mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 13:58:05 +00:00
Code Issues Releases Wiki Activity

Document the names of the I/O log files and mention buffering.

Browse Source 
Document that I/O logs are in gzip format by default.
This commit is contained in:
Todd C. Miller
2015-12-11 10:04:17 -07:00
parent 290dafda3b
commit a6f8994a59
3 changed files with 74 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
doc/sudoers.cat
View File

@@ -1045,7 +1045,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
log_host If set, the host name will be logged in the (non- log_host If set, the host name will be logged in the (non-
syslog) ssuuddoo log file. This flag is _o_f_f by default. syslog) ssuuddoo log file. This flag is _o_f_f by default.
log_input If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and log_input If set, ssuuddoo will run the command in a _p_s_e_u_d_o_-_t_t_y and
log all user input. If the standard input is not log all user input. If the standard input is not
connected to the user's tty, due to I/O redirection or connected to the user's tty, due to I/O redirection or
because the command is part of a pipeline, that input because the command is part of a pipeline, that input
@@ -1057,7 +1057,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
unique session ID that is included in the normal ssuuddoo unique session ID that is included in the normal ssuuddoo
log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e
option may be used to control the format of the session option may be used to control the format of the session
ID. ID. Input from the user's tty is logged to the _t_t_y_i_n
file. Input from a pipe or file is logged to the _s_t_d_i_n
file. These files are in gzip (compressed) format
unless the _c_o_m_p_r_e_s_s___i_o option has been disabled. Due
to buffering, the I/O log data will not be complete
until the ssuuddoo command has completed.
Note that user input may contain sensitive information Note that user input may contain sensitive information
such as passwords (even if they are not echoed to the such as passwords (even if they are not echoed to the
@@ -1065,7 +1070,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
unencrypted. In most cases, logging the command output unencrypted. In most cases, logging the command output
via _l_o_g___o_u_t_p_u_t is all that is required. via _l_o_g___o_u_t_p_u_t is all that is required.
log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and log_output If set, ssuuddoo will run the command in a _p_s_e_u_d_o_-_t_t_y and
log all output that is sent to the screen, similar to log all output that is sent to the screen, similar to
the script(1) command. If the standard output or the script(1) command. If the standard output or
standard error is not connected to the user's tty, due standard error is not connected to the user's tty, due
@@ -1078,7 +1083,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
unique session ID that is included in the normal ssuuddoo unique session ID that is included in the normal ssuuddoo
log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e log line, prefixed with ``TSID=''. The _i_o_l_o_g___f_i_l_e
option may be used to control the format of the session option may be used to control the format of the session
ID. ID. Output from the pseudo-tty is logged to the _t_t_y_o_u_t
file. Output to a pipe or redirected to a file is
logged to the either the _s_t_d_o_u_t or _s_t_d_e_r_r files. These
files are in gzip (compressed) format unless the
_c_o_m_p_r_e_s_s___i_o option has been disabled. Due to
buffering, the I/O log data will not be complete until
the ssuuddoo command has completed.
Output logs may be viewed with the sudoreplay(1m) Output logs may be viewed with the sudoreplay(1m)
utility, which can also be used to list or search the utility, which can also be used to list or search the
@@ -2482,4 +2493,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.16 November 20, 2015 Sudo 1.8.16 Sudo 1.8.16 December 11, 2015 Sudo 1.8.16

