More minor costmetic fixes.

doc/sudo_plugin.cat

@@ -22,9 +22,9 @@ DDEESSCCRRIIPPTTIIOONN
        The plugin API is defined by the sudo_plugin.h header file.
 
    TThhee ssuuddoo..ccoonnff FFiillee
-       The _/_e_t_c_/_s_u_d_o_._c_o_n_f file contains plugin configuration directives.
+       The _/_e_t_c_/_s_u_d_o_._c_o_n_f file contains plugin configuration directives.  The
-       Currently, the only supported keyword is the Plugin directive, which
+       primary keyword is the Plugin directive, which causes a plugin to be
-       causes a plugin plugin to be loaded.
+       loaded.
 
        A Plugin line consists of the Plugin keyword, followed by the
        _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.
@@ -149,8 +149,8 @@ DDEESSCCRRIIPPTTIIOONN
                    flags are passed to the plugin as they appear in
                    _/_e_t_c_/_s_u_d_o_._c_o_n_f.  The syntax used by ssuuddoo and the _s_u_d_o_e_r_s
                    plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is free to use
-                   a different format so long as it does not include a command
+                   a different format so long as it does not include a comma
-                   ,.
+                   (,).
 
                    For reference, the priorities supported by the ssuuddoo front
                    end and _s_u_d_o_e_r_s are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o,
@@ -171,31 +171,31 @@ DDEESSCCRRIIPPTTIIOONN
 
                runas_user=string
                    The user name or uid to to run the command as, if specified
-                   via the -u flag.
+                   via the --uu flag.
 
                runas_group=string
                    The group name or gid to to run the command as, if
-                   specified via the -g flag.
+                   specified via the --gg flag.
 
                prompt=string
                    The prompt to use when requesting a password, if specified
-                   via the -p flag.
+                   via the --pp flag.
 
                set_home=bool
-                   Set to true if the user specified the -H flag.  If true,
+                   Set to true if the user specified the --HH flag.  If true,
                    set the HOME environment variable to the target user's home
                    directory.
 
                preserve_environment=bool
-                   Set to true if the user specified the -E flag, indicating
+                   Set to true if the user specified the --EE flag, indicating
                    that the user wishes to preserve the environment.
 
                run_shell=bool
-                   Set to true if the user specified the -s flag, indicating
+                   Set to true if the user specified the --ss flag, indicating
                    that the user wishes to run a shell.
 
                login_shell=bool
-                   Set to true if the user specified the -i flag, indicating
+                   Set to true if the user specified the --ii flag, indicating
                    that the user wishes to run a login shell.
 
                implied_shell=bool
@@ -208,35 +208,35 @@ DDEESSCCRRIIPPTTIIOONN
                    print a usage message and exit.
 
                preserve_groups=bool
-                   Set to true if the user specified the -P flag, indicating
+                   Set to true if the user specified the --PP flag, indicating
                    that the user wishes to preserve the group vector instead
                    of setting it based on the runas user.
 
                ignore_ticket=bool
-                   Set to true if the user specified the -k flag along with a
+                   Set to true if the user specified the --kk flag along with a
                    command, indicating that the user wishes to ignore any
                    cached authentication credentials.
 
                noninteractive=bool
-                   Set to true if the user specified the -n flag, indicating
+                   Set to true if the user specified the --nn flag, indicating
                    that ssuuddoo should operate in non-interactive mode.  The
                    plugin may reject a command run in non-interactive mode if
                    user interaction is required.
 
                login_class=string
                    BSD login class to use when setting resource limits and
-                   nice value, if specified by the -c flag.
+                   nice value, if specified by the --cc flag.
 
                selinux_role=string
                    SELinux role to use when executing the command, if
-                   specified by the -r flag.
+                   specified by the --rr flag.
 
                selinux_type=string
                    SELinux type to use when executing the command, if
-                   specified by the -t flag.
+                   specified by the --tt flag.
 
                bsdauth_type=string
-                   Authentication type, if specified by the -a flag, to use on
+                   Authentication type, if specified by the --aa flag, to use on
                    systems where BSD authentication is supported.
 
                network_addrs=list
@@ -252,14 +252,14 @@ DDEESSCCRRIIPPTTIIOONN
                    "sudoedit".
 
                sudoedit=bool
-                   Set to true when the -e flag is is specified or if invoked
+                   Set to true when the --ee flag is is specified or if invoked
                    as ssuuddooeeddiitt.  The plugin shall substitute an editor into
                    _a_r_g_v in the _c_h_e_c_k___p_o_l_i_c_y function or return -2 with a usage
                    error if the plugin does not support _s_u_d_o_e_d_i_t.  For more
                    information, see the _c_h_e_c_k___p_o_l_i_c_y section.
 
