diff --git a/doc/UPGRADE b/doc/UPGRADE index 58d4e5139..aa4b2b0f1 100644 --- a/doc/UPGRADE +++ b/doc/UPGRADE @@ -186,13 +186,13 @@ o Upgrading from a version prior to 1.8.2: When matching Unix groups in the sudoers file, sudo will now match based on the name of the group as it appears in sudoers - instead of the group ID. This can substantially reduce the + instead of the group-ID. This can substantially reduce the number of group lookups for sudoers files that contain a large number of groups. There are a few side effects of this change. - 1) Unix groups with different names but the same group ID are + 1) Unix groups with different names but the same group-ID are can no longer be used interchangeably. Sudo will look up all - of a user's groups by group ID and use the resulting group + of a user's groups by group-ID and use the resulting group names when matching sudoers entries. If there are multiple groups with the same ID, the group name returned by the system getgrgid() library function is the name that will be @@ -338,7 +338,7 @@ o Upgrading from a version prior to 1.7.0: Starting with sudo 1.7.0, comments in the sudoers file must not have a digit or minus sign immediately after the comment character ('#'). Otherwise, the comment may be interpreted as a user or - group ID. + group-ID. When sudo is build with LDAP support the /etc/nsswitch.conf file is now used to determine the sudoers sea ch order. sudo will default to diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in index 65ac7f4dd..678e6e06f 100644 --- a/doc/sudo.conf.man.in +++ b/doc/sudo.conf.man.in @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.TH "SUDO.CONF" "@mansectform@" "July 3, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO.CONF" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -334,12 +334,12 @@ Set disable_coredump false .RS 10n .sp All modern operating systems place restrictions on core dumps -from setuid processes like +from set-user-ID processes like \fBsudo\fR so this option can be enabled without compromising security. To actually get a \fBsudo\fR -core file you will likely need to enable core dumps for setuid processes. +core file you will likely need to enable core dumps for set-user-ID processes. On BSD and Linux systems this is accomplished in the diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index a0ba54a48..f49c8a01a 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.Dd July 3, 2019 +.Dd October 20, 2019 .Dt SUDO.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -305,12 +305,12 @@ Set disable_coredump false .Ed .Pp All modern operating systems place restrictions on core dumps -from setuid processes like +from set-user-ID processes like .Nm sudo so this option can be enabled without compromising security. To actually get a .Nm sudo -core file you will likely need to enable core dumps for setuid processes. +core file you will likely need to enable core dumps for set-user-ID processes. On .Bx and Linux systems this is accomplished in the diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 6425a17f9..9ec675e4e 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDO" "@mansectsu@" "May 27, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -98,7 +98,7 @@ as the superuser or another user, as specified by the security policy. The invoking user's real (\fInot\fR effective) -user ID is used to determine the user name with which +user-ID is used to determine the user name with which to query the security policy. .PP \fBsudo\fR @@ -260,7 +260,7 @@ If is \fB-\fR, the default login class of the target user will be used. -Otherwise, the command must be run as the superuser (user ID 0), or +Otherwise, the command must be run as the superuser (user-ID 0), or \fBsudo\fR must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional @@ -361,7 +361,7 @@ instead of the primary group specified by the target user's password database entry. The \fIgroup\fR -may be either a group name or a numeric group ID +may be either a group name or a numeric group-ID (GID) prefixed with the \(oq#\(cq @@ -504,7 +504,7 @@ By default, the \fIsudoers\fR policy will initialize the group vector to the list of groups the target user is a member of. -The real and effective group IDs, however, are still set to match +The real and effective group-IDs, however, are still set to match the target user. .TP 12n \fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR @@ -629,7 +629,7 @@ Run the command as a user other than the default target user \fIroot\fR). The \fIuser\fR -may be either a user name or a numeric user ID +may be either a user name or a numeric user-ID (UID) prefixed with the \(oq#\(cq @@ -719,13 +719,13 @@ option was specified). The following parameters may be specified by security policy: .TP 3n \fB\(bu\fR -real and effective user ID +real and effective user-ID .TP 3n \fB\(bu\fR -real and effective group ID +real and effective group-ID .TP 3n \fB\(bu\fR -supplementary group IDs +supplementary group-IDs .TP 3n \fB\(bu\fR the environment list @@ -1027,7 +1027,7 @@ To prevent the disclosure of potentially sensitive information, disables core dumps by default while it is executing (they are re-enabled for the command that is run). This historical practice dates from a time when most operating -systems allowed setuid processes to dump core by default. +systems allowed set-user-ID processes to dump core by default. To aid in debugging \fBsudo\fR crashes, you may wish to re-enable core dumps by setting @@ -1138,7 +1138,7 @@ Default editor to use in (sudoedit) mode. .TP 17n \fRSUDO_GID\fR -Set to the group ID of the user who invoked sudo. +Set to the group-ID