32
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "5" "November 20, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "5" "December 11, 2015" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -2233,7 +2233,7 @@ log_input
If set, If set,
\fBsudo\fR \fBsudo\fR
will run the command in a will run the command in a
\fIpseudo tty\fR \fIpseudo-tty\fR
and log all user input. and log all user input.
If the standard input is not connected to the user's tty, due to If the standard input is not connected to the user's tty, due to
I/O redirection or because the command is part of a pipeline, that I/O redirection or because the command is part of a pipeline, that
@@ -2254,6 +2254,18 @@ log line, prefixed with
The The
\fIiolog_file\fR \fIiolog_file\fR
option may be used to control the format of the session ID. option may be used to control the format of the session ID.
Input from the user's tty is logged to the
\fIttyin\fR
file.
Input from a pipe or file is logged to the
\fIstdin\fR
file.
These files are in gzip (compressed) format unless the
\fIcompress_io\fR
option has been disabled.
Due to buffering, the I/O log data will not be complete until the
\fBsudo\fR
command has completed.
.sp .sp
Note that user input may contain sensitive information such as Note that user input may contain sensitive information such as
passwords (even if they are not echoed to the screen), which will passwords (even if they are not echoed to the screen), which will
@@ -2266,7 +2278,7 @@ log_output
If set, If set,
\fBsudo\fR \fBsudo\fR
will run the command in a will run the command in a
\fIpseudo tty\fR \fIpseudo-tty\fR
and log all output that is sent to the screen, similar to the and log all output that is sent to the screen, similar to the
script(1) script(1)
command. command.
@@ -2290,6 +2302,20 @@ log line, prefixed with
The The
\fIiolog_file\fR \fIiolog_file\fR
option may be used to control the format of the session ID. option may be used to control the format of the session ID.
Output from the pseudo-tty is logged to the
\fIttyout\fR
file.
Output to a pipe or redirected to a file is logged to the either the
\fIstdout\fR
or
\fIstderr\fR
files.
These files are in gzip (compressed) format unless the
\fIcompress_io\fR
option has been disabled.
Due to buffering, the I/O log data will not be complete until the
\fBsudo\fR
command has completed.
.sp .sp
Output logs may be viewed with the Output logs may be viewed with the
sudoreplay(@mansectsu@) sudoreplay(@mansectsu@)

32
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd November 20, 2015 .Dd December 11, 2015
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -2091,7 +2091,7 @@ by default.
If set, If set,
.Nm sudo .Nm sudo
will run the command in a will run the command in a
.Em pseudo tty .Em pseudo-tty
and log all user input. and log all user input.
If the standard input is not connected to the user's tty, due to If the standard input is not connected to the user's tty, due to
I/O redirection or because the command is part of a pipeline, that I/O redirection or because the command is part of a pipeline, that
@@ -2114,6 +2114,18 @@ log line, prefixed with
The The
.Em iolog_file .Em iolog_file
option may be used to control the format of the session ID. option may be used to control the format of the session ID.
Input from the user's tty is logged to the
.Pa ttyin
file.
Input from a pipe or file is logged to the
.Pa stdin
file.
These files are in gzip (compressed) format unless the
.Em compress_io
option has been disabled.
Due to buffering, the I/O log data will not be complete until the
.Nm sudo
command has completed.
.Pp .Pp
Note that user input may contain sensitive information such as Note that user input may contain sensitive information such as
passwords (even if they are not echoed to the screen), which will passwords (even if they are not echoed to the screen), which will
@@ -2125,7 +2137,7 @@ is all that is required.
If set, If set,
.Nm sudo .Nm sudo
will run the command in a will run the command in a
.Em pseudo tty .Em pseudo-tty
and log all output that is sent to the screen, similar to the and log all output that is sent to the screen, similar to the
.Xr script 1 .Xr script 1
command. command.
@@ -2151,6 +2163,20 @@ log line, prefixed with
The The
.Em iolog_file .Em iolog_file
option may be used to control the format of the session ID. option may be used to control the format of the session ID.
Output from the pseudo-tty is logged to the
.Pa ttyout
file.
Output to a pipe or redirected to a file is logged to the either the
.Pa stdout
or
.Pa stderr
files.
These files are in gzip (compressed) format unless the
.Em compress_io
option has been disabled.
Due to buffering, the I/O log data will not be complete until the
.Nm sudo
command has completed.
.Pp .Pp
Output logs may be viewed with the Output logs may be viewed with the
.Xr sudoreplay @mansectsu@ .Xr sudoreplay @mansectsu@