                closefrom=number
-                   If specified, the user has requested via the -C flag that
+                   If specified, the user has requested via the --CC flag that
                    ssuuddoo close all files descriptors with a value of _n_u_m_b_e_r or
                    higher.  The plugin may optionally pass this, or another
                    value, back in the _c_o_m_m_a_n_d___i_n_f_o list.
@@ -384,7 +384,7 @@ DDEESSCCRRIIPPTTIIOONN
             int (*show_version)(int verbose);
 
            The show_version function is called by ssuuddoo when the user specifies
-           the -V option.  The plugin may display its version information to
+           the --VV option.  The plugin may display its version information to
            the user via the conversation or plugin_printf function using
            SUDO_CONV_INFO_MSG.  If the user requests detailed version
            information, the verbose flag will be set.
@@ -631,7 +631,7 @@ DDEESSCCRRIIPPTTIIOONN
        validate
             int (*validate)(void);
 
-           The validate function is called when ssuuddoo is run with the -v flag.
+           The validate function is called when ssuuddoo is run with the --vv flag.
            For policy plugins such as _s_u_d_o_e_r_s that cache authentication
            credentials, this function will validate and cache the credentials.
 
@@ -646,8 +646,8 @@ DDEESSCCRRIIPPTTIIOONN
        invalidate
             void (*invalidate)(int remove);
 
-           The invalidate function is called when ssuuddoo is called with the -k
+           The invalidate function is called when ssuuddoo is called with the --kk
-           or -K flag.  For policy plugins such as _s_u_d_o_e_r_s that cache
+           or --KK flag.  For policy plugins such as _s_u_d_o_e_r_s that cache
            authentication credentials, this function will invalidate the
            credentials.  If the _r_e_m_o_v_e flag is set, the plugin may remove the
            credentials instead of simply invalidating them.
@@ -918,7 +918,7 @@ DDEESSCCRRIIPPTTIIOONN
             int (*show_version)(int verbose);
 
            The show_version function is called by ssuuddoo when the user specifies
-           the -V option.  The plugin may display its version information to
+           the --VV option.  The plugin may display its version information to
            the user via the conversation or plugin_printf function using
            SUDO_CONV_INFO_MSG.  If the user requests detailed version
            information, the verbose flag will be set.
@@ -1203,7 +1203,7 @@ DDEESSCCRRIIPPTTIIOONN
        user reply is needed and supports standard _p_r_i_n_t_f_(_) escape sequences.
 
        Unlike, SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG, messages sent with
-       the <SUDO_CONV_DEBUG_MSG> _m_s_g___t_y_p_e are not directly user-visible.
+       the SUDO_CONV_DEBUG_MSG _m_s_g___t_y_p_e are not directly user-visible.
        Instead, they are logged to the file specified in the Debug statement
        (if any) in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file.  This allows a plugin to log
        debugging information and is intended to be used in conjunction with
@@ -1355,4 +1355,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.6                            June 29, 2012                 SUDO_PLUGIN(1m)
+1.8.6                            July 17, 2012                 SUDO_PLUGIN(1m)