of the user who invoked sudo. .TP 17n \fRSUDO_PROMPT\fR Used as the default password prompt unless @@ -1152,7 +1152,7 @@ If set, will be set to its value for the program being run. .TP 17n \fRSUDO_UID\fR -Set to the user ID of the user who invoked sudo. +Set to the user-ID of the user who invoked sudo. .TP 17n \fRSUDO_USER\fR Set to the login name of the user who invoked sudo. @@ -1272,7 +1272,7 @@ for more information. was not run with root privileges. The \fBsudo\fR -binary must be owned by the root user and have the Set-user-ID bit set. +binary must be owned by the root user and have the set-user-ID bit set. Also, it must not be located on a file system mounted with the \(oqnosuid\(cq option or on an NFS file system that maps uid 0 to an unprivileged uid. @@ -1338,7 +1338,7 @@ was not run with root privileges. The \fBsudo\fR binary does not have the correct owner or permissions. -It must be owned by the root user and have the Set-user-ID bit set. +It must be owned by the root user and have the set-user-ID bit set. .TP 6n \fRsudoedit is not supported on this platform\fR It is only possible to run @@ -1350,7 +1350,7 @@ The user did not enter a password before the password timeout (5 minutes by default) expired. .TP 6n \fRyou do not exist in the passwd database\fR -Your user ID does not appear in the system passwd database. +Your user-ID does not appear in the system passwd database. .TP 6n \fRyou may not specify environment variables in edit mode\fR It is only possible to specify environment variables when running @@ -1417,9 +1417,9 @@ section for more information. .PP Running shell scripts via \fBsudo\fR -can expose the same kernel bugs that make setuid shell scripts +can expose the same kernel bugs that make set-user-ID shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, -setuid shell scripts are generally safe). +set-user-ID shell scripts are generally safe). .SH "BUGS" If you feel you have found a bug in \fBsudo\fR, diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index c49be2748..29669cbcb 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd May 27, 2019 +.Dd October 20, 2019 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -100,7 +100,7 @@ as the superuser or another user, as specified by the security policy. The invoking user's real .Pq Em not No effective -user ID is used to determine the user name with which +user-ID is used to determine the user name with which to query the security policy. .Pp .Nm @@ -252,7 +252,7 @@ If is .Cm - , the default login class of the target user will be used. -Otherwise, the command must be run as the superuser (user ID 0), or +Otherwise, the command must be run as the superuser (user-ID 0), or .Nm must be run from a shell that is already running as the superuser. If the command is being run as a login shell, additional @@ -341,7 +341,7 @@ instead of the primary group specified by the target user's password database entry. The .Ar group -may be either a group name or a numeric group ID +may be either a group name or a numeric group-ID .Pq GID prefixed with the .Ql # @@ -475,7 +475,7 @@ By default, the .Em sudoers policy will initialize the group vector to the list of groups the target user is a member of. -The real and effective group IDs, however, are still set to match +The real and effective group-IDs, however, are still set to match the target user. .It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt Use a custom password prompt with optional escape sequences. @@ -583,7 +583,7 @@ Run the command as a user other than the default target user .Em root ) . The .Ar user -may be either a user name or a numeric user ID +may be either a user name or a numeric user-ID .Pq UID prefixed with the .Ql # @@ -671,11 +671,11 @@ option was specified). The following parameters may be specified by security policy: .Bl -bullet -width 1n .It -real and effective user ID +real and effective user-ID .It -real and effective group ID +real and effective group-ID .It -supplementary group IDs +supplementary group-IDs .It the environment list .It @@ -968,7 +968,7 @@ To prevent the disclosure of potentially sensitive information, disables core dumps by default while it is executing (they are re-enabled for the command that is run). This historical practice dates from a time when most operating -systems allowed setuid processes to dump core by default. +systems allowed set-user-ID processes to dump core by default. To aid in debugging .Nm crashes, you may wish to re-enable core dumps by setting @@ -1067,7 +1067,7 @@ Default editor to use in .Fl e (sudoedit) mode. .It Ev SUDO_GID -Set to the group ID of the user who invoked sudo. +Set to the group-ID of the user who invoked sudo. .It Ev SUDO_PROMPT Used as the default password prompt unless the @@ -1078,7 +1078,7 @@ If set, .Ev PS1 will be set to its value for the program being run. .It Ev SUDO_UID -Set to the user ID of the user who invoked sudo. +Set to the user-ID of the user who invoked sudo. .It Ev SUDO_USER Set to the login name of the user who invoked sudo. .It Ev USER @@ -1174,7 +1174,7 @@ for more information. was not run with root privileges. The .Nm -binary must be owned by the root user and have the Set-user-ID bit set. +binary must be owned by the root user and have the set-user-ID bit set. Also, it must not be located on a file system mounted with the .Sq nosuid option or on an NFS file system that maps uid 0 to an unprivileged uid. @@ -1233,7 +1233,7 @@ was not run with root privileges. The .Nm binary does not have the correct owner or permissions. -It must be owned by the root user and have the Set-user-ID bit set. +It must be owned by the