Document the names of the I/O log files and mention buffering.

Document that I/O logs are in gzip format by default.
2025-08-30 05:48:18 +00:00 · 2015-12-11 10:04:17 -07:00 · 2015-12-11 10:04:17 -07:00 · a6f8994a59
commit a6f8994a59
parent 290dafda3b
3 changed files with 74 additions and 11 deletions
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@ -1045,7 +1045,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
     log_host          If set, the host name will be logged in the (non-
                       syslog) ssuuddoo log file.  This flag is _o_f_f by default.

-     log_input         If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and
+     log_input         If set, ssuuddoo will run the command in a _p_s_e_u_d_o_-_t_t_y and
                       log all user input.  If the standard input is not
                       connected to the user's tty, due to I/O redirection or
                       because the command is part of a pipeline, that input
@ -1057,7 +1057,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                       unique session ID that is included in the normal ssuuddoo
                       log line, prefixed with ``TSID=''.  The _i_o_l_o_g___f_i_l_e
                       option may be used to control the format of the session
-                       ID.
+                       ID.  Input from the user's tty is logged to the _t_t_y_i_n
+                       file.  Input from a pipe or file is logged to the _s_t_d_i_n
+                       file.  These files are in gzip (compressed) format
+                       unless the _c_o_m_p_r_e_s_s___i_o option has been disabled.  Due
+                       to buffering, the I/O log data will not be complete
+                       until the ssuuddoo command has completed.

                       Note that user input may contain sensitive information
                       such as passwords (even if they are not echoed to the
@ -1065,7 +1070,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                       unencrypted.  In most cases, logging the command output
                       via _l_o_g___o_u_t_p_u_t is all that is required.

-     log_output        If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and
+     log_output        If set, ssuuddoo will run the command in a _p_s_e_u_d_o_-_t_t_y and
                       log all output that is sent to the screen, similar to
                       the script(1) command.  If the standard output or
                       standard error is not connected to the user's tty, due
@ -1078,7 +1083,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                       unique session ID that is included in the normal ssuuddoo
                       log line, prefixed with ``TSID=''.  The _i_o_l_o_g___f_i_l_e
                       option may be used to control the format of the session
-                       ID.
+                       ID.  Output from the pseudo-tty is logged to the _t_t_y_o_u_t
+                       file.  Output to a pipe or redirected to a file is
+                       logged to the either the _s_t_d_o_u_t or _s_t_d_e_r_r files.  These
+                       files are in gzip (compressed) format unless the
+                       _c_o_m_p_r_e_s_s___i_o option has been disabled.  Due to
+                       buffering, the I/O log data will not be complete until
+                       the ssuuddoo command has completed.

                       Output logs may be viewed with the sudoreplay(1m)
                       utility, which can also be used to list or search the
@ -2482,4 +2493,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or https://www.sudo.ws/license.html for
     complete details.

-Sudo 1.8.16                    November 20, 2015                   Sudo 1.8.16
+Sudo 1.8.16                    December 11, 2015                   Sudo 1.8.16
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "November 20, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "December 11, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@ -2233,7 +2233,7 @@ log_input
 If set,
 \fBsudo\fR
 will run the command in a
-\fIpseudo tty\fR
+\fIpseudo-tty\fR
 and log all user input.
 If the standard input is not connected to the user's tty, due to
 I/O redirection or because the command is part of a pipeline, that
@ -2254,6 +2254,18 @@ log line, prefixed with
 The
 \fIiolog_file\fR
 option may be used to control the format of the session ID.
+Input from the user's tty is logged to the
+\fIttyin\fR
+file.
+Input from a pipe or file is logged to the
+\fIstdin\fR
+file.
+These files are in gzip (compressed) format unless the
+\fIcompress_io\fR
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+\fBsudo\fR
+command has completed.
 .sp
 Note that user input may contain sensitive information such as
 passwords (even if they are not echoed to the screen), which will
@ -2266,7 +2278,7 @@ log_output
 If set,
 \fBsudo\fR
 will run the command in a
-\fIpseudo tty\fR
+\fIpseudo-tty\fR
 and log all output that is sent to the screen, similar to the
 script(1)
 command.
@ -2290,6 +2302,20 @@ log line, prefixed with
 The
 \fIiolog_file\fR
 option may be used to control the format of the session ID.
+Output from the pseudo-tty is logged to the
+\fIttyout\fR
+file.
+Output to a pipe or redirected to a file is logged to the either the
+\fIstdout\fR
+or
+\fIstderr\fR
+files.
+These files are in gzip (compressed) format unless the
+\fIcompress_io\fR
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+\fBsudo\fR
+command has completed.
 .sp
 Output logs may be viewed with the
 sudoreplay(@mansectsu@)
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd November 20, 2015
+.Dd December 11, 2015
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@ -2091,7 +2091,7 @@ by default.
 If set,
 .Nm sudo
 will run the command in a
-.Em pseudo tty
+.Em pseudo-tty
 and log all user input.
 If the standard input is not connected to the user's tty, due to
 I/O redirection or because the command is part of a pipeline, that
@ -2114,6 +2114,18 @@ log line, prefixed with
 The
 .Em iolog_file
 option may be used to control the format of the session ID.
+Input from the user's tty is logged to the
+.Pa ttyin
+file.
+Input from a pipe or file is logged to the
+.Pa stdin
+file.
+These files are in gzip (compressed) format unless the
+.Em compress_io
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+.Nm sudo
+command has completed.
 .Pp
 Note that user input may contain sensitive information such as
 passwords (even if they are not echoed to the screen), which will
@ -2125,7 +2137,7 @@ is all that is required.
 If set,
 .Nm sudo
 will run the command in a
-.Em pseudo tty
+.Em pseudo-tty
 and log all output that is sent to the screen, similar to the
 .Xr script 1
 command.
@ -2151,6 +2163,20 @@ log line, prefixed with
 The
 .Em iolog_file
 option may be used to control the format of the session ID.
+Output from the pseudo-tty is logged to the
+.Pa ttyout
+file.
+Output to a pipe or redirected to a file is logged to the either the
+.Pa stdout
+or
+.Pa stderr
+files.
+These files are in gzip (compressed) format unless the
+.Em compress_io
+option has been disabled.
+Due to buffering, the I/O log data will not be complete until the
+.Nm sudo
+command has completed.
 .Pp
 Output logs may be viewed with the
 .Xr sudoreplay @mansectsu@