doc/sudo_plugin.man.in

@@ -139,7 +139,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO_PLUGIN @mansectsu@"
-.TH SUDO_PLUGIN @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
+.TH SUDO_PLUGIN @mansectsu@ "July 17, 2012" "1.8.6" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,8 +165,8 @@ The plugin \s-1API\s0 is defined by the \f(CW\*(C`sudo_plugin.h\*(C'\fR header f
 .SS "The sudo.conf File"
 .IX Subsection "The sudo.conf File"
 The \fI@sysconfdir@/sudo.conf\fR file contains plugin configuration directives.
-Currently, the only supported keyword is the \f(CW\*(C`Plugin\*(C'\fR directive,
+The primary keyword is the \f(CW\*(C`Plugin\*(C'\fR directive, which causes a plugin
-which causes a plugin plugin to be loaded.
+to be loaded.
 .PP
 A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword, followed by the
 \&\fIsymbol_name\fR and the \fIpath\fR to the shared object containing the
@@ -300,7 +300,7 @@ A comma-separated list of debug flags that correspond to \fBsudo\fR's
 flags are passed to the plugin as they appear in \fI@sysconfdir@/sudo.conf\fR.
 The syntax used by \fBsudo\fR and the \fIsudoers\fR plugin is
 \&\fIsubsystem\fR@\fIpriority\fR but the plugin is free to use a different
-format so long as it does not include a command \f(CW\*(C`,\*(C'\fR.
+format so long as it does not include a comma (\f(CW\*(C`,\*(C'\fR).
 .Sp
 For reference, the priorities supported by the \fBsudo\fR front end and
 \&\fIsudoers\fR are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR,
@@ -320,30 +320,30 @@ This setting has been deprecated in favor of \fIdebug_flags\fR.
 .IP "runas_user=string" 4
 .IX Item "runas_user=string"
 The user name or uid to to run the command as, if specified via the
-\&\f(CW\*(C`\-u\*(C'\fR flag.
+\&\fB\-u\fR flag.
 .IP "runas_group=string" 4
 .IX Item "runas_group=string"
 The group name or gid to to run the command as, if specified via
-the \f(CW\*(C`\-g\*(C'\fR flag.
+the \fB\-g\fR flag.
 .IP "prompt=string" 4
 .IX Item "prompt=string"
 The prompt to use when requesting a password, if specified via
-the \f(CW\*(C`\-p\*(C'\fR flag.
+the \fB\-p\fR flag.
 .IP "set_home=bool" 4
 .IX Item "set_home=bool"
-Set to true if the user specified the \f(CW\*(C`\-H\*(C'\fR flag.  If true, set the
+Set to true if the user specified the \fB\-H\fR flag.  If true, set the
 \&\f(CW\*(C`HOME\*(C'\fR environment variable to the target user's home directory.
 .IP "preserve_environment=bool" 4
 .IX Item "preserve_environment=bool"
-Set to true if the user specified the \f(CW\*(C`\-E\*(C'\fR flag, indicating that
+Set to true if the user specified the \fB\-E\fR flag, indicating that
 the user wishes to preserve the environment.
 .IP "run_shell=bool" 4
 .IX Item "run_shell=bool"
-Set to true if the user specified the \f(CW\*(C`\-s\*(C'\fR flag, indicating that
+Set to true if the user specified the \fB\-s\fR flag, indicating that
 the user wishes to run a shell.
 .IP "login_shell=bool" 4
 .IX Item "login_shell=bool"
-Set to true if the user specified the \f(CW\*(C`\-i\*(C'\fR flag, indicating that
+Set to true if the user specified the \fB\-i\fR flag, indicating that
 the user wishes to run a login shell.
 .IP "implied_shell=bool" 4
 .IX Item "implied_shell=bool"
@@ -356,35 +356,35 @@ function, which will cause \fBsudo\fR to print a usage message and
 exit.
 .IP "preserve_groups=bool" 4
 .IX Item "preserve_groups=bool"
-Set to true if the user specified the \f(CW\*(C`\-P\*(C'\fR flag, indicating that
+Set to true if the user specified the \fB\-P\fR flag, indicating that
 the user wishes to preserve the group vector instead of setting it
 based on the runas user.
 .IP "ignore_ticket=bool" 4
 .IX Item "ignore_ticket=bool"
-Set to true if the user specified the \f(CW\*(C`\-k\*(C'\fR flag along with a
+Set to true if the user specified the \fB\-k\fR flag along with a
 command, indicating that the user wishes to ignore any cached
 authentication credentials.
 .IP "noninteractive=bool" 4
 .IX Item "noninteractive=bool"
-Set to true if the user specified the \f(CW\*(C`\-n\*(C'\fR flag, indicating that
+Set to true if the user specified the \fB\-n\fR flag, indicating that
 \&\fBsudo\fR should operate in non-interactive mode.  The plugin may
 reject a command run in non-interactive mode if user interaction
 is required.
 .IP "login_class=string" 4
 .IX Item "login_class=string"
 \&\s-1BSD\s0 login class to use when setting resource limits and nice value,