root user and have the set-user-ID bit set. .It Li sudoedit is not supported on this platform It is only possible to run .Nm sudoedit @@ -1242,7 +1242,7 @@ on systems that support setting the effective user-ID. The user did not enter a password before the password timeout (5 minutes by default) expired. .It Li you do not exist in the passwd database -Your user ID does not appear in the system passwd database. +Your user-ID does not appear in the system passwd database. .It Li you may not specify environment variables in edit mode It is only possible to specify environment variables when running a command. @@ -1305,9 +1305,9 @@ section for more information. .Pp Running shell scripts via .Nm -can expose the same kernel bugs that make setuid shell scripts +can expose the same kernel bugs that make set-user-ID shell scripts unsafe on some operating systems (if your OS has a /dev/fd/ directory, -setuid shell scripts are generally safe). +set-user-ID shell scripts are generally safe). .Sh BUGS If you feel you have found a bug in .Nm , diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in index 987ae1160..f35c28987 100644 --- a/doc/sudo_plugin.man.in +++ b/doc/sudo_plugin.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_PLUGIN" "5" "October 18, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_PLUGIN" "5" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -459,20 +459,20 @@ cwd=string The user's current working directory. .TP 6n egid=gid_t -The effective group ID of the user invoking +The effective group-ID of the user invoking \fBsudo\fR. .TP 6n euid=uid_t -The effective user ID of the user invoking +The effective user-ID of the user invoking \fBsudo\fR. .TP 6n gid=gid_t -The real group ID of the user invoking +The real group-ID of the user invoking \fBsudo\fR. .TP 6n groups=list The user's supplementary group list formatted as a string of -comma-separated group IDs. +comma-separated group-IDs. .TP 6n host=string The local machine's hostname as returned by the @@ -552,7 +552,7 @@ the value will be empty, as in \(lq\fRtty=\fR\(rq. .TP 6n uid=uid_t -The real user ID of the user invoking +The real user-ID of the user invoking \fBsudo\fR. .TP 6n umask=octal @@ -991,29 +991,29 @@ initializing the group vector based on \fRrunas_user\fR. .TP 6n runas_egid=gid -Effective group ID to run the command as. +Effective group-ID to run the command as. If not specified, the value of \fIrunas_gid\fR is used. .TP 6n runas_euid=uid -Effective user ID to run the command as. +Effective user-ID to run the command as. If not specified, the value of \fIrunas_uid\fR is used. .TP 6n runas_gid=gid -Group ID to run the command as. +Group-ID to run the command as. .TP 6n runas_groups=list The supplementary group vector to use for the command in the form -of a comma-separated list of group IDs. +of a comma-separated list of group-IDs. If \fIpreserve_groups\fR is set, this option is ignored. .TP 6n runas_uid=uid -User ID to run the command as. +User-ID to run the command as. .TP 6n selinux_role=string SELinux role to use when executing the command. diff --git a/doc/sudo_plugin.mdoc.in b/doc/sudo_plugin.mdoc.in index 75d1e88bf..cffaf1996 100644 --- a/doc/sudo_plugin.mdoc.in +++ b/doc/sudo_plugin.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd October 18, 2019 +.Dd October 20, 2019 .Dt SUDO_PLUGIN @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -411,17 +411,17 @@ If there is no terminal device available, a default value of 80 is used. .It cwd=string The user's current working directory. .It egid=gid_t -The effective group ID of the user invoking +The effective group-ID of the user invoking .Nm sudo . .It euid=uid_t -The effective user ID of the user invoking +The effective user-ID of the user invoking .Nm sudo . .It gid=gid_t -The real group ID of the user invoking +The real group-ID of the user invoking .Nm sudo . .It groups=list The user's supplementary group list formatted as a string of -comma-separated group IDs. +comma-separated group-IDs. .It host=string The local machine's hostname as returned by the .Xr gethostname 2 @@ -491,7 +491,7 @@ If the user has no terminal device associated with the session, the value will be empty, as in .Dq Li tty= . .It uid=uid_t -The real user ID of the user invoking +The real user-ID of the user invoking .Nm sudo . .It umask=octal The invoking user's file creation mask. @@ -877,25 +877,25 @@ will preserve the user's group vector instead of initializing the group vector based on .Li runas_user . .It runas_egid=gid -Effective group ID to run the command as. +Effective group-ID to run the command as. If not specified, the value of .Em runas_gid is used. .It runas_euid=uid -Effective user ID to run the command as. +Effective user-ID to run the command as. If not specified, the value of .Em runas_uid is used. .It runas_gid=gid -Group ID to run the command as. +Group-ID to run the command as. .It runas_groups=list The supplementary group vector to use for the command in the form -of a comma-separated list of group IDs. +of a comma-separated list of group-IDs. If .Em preserve_groups is set, this option is ignored. .It runas_uid=uid -User ID to run the command as. +User-ID to run the command as. .It selinux_role=string SELinux role to use when executing the command. .It selinux_type=string diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in index 5791e4c1e..d2481eb15 100644 --- a/doc/sudoers.ldap.man.in +++ b/doc/sudoers.ldap.