sudoers is world writable @sysconfdir@/sudoers is world writable
The permissions on the The permissions on the
\fIsudoers\fR \fIsudoers\fR
@@ -6308,7 +6308,7 @@ option to the
line in the line in the
sudo.conf(@mansectform@) sudo.conf(@mansectform@)
file. file.
.TP 3n .TP 6n
@sysconfdir@/sudoers is owned by gid N, should be 1 @sysconfdir@/sudoers is owned by gid N, should be 1
The The
\fIsudoers\fR \fIsudoers\fR
@@ -6327,7 +6327,7 @@ file) to the
line in the line in the
sudo.conf(@mansectform@) sudo.conf(@mansectform@)
file. file.
.TP 3n .TP 6n
unable to open @rundir@/ts/user-ID unable to open @rundir@/ts/user-ID
\fBsudoers\fR \fBsudoers\fR
was unable to read or create the user's time stamp file. was unable to read or create the user's time stamp file.
@@ -6341,11 +6341,11 @@ is not searchable by group or other.
The default mode for The default mode for
\fI@rundir@\fR \fI@rundir@\fR
is 0711. is 0711.
.TP 3n .TP 6n
unable to write to @rundir@/ts/user-ID unable to write to @rundir@/ts/user-ID
\fBsudoers\fR \fBsudoers\fR
was unable to write to the user's time stamp file. was unable to write to the user's time stamp file.
.TP 3n .TP 6n
@rundir@/ts is owned by uid X, should be Y @rundir@/ts is owned by uid X, should be Y
The time stamp directory is owned by a user other than The time stamp directory is owned by a user other than
\fItimestampowner\fR. \fItimestampowner\fR.
@@ -6354,7 +6354,7 @@ This can occur when the value of
has been changed. has been changed.
\fBsudoers\fR \fBsudoers\fR
will ignore the time stamp directory until the owner is corrected. will ignore the time stamp directory until the owner is corrected.
.TP 3n .TP 6n
@rundir@/ts is group writable @rundir@/ts is group writable
The time stamp directory is group-writable; it should be writable only by The time stamp directory is group-writable; it should be writable only by
\fItimestampowner\fR. \fItimestampowner\fR.

36
docs/visudo.man.in
View File

@@ -413,21 +413,21 @@ In addition to reporting
syntax errors, syntax errors,
\fBvisudo\fR \fBvisudo\fR
may produce the following messages: may produce the following messages:
.TP 6n .TP 4n
\fRsudoers file busy, try again later.\fR sudoers file busy, try again later.
Someone else is currently editing the Someone else is currently editing the
\fIsudoers\fR \fIsudoers\fR
file. file.
.TP 6n .TP 4n
\fR@sysconfdir@/sudoers: Permission denied\fR @sysconfdir@/sudoers: Permission denied
You didn't run You didn't run
\fBvisudo\fR \fBvisudo\fR
as root. as root.
.TP 6n .TP 4n
\fRyou do not exist in the passwd database\fR you do not exist in the passwd database
Your user-ID does not appear in the system passwd database. Your user-ID does not appear in the system passwd database.
.TP 6n .TP 4n
\fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of or you have a user or host name listed that consists solely of
uppercase letters, digits, and the underscore uppercase letters, digits, and the underscore
@@ -443,16 +443,16 @@ file and the line number where the undefined alias was used.
In In
\fB\-s\fR \fB\-s\fR
(strict) mode these are errors, not warnings. (strict) mode these are errors, not warnings.
.TP 6n .TP 4n
\fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR Warning: unused {User,Runas,Host,Cmnd}_Alias
The specified {User,Runas,Host,Cmnd}_Alias was defined but never The specified {User,Runas,Host,Cmnd}_Alias was defined but never
used. used.
The message is prefixed with the path name of the The message is prefixed with the path name of the
\fIsudoers\fR \fIsudoers\fR
file and the line number where the unused alias was defined. file and the line number where the unused alias was defined.
You may wish to comment out or remove the unused alias. You may wish to comment out or remove the unused alias.
.TP 6n .TP 4n
\fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR Warning: cycle in {User,Runas,Host,Cmnd}_Alias
The specified {User,Runas,Host,Cmnd}_Alias includes a reference to The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
itself, either directly or through an alias it includes. itself, either directly or through an alias it includes.
The message is prefixed with the path name of the The message is prefixed with the path name of the
@@ -468,8 +468,8 @@ will ignore cycles when parsing
the the
\fIsudoers\fR \fIsudoers\fR
file. file.
.TP 6n .TP 4n
\fRignoring editor backup file\fR ignoring editor backup file
While processing a While processing a
\fI@includedir\fR \fI@includedir\fR
or or
@@ -482,8 +482,8 @@ Such files are skipped by
\fBsudo\fR \fBsudo\fR
and and
\fBvisudo\fR. \fBvisudo\fR.
.TP 6n .TP 4n
\fRignoring file name containing '.'\fR ignoring file name containing '.'
While processing a While processing a
\fI@includedir\fR \fI@includedir\fR
or or
@@ -495,8 +495,8 @@ Such files are skipped by
\fBsudo\fR \fBsudo\fR
and and
\fBvisudo\fR. \fBvisudo\fR.
.TP 6n .TP 4n
\fRunknown defaults entry \&"name\&"\fR unknown defaults entry \&"name\&"
The The
\fIsudoers\fR \fIsudoers\fR
file contains a file contains a