-if specified by the \f(CW\*(C`\-c\*(C'\fR flag.
+if specified by the \fB\-c\fR flag.
 .IP "selinux_role=string" 4
 .IX Item "selinux_role=string"
 SELinux role to use when executing the command, if specified by
-the \f(CW\*(C`\-r\*(C'\fR flag.
+the \fB\-r\fR flag.
 .IP "selinux_type=string" 4
 .IX Item "selinux_type=string"
 SELinux type to use when executing the command, if specified by
-the \f(CW\*(C`\-t\*(C'\fR flag.
+the \fB\-t\fR flag.
 .IP "bsdauth_type=string" 4
 .IX Item "bsdauth_type=string"
-Authentication type, if specified by the \f(CW\*(C`\-a\*(C'\fR flag, to use on
+Authentication type, if specified by the \fB\-a\fR flag, to use on
 systems where \s-1BSD\s0 authentication is supported.
 .IP "network_addrs=list" 4
 .IX Item "network_addrs=list"
@@ -398,14 +398,14 @@ it is an IPv6 address, else it is IPv4.
 The command name that sudo was run as, typically \*(L"sudo\*(R" or \*(L"sudoedit\*(R".
 .IP "sudoedit=bool" 4
 .IX Item "sudoedit=bool"
-Set to true when the \f(CW\*(C`\-e\*(C'\fR flag is is specified or if invoked as
+Set to true when the \fB\-e\fR flag is is specified or if invoked as
 \&\fBsudoedit\fR.  The plugin shall substitute an editor into \fIargv\fR
 in the \fIcheck_policy\fR function or return \f(CW\*(C`\-2\*(C'\fR with a usage error
 if the plugin does not support \fIsudoedit\fR.  For more information,
 see the \fIcheck_policy\fR section.
 .IP "closefrom=number" 4
 .IX Item "closefrom=number"
-If specified, the user has requested via the \f(CW\*(C`\-C\*(C'\fR flag that \fBsudo\fR
+If specified, the user has requested via the \fB\-C\fR flag that \fBsudo\fR
 close all files descriptors with a value of \fInumber\fR or higher.
 The plugin may optionally pass this, or another value, back in the
 \&\fIcommand_info\fR list.
@@ -545,7 +545,7 @@ function.  If the command was successfully executed, the value of
 .Ve
 .Sp
 The \f(CW\*(C`show_version\*(C'\fR function is called by \fBsudo\fR when the user specifies
-the \f(CW\*(C`\-V\*(C'\fR option.  The plugin may display its version information
+the \fB\-V\fR option.  The plugin may display its version information
 to the user via the conversation or plugin_printf function using
 \&\f(CW\*(C`SUDO_CONV_INFO_MSG\*(C'\fR.  If the user requests detailed version
 information, the verbose flag will be set.
@@ -799,7 +799,7 @@ displayed along with any command line arguments.
 .Ve
 .Sp
 The \f(CW\*(C`validate\*(C'\fR function is called when \fBsudo\fR is run with the
-\&\f(CW\*(C`\-v\*(C'\fR flag.  For policy plugins such as \fIsudoers\fR that cache
+\&\fB\-v\fR flag.  For policy plugins such as \fIsudoers\fR that cache
 authentication credentials, this function will validate and cache
 the credentials.
 .Sp
@@ -817,7 +817,7 @@ error information to the user.
 .Ve
 .Sp
 The \f(CW\*(C`invalidate\*(C'\fR function is called when \fBsudo\fR is called with
-the \f(CW\*(C`\-k\*(C'\fR or \f(CW\*(C`\-K\*(C'\fR flag.  For policy plugins such as \fIsudoers\fR that
+the \fB\-k\fR or \fB\-K\fR flag.  For policy plugins such as \fIsudoers\fR that
 cache authentication credentials, this function will invalidate the
 credentials.  If the \fIremove\fR flag is set, the plugin may remove
 the credentials instead of simply invalidating them.
@@ -1110,7 +1110,7 @@ successfully executed, the value of \f(CW\*(C`error\*(C'\fR is 0.
 .Ve
 .Sp
 The \f(CW\*(C`show_version\*(C'\fR function is called by \fBsudo\fR when the user specifies
-the \f(CW\*(C`\-V\*(C'\fR option.  The plugin may display its version information
+the \fB\-V\fR option.  The plugin may display its version information
 to the user via the conversation or plugin_printf function using
 \&\f(CW\*(C`SUDO_CONV_INFO_MSG\*(C'\fR.  If the user requests detailed version
 information, the verbose flag will be set.
@@ -1467,7 +1467,7 @@ function if no user reply is needed and supports standard \fIprintf()\fR
 escape sequences.
 .PP
 Unlike, \f(CW\*(C`SUDO_CONV_INFO_MSG\*(C'\fR and \f(CW\*(C`SUDO_CONV_ERROR_MSG\*(C'\fR, messages
-sent with the <\s-1SUDO_CONV_DEBUG_MSG\s0> \fImsg_type\fR are not directly
+sent with the \f(CW\*(C`SUDO_CONV_DEBUG_MSG\*(C'\fR \fImsg_type\fR are not directly
 user-visible.  Instead, they are logged to the file specified in
 the \f(CW\*(C`Debug\*(C'\fR statement (if any) in the \fI@sysconfdir@/sudo.conf\fR
 file.  This allows a plugin to log debugging information and is