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDOERS.LDAP" "@mansectform@" "February 26, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS.LDAP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -112,7 +112,7 @@ The equivalent of a sudoer in LDAP is a It consists of the following attributes: .TP 6n \fBsudoUser\fR -A user name, user ID (prefixed with +A user name, user-ID (prefixed with \(oq#\(cq), Unix group name or ID (prefixed with \(oq%\(cq diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in index d88d48bea..8807be47e 100644 --- a/doc/sudoers.ldap.mdoc.in +++ b/doc/sudoers.ldap.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd February 26, 2018 +.Dd October 20, 2019 .Dt SUDOERS.LDAP @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -106,7 +106,7 @@ The equivalent of a sudoer in LDAP is a It consists of the following attributes: .Bl -tag -width 4n .It Sy sudoUser -A user name, user ID (prefixed with +A user name, user-ID (prefixed with .Ql # ) , Unix group name or ID (prefixed with .Ql % diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 001386ed4..4adf58d77 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "October 17, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -123,13 +123,13 @@ sudoers_uid=uid The \fIsudoers_uid\fR argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user ID. +It should be specified as a numeric user-ID. .TP 10n sudoers_gid=gid The \fIsudoers_gid\fR argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group ID (not a group name). +It must be specified as a numeric group-ID (not a group name). .TP 10n sudoers_mode=mode The @@ -220,7 +220,7 @@ file lookup is still done for root, not the user specified by \fBsudoers\fR uses per-user time stamp files for credential caching. Once a user has been authenticated, a record is written -containing the user ID that was used to authenticate, the +containing the user-ID that was used to authenticate, the terminal session ID, the start time of the session leader (or parent process) and a time stamp (using a monotonic clock if one is available). @@ -477,7 +477,7 @@ list. .PP Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of -setuid executables, including +set-user-ID executables, including \fBsudo\fR. Depending on the operating system this may include @@ -712,7 +712,7 @@ User ::= '!'* user name | .PP A \fRUser_List\fR -is made up of one or more user names, user IDs +is made up of one or more user names, user-IDs (prefixed with \(oq#\(cq), system group names and IDs (prefixed with @@ -811,10 +811,13 @@ it can contain \fRRunas_Alias\fRes. Note that user names and groups are matched as strings. -In other words, two -users (groups) with the same uid (gid) are considered to be distinct. -If you wish to match all user names with the same uid (e.g., -root and toor), you can use a uid instead (#0 in the example given). +In other words, two users (groups) with the same user (group) ID +are considered to be distinct. +If you wish to match all user names with the same user-ID (e.g., root and +toor), you can use a user-ID instead of a name (#0 in the example given). +Note that the user-ID or group-ID specified in a +\fRRunas_Member\fR +need not be listed in the password or group database. .nf .sp .RS 0n @@ -1969,7 +1972,7 @@ The pound sign is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a -uid). +user-ID). Both the comment character and any text after it, up to the end of the line, are ignored. .PP @@ -2683,7 +2686,7 @@ by default. match_group_by_gid By default, \fBsudoers\fR -will look up each group the user is a member of by group ID to +will look up each group the user is a member of by group-ID to determine the group name (this is only done once). The resulting list of the user's group names is used when matching groups listed in the @@ -2702,21 +2705,21 @@ running commands via may take longer than normal. On such systems it may be faster to use the \fImatch_group_by_gid\fR -flag to avoid resolving the user's group IDs to group names. +flag to avoid resolving the user's group-IDs to group names. In this case, \fBsudoers\fR must look up any group name listed in the \fIsudoers\fR -file and use the group ID instead of the group name when determining +file and use the group-ID instead of the group name when determining whether the user is a member of the group. .sp Note that if \fImatch_group_by_gid\fR is enabled, group database lookups performed by \fBsudoers\fR -will be keyed by group name as opposed to group ID. +will be keyed by group name as opposed to group-ID. On systems where there are multiple sources for the group database, -it is possible to have conflicting group names or group IDs in the local +it is possible to have conflicting group names or group-IDs in the local \fI/etc/group\fR file and the remote group database. On such systems, enabling or disabling @@ -2872,7 +2875,7 @@ will initialize the group vector to the list of groups the target user is in. When \fIpreserve_groups\fR is set, the user's existing group vector is left unaltered. -The real and effective group IDs, however, are still set to match the +The real and effective group-IDs, however, are still set to match the target user. This flag is \fIoff\fR @@ -3063,9 +3066,9 @@ This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, this makes \fBsudo\fR -act as a setuid wrapper. +act as a set-user-ID wrapper. This can be useful on systems that disable some potentially -dangerous functionality when a program is run setuid. +dangerous functionality when a program is run set-user-ID. This option is only effective on systems that support either the setreuid(2) or @@ -3140,7 +3143,7 @@ option (defaults to \fRroot\fR) instead of the password of the invoking user when running a command or editing a file. -Note that this flag precludes the use of a uid not listed in the