doc/sudo_plugin.pod

@@ -39,8 +39,8 @@ The plugin API is defined by the C<sudo_plugin.h> header file.
 =head2 The sudo.conf File
 
 The F<@sysconfdir@/sudo.conf> file contains plugin configuration directives.
-Currently, the only supported keyword is the C<Plugin> directive,
+The primary keyword is the C<Plugin> directive, which causes a plugin
-which causes a plugin plugin to be loaded.
+to be loaded.
 
 A C<Plugin> line consists of the C<Plugin> keyword, followed by the
 I<symbol_name> and the I<path> to the shared object containing the
@@ -181,7 +181,7 @@ C<Debug> entry in F<@sysconfdir@/sudo.conf>, if there is one.  The
 flags are passed to the plugin as they appear in F<@sysconfdir@/sudo.conf>.
 The syntax used by B<sudo> and the I<sudoers> plugin is
 I<subsystem>@I<priority> but the plugin is free to use a different
-format so long as it does not include a command C<,>.
+format so long as it does not include a comma (C<,>).
 
 For reference, the priorities supported by the B<sudo> front end and
 I<sudoers> are: I<crit>, I<err>, I<warn>, I<notice>, I<diag>,
@@ -203,36 +203,36 @@ This setting has been deprecated in favor of I<debug_flags>.
 =item runas_user=string
 
 The user name or uid to to run the command as, if specified via the
-C<-u> flag.
+B<-u> flag.
 
 =item runas_group=string
 
 The group name or gid to to run the command as, if specified via
-the C<-g> flag.
+the B<-g> flag.
 
 =item prompt=string
 
 The prompt to use when requesting a password, if specified via
-the C<-p> flag.
+the B<-p> flag.
 
 =item set_home=bool
 
-Set to true if the user specified the C<-H> flag.  If true, set the
+Set to true if the user specified the B<-H> flag.  If true, set the
 C<HOME> environment variable to the target user's home directory.
 
 =item preserve_environment=bool
 
-Set to true if the user specified the C<-E> flag, indicating that
+Set to true if the user specified the B<-E> flag, indicating that
 the user wishes to preserve the environment.
 
 =item run_shell=bool
 
-Set to true if the user specified the C<-s> flag, indicating that
+Set to true if the user specified the B<-s> flag, indicating that
 the user wishes to run a shell.
 
 =item login_shell=bool
 
-Set to true if the user specified the C<-i> flag, indicating that
+Set to true if the user specified the B<-i> flag, indicating that
 the user wishes to run a login shell.
 
 =item implied_shell=bool
@@ -247,19 +247,19 @@ exit.
 
 =item preserve_groups=bool
 
-Set to true if the user specified the C<-P> flag, indicating that
+Set to true if the user specified the B<-P> flag, indicating that
 the user wishes to preserve the group vector instead of setting it
 based on the runas user.
 
 =item ignore_ticket=bool
 
-Set to true if the user specified the C<-k> flag along with a
+Set to true if the user specified the B<-k> flag along with a
 command, indicating that the user wishes to ignore any cached
 authentication credentials.
 
 =item noninteractive=bool
 
-Set to true if the user specified the C<-n> flag, indicating that
+Set to true if the user specified the B<-n> flag, indicating that
 B<sudo> should operate in non-interactive mode.  The plugin may
 reject a command run in non-interactive mode if user interaction
 is required.
@@ -267,21 +267,21 @@ is required.
 =item login_class=string
 
 BSD login class to use when setting resource limits and nice value,
-if specified by the C<-c> flag.
+if specified by the B<-c> flag.
 
 =item selinux_role=string
 
 SELinux role to use when executing the command, if specified by
-the C<-r> flag.
+the B<-r> flag.
 
 =item selinux_type=string
 
 SELinux type to use when executing the command, if specified by
-the C<-t> flag.
+the B<-t> flag.
 
 =item bsdauth_type=string
 
-Authentication type, if specified by the C<-a> flag, to use on
+Authentication type, if specified by the B<-a> flag, to use on
 systems where BSD authentication is supported.
 
 =item network_addrs=list
@@ -298,7 +298,7 @@ The command name that sudo was run as, typically "sudo" or "sudoedit".
 
 =item sudoedit=bool
 
-Set to true when the C<-e> flag is is specified or if invoked as
+Set to true when the B<-e> flag is is specified or if invoked as
 B<sudoedit>.  The plugin shall substitute an editor into I<argv>
 in the I<check_policy> function or return C<-2> with a usage error
 if the plugin does not support I<sudoedit>.  For more information,
@@ -306,7 +306,7 @@ see the I<check_policy> section.
 