passwd +Note that this flag precludes the use of a user-ID not listed in the passwd database as an argument to the \fB\-u\fR option. @@ -3529,7 +3532,7 @@ where every two digits are used to form a new directory, e.g., expanded to the invoking user's login name .TP 6n \fR%{group}\fR -expanded to the name of the invoking user's real group ID +expanded to the name of the invoking user's real group-ID .TP 6n \fR%{runas_user}\fR expanded to the login name of the user the command will @@ -3614,19 +3617,19 @@ by default. This setting is only supported by version 1.8.20 or higher. .TP 18n iolog_group -The group name to look up when setting the group ID on new I/O log +The group name to look up when setting the group-ID on new I/O log files and directories. If \fIiolog_group\fR is not set, -the primary group ID of the user specified by +the primary group-ID of the user specified by \fIiolog_user\fR is used. If neither \fIiolog_group\fR nor \fIiolog_user\fR -are set, I/O log files and directories are created with group ID 0. +are set, I/O log files and directories are created with group-ID 0. .sp This setting is only supported by version 1.8.19 or higher. .TP 18n @@ -3644,19 +3647,19 @@ Defaults to 0600 (read and write by user only). This setting is only supported by version 1.8.19 or higher. .TP 18n iolog_user -The user name to look up when setting the user and group IDs on new +The user name to look up when setting the user and group-IDs on new I/O log files and directories. If \fIiolog_group\fR -is set, it will be used instead of the user's primary group ID. +is set, it will be used instead of the user's primary group-ID. By default, I/O log files and directories are created with user and -group ID 0. +group-ID 0. .sp This setting can be useful when the I/O logs are stored on a Network File System (NFS) share. Having a dedicated user own the I/O log files means that \fBsudoers\fR -does not write to the log files as user ID 0, which is usually +does not write to the log files as user-ID 0, which is usually not permitted by NFS. .sp This setting is only supported by version 1.8.19 or higher. @@ -4402,7 +4405,7 @@ is run by root with the \fB\-V\fR option. Note that many operating systems will remove potentially dangerous -variables from the environment of any setuid process (such as +variables from the environment of any set-user-ID process (such as \fBsudo\fR). .TP 18n env_keep @@ -4672,7 +4675,7 @@ The file could not be opened for reading. This can happen when the \fIsudoers\fR -file is located on a remote file system that maps user ID 0 to +file is located on a remote file system that maps user-ID 0 to a different value. Normally, \fBsudoers\fR @@ -4685,7 +4688,7 @@ or adding an argument like \(lqsudoers_uid=N\(rq (where \(oqN\(cq -is the user ID that owns the +is the user-ID that owns the \fIsudoers\fR file) to the end of the \fBsudoers\fR @@ -4714,7 +4717,7 @@ file owner, please add \(lqsudoers_uid=N\(rq (where \(oqN\(cq -is the user ID that owns the +is the user-ID that owns the \fIsudoers\fR file) to the \fBsudoers\fR @@ -4750,7 +4753,7 @@ file group ownership, please add \(lqsudoers_gid=N\(rq (where \(oqN\(cq -is the group ID that owns the +is the group-ID that owns the \fIsudoers\fR file) to the \fBsudoers\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index af45d1431..b11c0b906 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd October 17, 2019 +.Dd October 20, 2019 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -113,12 +113,12 @@ file. The .Em sudoers_uid argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user ID. +It should be specified as a numeric user-ID. .It sudoers_gid=gid The .Em sudoers_gid argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group ID (not a group name). +It must be specified as a numeric group-ID (not a group name). .It sudoers_mode=mode The .Em sudoers_mode @@ -209,7 +209,7 @@ file lookup is still done for root, not the user specified by .Nm uses per-user time stamp files for credential caching. Once a user has been authenticated, a record is written -containing the user ID that was used to authenticate, the +containing the user-ID that was used to authenticate, the terminal session ID, the start time of the session leader (or parent process) and a time stamp (using a monotonic clock if one is available). @@ -464,7 +464,7 @@ list. .Pp Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of -setuid executables, including +set-user-ID executables, including .Nm sudo . Depending on the operating system this may include @@ -686,7 +686,7 @@ User ::= '!'* user name | .Pp A .Li User_List -is made up of one or more user names, user IDs +is made up of one or more user names, user-IDs (prefixed with .Ql # ) , system group names and IDs (prefixed with @@ -781,10 +781,13 @@ it can contain .Li Runas_Alias Ns es . Note that user names and groups are matched as strings. -In other words, two -users (groups) with the same uid (gid) are considered to be distinct. -If you wish to match all user names with the same uid (e.g., -root and toor), you can use a uid instead (#0 in the example given). +In other words, two users (groups) with the same user (group) ID +are considered to be distinct. +If you wish to match all user names with the same user-ID (e.g., root and +toor), you can use a user-ID instead of a name (#0 in the example given). +Note that the user-ID or group-ID specified in a +.Li Runas_Member +need not be listed in the password or group database. .Bd -literal Host_List ::= Host | Host ',' Host_List @@ -1846,7 +1849,7 @@ The pound sign is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a -uid). +user-ID). Both the comment character and any text after it, up to the end of the line, are ignored. .Pp @@ -2522,7 +2525,7 @@ by default. .It match_group_by_gid By default, .Nm -will look up each group the user is a member of by group ID to +will look up each group the user is a member of by group-ID to determine the group name (this is only done once). The resulting list of the user's group names is used when matching groups listed in the @@ -2541,21 +2544,21 @@ running commands via may take longer than normal. On such systems it may be faster to use the .Em match_group_by_gid -flag to avoid resolving the user's group IDs to group names. +flag to avoid resolving the user's group-IDs to group names. In this case, .Nm must look up any group name listed in the .Em sudoers -file and use the group ID instead of the group name when determining +file and use the group-ID instead of the group name when determining whether the user is a member of the group. .Pp Note that if .Em match_group_by_gid is enabled, group database lookups performed by .Nm -will be keyed by group name as opposed to group ID. +will be keyed by group name as opposed to group-ID. On systems where there are multiple sources for the group database, -it is possible to have conflicting group names or group IDs in the local +it is possible to have conflicting group names or group-IDs in the local .Pa /etc/group file and the remote group database. On such systems, enabling or disabling @@ -2703,7 +2706,7 @@ will initialize the group vector to the list of groups the target user is in. When .Em preserve_groups is set, the user's existing group vector is left unaltered. -The real and effective group IDs, however, are still set to match the +The real and effective group-IDs, however, are still set to match the target user. This flag is .Em off @@ -2883,9 +2886,9 @@ This option changes that behavior such that the real UID is left as the invoking user's UID. In other words, this makes .Nm sudo -act as a setuid wrapper. +act as a set-user-ID wrapper. This can be useful on systems that disable some potentially -dangerous functionality when a program is run setuid. +dangerous functionality when a program is run set-user-ID. This option is only effective on systems that support either the .Xr setreuid 2 or @@ -2955,7 +2958,7 @@ option (defaults to .Li root ) instead of the password of the invoking user when running a command or editing a file. -Note that this flag precludes the use of a uid not listed in the passwd +Note that this flag precludes the use of a user-ID not listed in the passwd database as an argument to the .Fl u option. @@ -3322,7 +3325,7 @@ where every two digits are used to form a new directory, e.g., .It Li %{user} expanded to the invoking user's login name .It Li %{group} -expanded to the name of the invoking user's real group ID +expanded to the name of the invoking user's real group-ID .It Li %{runas_user} expanded to the login name of the user the command will be run as (e.g., root) @@ -3400,19 +3403,19 @@ by default. .Pp This setting is only supported by version 1.8.20 or higher. .It iolog_group -The group name to look up when setting the group ID on new I/O log +The group name to look up when setting the group-ID on new I/O log files and directories. If .Em iolog_group is not set, -the primary group ID of the user specified by +the primary group-ID of the user specified by .Em iolog_user is used. If neither .Em iolog_group nor .Em iolog_user -are set, I/O log files and directories are created with group ID 0. +are set, I/O log files and directories are created with group-ID 0. .Pp This setting is only supported by version 1.8.19 or higher. .It iolog_mode @@ -3428,19 +3431,19 @@ Defaults to 0600 (read and write by user only). .Pp This setting is only supported by version 1.8.19 or higher. .It iolog_user -The user name to look up when setting the user and group IDs on new +The user name to look up when setting the user and group-IDs on new I/O log files and directories. If .Em iolog_group -is set, it will be used instead of the user's primary group ID. +is set, it will be used instead of the user's primary group-ID. By default, I/O log files and directories are created with user and -group ID 0. +group-ID 0. .Pp This setting can be useful when the I/O logs are stored on a Network File System (NFS) share. Having a dedicated user own the I/O log files means that .Nm -does not write to the log files as user ID 0, which is usually +does not write to the log files as user-ID 0, which is usually not permitted by NFS. .Pp This setting is only supported by version 1.8.19 or higher. @@ -4106,7 +4109,7 @@ is run by root with the .Fl V option. Note that many operating systems will remove potentially dangerous -variables from the environment of any setuid process (such as +variables from the environment of any set-user-ID process (such as .Nm sudo ) . .It env_keep Environment variables to be preserved in the user's environment when the @@ -4351,7 +4354,7 @@ The file could not be opened for reading. This can happen when the .Em sudoers -file is located on a remote file system that maps user ID 0 to +file is located on a remote file system that maps user-ID 0 to a different value. Normally, .Nm @@ -4364,7 +4367,7 @@ or adding an argument like .Dq sudoers_uid=N (where .Sq N -is the user ID that owns the +is the user-ID that owns the .Em sudoers file) to the end of the .Nm @@ -4390,7 +4393,7 @@ file owner, please add .Dq sudoers_uid=N (where .Sq N -is the user ID that owns the +is the user-ID that owns the .Em sudoers file) to the .Nm @@ -4424,7 +4427,7 @@ file group ownership, please add .Dq sudoers_gid=N (where .Sq N -is the group ID that owns the +is the group-ID that owns the .Em sudoers file) to the .Nm diff --git a/doc/sudoers_timestamp.man.in b/doc/sudoers_timestamp.man.in index 0c3e509a1..66a1e7052 100644 --- a/doc/sudoers_timestamp.man.in +++ b/doc/sudoers_timestamp.