 =item closefrom=number
 
-If specified, the user has requested via the C<-C> flag that B<sudo>
+If specified, the user has requested via the B<-C> flag that B<sudo>
 close all files descriptors with a value of I<number> or higher.
 The plugin may optionally pass this, or another value, back in the
 I<command_info> list.
@@ -463,7 +463,7 @@ C<error> is 0.
  int (*show_version)(int verbose);
 
 The C<show_version> function is called by B<sudo> when the user specifies
-the C<-V> option.  The plugin may display its version information
+the B<-V> option.  The plugin may display its version information
 to the user via the conversation or plugin_printf function using
 C<SUDO_CONV_INFO_MSG>.  If the user requests detailed version
 information, the verbose flag will be set.
@@ -752,7 +752,7 @@ displayed along with any command line arguments.
  int (*validate)(void);
 
 The C<validate> function is called when B<sudo> is run with the
-C<-v> flag.  For policy plugins such as I<sudoers> that cache
+B<-v> flag.  For policy plugins such as I<sudoers> that cache
 authentication credentials, this function will validate and cache
 the credentials.
 
@@ -769,7 +769,7 @@ error information to the user.
  void (*invalidate)(int remove);
 
 The C<invalidate> function is called when B<sudo> is called with
-the C<-k> or C<-K> flag.  For policy plugins such as I<sudoers> that
+the B<-k> or B<-K> flag.  For policy plugins such as I<sudoers> that
 cache authentication credentials, this function will invalidate the
 credentials.  If the I<remove> flag is set, the plugin may remove
 the credentials instead of simply invalidating them.
@@ -1069,7 +1069,7 @@ successfully executed, the value of C<error> is 0.
  int (*show_version)(int verbose);
 
 The C<show_version> function is called by B<sudo> when the user specifies
-the C<-V> option.  The plugin may display its version information
+the B<-V> option.  The plugin may display its version information
 to the user via the conversation or plugin_printf function using
 C<SUDO_CONV_INFO_MSG>.  If the user requests detailed version
 information, the verbose flag will be set.
@@ -1430,7 +1430,7 @@ function if no user reply is needed and supports standard printf()
 escape sequences.
 
 Unlike, C<SUDO_CONV_INFO_MSG> and C<SUDO_CONV_ERROR_MSG>, messages
-sent with the <SUDO_CONV_DEBUG_MSG> I<msg_type> are not directly
+sent with the C<SUDO_CONV_DEBUG_MSG> I<msg_type> are not directly
 user-visible.  Instead, they are logged to the file specified in
 the C<Debug> statement (if any) in the F<@sysconfdir@/sudo.conf>
 file.  This allows a plugin to log debugging information and is

doc/sudoers.cat

@@ -43,10 +43,11 @@ DDEESSCCRRIIPPTTIIOONN
        _s_u_d_o_e_r_s uses time stamp files for credential caching.  Once a user has
        been authenticated, a time stamp is updated and the user may then use
        sudo without a password for a short period of time (5 minutes unless
-       overridden by the _t_i_m_e_o_u_t option.  By default, _s_u_d_o_e_r_s uses a tty-based
+       overridden by the _t_i_m_e_o_u_t option).  By default, _s_u_d_o_e_r_s uses a tty-
-       time stamp which means that there is a separate time stamp for each of
+       based time stamp which means that there is a separate time stamp for
-       a user's login sessions.  The _t_t_y___t_i_c_k_e_t_s option can be disabled to
+       each of a user's login sessions.  The _t_t_y___t_i_c_k_e_t_s option can be
-       force the use of a single time stamp for all of a user's sessions.
+       disabled to force the use of a single time stamp for all of a user's
+       sessions.
 
        _s_u_d_o_e_r_s can log both successful and unsuccessful attempts (as well as
        errors) to _s_y_s_l_o_g(3), a log file, or both.  By default, _s_u_d_o_e_r_s will
@@ -440,11 +441,11 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        however, will supercede the values in _s_u_d_o_e_r_s.
 
    TTaagg__SSppeecc
-       A command may have zero or more tags associated with it.  There are
+       A command may have zero or more tags associated with it.  There are ten
-       eight possible tag values, NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV,
+       possible tag values, NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,
-       NOSETENV, LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT and NOLOG_OUTPUT.  Once a
+       LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT and NOLOG_OUTPUT.  Once a tag is set
-       tag is set on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit
+       on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit the tag
-       the tag unless it is overridden by the opposite tag (i.e.: PASSWD
+       unless it is overridden by the opposite tag (in other words, PASSWD
        overrides NOPASSWD and NOEXEC overrides EXEC).
 
        _N_O_P_A_S_S_W_D _a_n_d _P_A_S_S_W_D
@@ -527,7 +528,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        [!...]  Matches any character nnoott in the specified range.
 
        \x      For any character "x", evaluates to "x".  This is used to
-               escape special characters such as: "*", "?", "[", and "}".
+               escape special characters such as: "*", "?", "[", and "]".
 
        POSIX character classes may also be used if your system's _g_l_o_b(3) and
        _f_n_m_a_t_c_h(3) functions support them.  However, because the ':' character
@@ -573,7 +574,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        file loops.
 
        If the path to the include file is not fully-qualified (does not begin
-       with a _/), it must be located in the same directory as the sudoers file
+       with a /), it must be located in the same directory as the sudoers file
        it was included from.  For example, if _/_e_t_c_/_s_u_d_o_e_r_s contains the line:
 
            #include sudoers.local
@@ -581,7 +582,8 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        the file that will be included is _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l.
 
        The file name may also include the %h escape, signifying the short form
-       of the host name.  I.e., if the machine's host name is "xerxes", then
+       of the host name.  In other words, if the machine's host name is
+       "xerxes", then
 
        #include /etc/sudoers.%h
 
@@ -604,7 +606,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
 
        Note that unlike files included via #include, vviissuuddoo will not edit the
        files in a #includedir directory unless one of them contains a syntax
-       error.  It is still possible to run vviissuuddoo with the -f flag to edit the
+       error.  It is still possible to run vviissuuddoo with the --ff flag to edit the
        files directly.
 
    OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss
@@ -690,7 +692,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        followed by any variables present in the file specified
                        by the _e_n_v___f_i_l_e option (if any).  The default contents
                        of the env_keep and env_check lists are displayed when
-                       ssuuddoo is run by root with the _-_V option.  If the
+                       ssuuddoo is run by root with the --VV option.  If the
                        _s_e_c_u_r_e___p_a_t_h option is set, its value will be used for
                        the PATH environment variable.  This flag is _o_n by
                        default.
@@ -714,22 +716,22 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        flag is _o_f_f by default.
 
        fqdn            Set this flag if you want to put fully qualified host
-                       names in the _s_u_d_o_e_r_s file.  I.e., instead of myhost you
+                       names in the _s_u_d_o_e_r_s file.  In other words, instead of
-                       would use myhost.mydomain.edu.  You may still use the
+                       myhost you would use myhost.mydomain.edu.  You may
-                       short form if you wish (and even mix the two).  Beware
+                       still use the short form if you wish (and even mix the
-                       that turning on _f_q_d_n requires ssuuddoo to make DNS lookups
+                       two).  Beware that turning on _f_q_d_n requires ssuuddoo to
-                       which may make ssuuddoo unusable if DNS stops working (for
+                       make DNS lookups which may make ssuuddoo unusable if DNS
-                       example if the machine is not plugged into the
+                       stops working (for example if the machine is not
-                       network).  Also note that you must use the host's
+                       plugged into the network).  Also note that you must use
-                       official name as DNS knows it.  That is, you may not
+                       the host's official name as DNS knows it.  That is, you
-                       use a host alias (CNAME entry) due to performance
+                       may not use a host alias (CNAME entry) due to
-                       issues and the fact that there is no way to get all
+                       performance issues and the fact that there is no way to
-                       aliases from DNS.  If your machine's host name (as
+                       get all aliases from DNS.  If your machine's host name
-                       returned by the hostname command) is already fully
+                       (as returned by the hostname command) is already fully
                        qualified you shouldn't need to set _f_q_d_n.  This flag is
                        _o_f_f by default.
 
-       ignore_dot      If set, ssuuddoo will ignore '.' or '' (current dir) in the
+       ignore_dot      If set, ssuuddoo will ignore "." or "" (current dir) in the
                        PATH environment variable; the PATH itself is not
                        modified.  This flag is _o_f_f by default.
 
@@ -761,7 +763,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        Input is logged to the directory specified by the
                        _i_o_l_o_g___d_i_r option (_/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o by default) using a
                        unique session ID that is included in the normal ssuuddoo
-                       log line, prefixed with _T_S_I_D_=.  The _i_o_l_o_g___f_i_l_e option
+                       log line, prefixed with "TSID=".  The _i_o_l_o_g___f_i_l_e option
                        may be used to control the format of the session ID.
 
                        Note that user input may contain sensitive information
@@ -781,7 +783,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        Output is logged to the directory specified by the
                        _i_o_l_o_g___d_i_r option (_/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o by default) using a
                        unique session ID that is included in the normal ssuuddoo
-                       log line, prefixed with _T_S_I_D_=.  The _i_o_l_o_g___f_i_l_e option
+                       log line, prefixed with "TSID=".  The _i_o_l_o_g___f_i_l_e option
                        may be used to control the format of the session ID.
 