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -117,13 +117,13 @@ and which is used only when matching records. .TP 6n auth_uid -The user ID that was used for authentication. +The user-ID that was used for authentication. Depending on the value of the \fIrootpw\fR, \fIrunaspw\fR and \fItargetpw\fR -options, the user ID may be that of the invoking user, the root user, +options, the user-ID may be that of the invoking user, the root user, the default runas user or the target user. .TP 6n sid diff --git a/doc/sudoers_timestamp.mdoc.in b/doc/sudoers_timestamp.mdoc.in index f8dc956fb..b318abf44 100644 --- a/doc/sudoers_timestamp.mdoc.in +++ b/doc/sudoers_timestamp.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd October 7, 2018 +.Dd October 20, 2019 .Dt SUDOERS_TIMESTAMP @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -109,13 +109,13 @@ and .Li TS_ANYUID , which is used only when matching records. .It auth_uid -The user ID that was used for authentication. +The user-ID that was used for authentication. Depending on the value of the .Em rootpw , .Em runaspw and .Em targetpw -options, the user ID may be that of the invoking user, the root user, +options, the user-ID may be that of the invoking user, the root user, the default runas user or the target user. .It sid The ID of the user's terminal session, if present. diff --git a/doc/visudo.man.in b/doc/visudo.man.in index f04ff36a4..eb48f4b9c 100644 --- a/doc/visudo.man.in +++ b/doc/visudo.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "VISUDO" "@mansectsu@" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "VISUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -305,13 +305,13 @@ sudoers_uid=uid The \fIsudoers_uid\fR argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user ID. +It should be specified as a numeric user-ID. .TP 10n sudoers_gid=gid The \fIsudoers_gid\fR argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group ID (not a group name). +It must be specified as a numeric group-ID (not a group name). .TP 10n sudoers_mode=mode The @@ -379,7 +379,7 @@ You didn't run as root. .TP 6n \fRyou do not exist in the passwd database\fR -Your user ID does not appear in the system passwd database. +Your user-ID does not appear in the system passwd database. .TP 6n \fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in index 059dc7b37..8c0a1c315 100644 --- a/doc/visudo.mdoc.in +++ b/doc/visudo.mdoc.in @@ -20,7 +20,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd June 20, 2019 +.Dd October 20, 2019 .Dt VISUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -295,12 +295,12 @@ file. The .Em sudoers_uid argument can be used to override the default owner of the sudoers file. -It should be specified as a numeric user ID. +It should be specified as a numeric user-ID. .It sudoers_gid=gid The .Em sudoers_gid argument can be used to override the default group of the sudoers file. -It must be specified as a numeric group ID (not a group name). +It must be specified as a numeric group-ID (not a group name). .It sudoers_mode=mode The .Em sudoers_mode @@ -364,7 +364,7 @@ You didn't run .Nm as root. .It Li you do not exist in the passwd database -Your user ID does not appear in the system passwd database. +Your user-ID does not appear in the system passwd database. .It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c index ad70738e2..cf1186dcd 100644 --- a/plugins/sudoers/cvtsudoers_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -374,7 +374,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree, if (*value.u.string == '#') { id = sudo_strtoid(value.u.string + 1, &errstr); if (errstr != NULL) { - sudo_warnx("internal error: non-Unix group ID %s: \"%s\"", + sudo_warnx("internal error: non-Unix group-ID %s: \"%s\"", errstr, value.u.string + 1); } else { value.type = JSON_ID; @@ -387,7 +387,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree, if (*value.u.string == '#') { id = sudo_strtoid(value.u.string + 1, &errstr); if (errstr != NULL) { - sudo_warnx("internal error: group ID %s: \"%s\"", + sudo_warnx("internal error: group-ID %s: \"%s\"", errstr, value.u.string + 1); } else { value.type = JSON_ID; @@ -426,7 +426,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree, if (*value.u.string == '#') { id = sudo_strtoid(value.u.string + 1, &errstr); if (errstr != NULL) { - sudo_warnx("internal error: user ID %s: \"%s\"", + sudo_warnx("internal error: user-ID %s: \"%s\"", errstr, name); } else { value.type = JSON_ID; diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 8422631fd..cae253817 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -234,7 +234,7 @@ cb_maxseq(const union sudo_defs_val *sd_un) } /* - * Look up I/O log user ID from user name. Sets iolog_uid. + * Look up I/O log user-ID from user name. Sets iolog_uid. * Also sets iolog_gid if iolog_group not specified. */ static bool @@ -274,7 +274,7 @@ cb_iolog_user(const union sudo_defs_val *sd_un) } /* - * Look up I/O log group ID from group name. + * Look up I/O log group-ID from group name. * Sets iolog_gid. */ static bool @@ -303,7 +303,7 @@ iolog_set_group(const char *name) } /* - * Look up I/O log group ID from group name. + * Look up I/O log group-ID from group name. */ bool cb_iolog_group(const union sudo_defs_val *sd_un) diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index a0c980b82..583af5dcf 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -984,13 +984,13 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) CHECK_LDAP_VCAT(buf, pw->pw_name, sz); CHECK_STRLCAT(buf, ")", sz); - /* Append user ID */ + /* Append user-ID */ (void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid); CHECK_STRLCAT(buf, "(sudoUser=#", sz); CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, ")", sz); - /* Append primary group and group ID */ + /* Append primary group and group-ID */ if (grp != NULL) { CHECK_STRLCAT(buf, "(sudoUser=%", sz); CHECK_LDAP_VCAT(buf, grp->gr_name, sz); @@ -1001,7 +1001,7 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw) CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, ")", sz); - /* Append supplementary groups and group IDs */ + /* Append supplementary groups and group-IDs */ if (grlist != NULL) { for (i = 0; i < grlist->ngroups; i++) { if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index c920e37e0..2f78828e8 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -434,17 +434,17 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) } } - /* User name, user ID, group ID and host name must be specified. */ + /* User name, user-ID, group-ID and host name must be specified. */ if (user_name == NULL) { sudo_warnx(U_("user name not set by sudo front-end")); goto bad; } if (!uid_set) { - sudo_warnx(U_("user ID not set by sudo front-end")); + sudo_warnx(U_("user-ID not set by sudo front-end")); goto bad; } if (!gid_set) { - sudo_warnx(U_("group ID not set by sudo front-end")); + sudo_warnx(U_("group-ID not set by sudo front-end")); goto bad; } if (user_host == NULL) { diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index 69b60a0dc..5176686a6 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -103,7 +103,7 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem, } /* - * Compare by user ID. + * Compare by user-ID. * v1 is the key to find or data to insert, v2 is in-tree data. */ static int @@ -135,7 +135,7 @@ cmp_pwnam(const void *v1, const void *v2) /* * Compare by user name, taking into account the source type. - * Need to differentiate between group IDs received from the front-end + * Need to differentiate between group-IDs received from the front-end * (via getgroups()) and groups IDs queried from the group database. * v1 is the key to find or data to insert, v2 is in-tree data. */ @@ -463,7 +463,7 @@ sudo_freepwcache(void) } /* - * Compare by group ID. + * Compare by group-ID. * v1 is the key to find or data to insert, v2 is in-tree data. */ static int @@ -908,7 +908,7 @@ sudo_get_gidlist(const struct passwd *pw, unsigned int type) struct rbnode *node; debug_decl(sudo_get_gidlist, SUDOERS_DEBUG_NSS) - sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group IDs for %s", + sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group-IDs for %s", __func__, pw->pw_name); if (gidlist_cache == NULL) { @@ -1015,7 +1015,7 @@ user_in_group(const struct passwd *pw, const char *group) debug_decl(user_in_group, SUDOERS_DEBUG_NSS) /* - * If it could be a sudo-style group ID check gids first. + * If it could be a sudo-style group-ID check gids first. */ if (group[0] == '#') { const char *errstr; @@ -1041,8 +1041,8 @@ user_in_group(const struct passwd *pw, const char *group) /* * Next match the group name. By default, sudoers resolves all the user's - * group IDs to names and matches by name. If match_group_by_gid is - * set, each group is sudoers is resolved and matching is by group ID. + * group-IDs to names and matches by name. If match_group_by_gid is + * set, each group is sudoers is resolved and matching is by group-ID. */ if (def_match_group_by_gid) { gid_t gid; @@ -1052,7 +1052,7 @@ user_in_group(const struct passwd *pw, const char *group) goto done; gid = grp->gr_gid; - /* Check against user's primary (passwd file) group ID. */ + /* Check against user's primary (passwd file) group-ID. */ if (gid == pw->pw_gid) { matched = true; goto done; diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index 69f6c1f9a..f859d03fc 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -736,7 +736,7 @@ sudo_sss_getdefs(struct sudo_nss *nss) sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults"); - /* NOTE: these are global defaults, user ID and name are not used. */ + /* NOTE: these are global defaults, user-ID and name are not used. */ rc = handle->fn_send_recv_defaults(sudo_user.pw->pw_uid, sudo_user.pw->pw_name, &sss_error, &handle->domainname, &sss_result); switch (rc) { diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 691e8a469..5ff0760d4 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -157,7 +157,7 @@ main(int argc, char *argv[]) case 'G': sudoers_gid = (gid_t)sudo_strtoid(optarg, &errstr); if (errstr != NULL) - sudo_fatalx("group ID %s: %s", optarg, errstr); + sudo_fatalx("group-ID %s: %s", optarg, errstr); break; case 'g': runas_group = optarg; @@ -188,7 +188,7 @@ main(int argc, char *argv[]) case 'U': sudoers_uid = (uid_t)sudo_strtoid(optarg, &errstr); if (errstr != NULL) - sudo_fatalx("user ID %s: %s", optarg, errstr); + sudo_fatalx("user-ID %s: %s", optarg, errstr); break; case 'u': runas_user = optarg; diff --git a/src/exec.c b/src/exec.c index 323e8f296..c60126fec 100644 --- a/src/exec.c +++ b/src/exec.c @@ -215,7 +215,7 @@ exec_setup(struct command_details *details) goto done; } #else - /* Cannot support real user ID that is different from effective user ID. */ + /* Cannot support real user-ID that is different from effective user-ID. */ if (setuid(details->euid) != 0) { sudo_warn(U_("unable to change to runas uid (%u, %u)"), (unsigned int)details->euid, (unsigned int)details->euid);