                        Output logs may be viewed with the _s_u_d_o_r_e_p_l_a_y(1m)
@@ -987,8 +989,9 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        on the terminal.  If the _v_i_s_i_b_l_e_p_w flag is set, ssuuddoo
                        will prompt for a password even when it would be
                        visible on the screen.  This makes it possible to run
-                       things like "rsh somehost sudo ls" since _r_s_h(1) does
+                       things like "ssh somehost sudo ls" since by default,
-                       not allocate a tty.  This flag is _o_f_f by default.
+                       _s_s_h(1) does not allocate a tty when running a command.
+                       This flag is _o_f_f by default.
 
        IInntteeggeerrss:
 
@@ -1326,7 +1329,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        env_check will be preserved in the environment if they
                        pass the aforementioned check.  The default list of
                        environment variables to check is displayed when ssuuddoo
-                       is run by root with the _-_V option.
+                       is run by root with the --VV option.
 
        env_delete      Environment variables to be removed from the user's
                        environment when the _e_n_v___r_e_s_e_t option is not in effect.
@@ -1335,7 +1338,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        can be replaced, added to, deleted from, or disabled by
                        using the =, +=, -=, and ! operators respectively.  The
                        default list of environment variables to remove is
-                       displayed when ssuuddoo is run by root with the _-_V option.
+                       displayed when ssuuddoo is run by root with the --VV option.
                        Note that many operating systems will remove
                        potentially dangerous variables from the environment of
                        any setuid process (such as ssuuddoo).
@@ -1349,7 +1352,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        added to, deleted from, or disabled by using the =, +=,
                        -=, and ! operators respectively.  The default list of
                        variables to keep is displayed when ssuuddoo is run by root
-                       with the _-_V option.
+                       with the --VV option.
 
 SSUUDDOO..CCOONNFF
        The _/_e_t_c_/_s_u_d_o_._c_o_n_f file determines which plugins the ssuuddoo front end
@@ -1682,7 +1685,7 @@ SSEECCUURRIITTYY NNOOTTEESS
 
        For example, given the following _s_u_d_o_e_r_s entry:
 
-        john   ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
+        john   ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\
              /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root
 
        User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by
@@ -1817,4 +1820,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.6                            July 10, 2012                      SUDOERS(4)
+1.8.6                            July 18, 2012                      SUDOERS(4)

doc/sudoers.ldap.cat

@@ -519,7 +519,8 @@ DDEESSCCRRIIPPTTIIOONN
            sudoers: files
 
        Note that _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f is supported even when the underlying
-       operating system does not use an nsswitch.conf file.
+       operating system does not use an nsswitch.conf file, except on AIX (see
+       below).
 
    CCoonnffiigguurriinngg nneettssvvcc..ccoonnff
        On AIX systems, the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is consulted instead of
@@ -770,4 +771,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.6                            June 29, 2012                 SUDOERS.LDAP(4)
+1.8.6                            July 17, 2012                 SUDOERS.LDAP(4)

doc/sudoers.ldap.man.in

@@ -140,7 +140,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS.LDAP @mansectform@"
-.TH SUDOERS.LDAP @mansectform@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
+.TH SUDOERS.LDAP @mansectform@ "July 17, 2012" "1.8.6" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -676,7 +676,7 @@ sudoers line, the following default is assumed:
 .Ve
 .PP
 Note that \fI@nsswitch_conf@\fR is supported even when the underlying
-operating system does not use an nsswitch.conf file.
+operating system does not use an nsswitch.conf file, except on \s-1AIX\s0 (see below).
 .SS "Configuring netsvc.conf"
 .IX Subsection "Configuring netsvc.conf"
 On \s-1AIX\s0 systems, the \fI@netsvc_conf@\fR file is consulted instead of

doc/sudoers.ldap.pod

@@ -601,7 +601,7 @@ sudoers line, the following default is assumed:
     sudoers: files
 
 Note that F<@nsswitch_conf@> is supported even when the underlying
-operating system does not use an nsswitch.conf file.
+operating system does not use an nsswitch.conf file, except on AIX (see below).
 
 =head2 Configuring netsvc.conf
 

doc/sudoers.man.in

@@ -148,7 +148,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 10, 2012" "1.8.6" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "July 18, 2012" "1.8.6" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -195,7 +195,7 @@ lookup is still done for root, not the user specified by \f(CW\*(C`SUDO_USER\*(C
 \&\fIsudoers\fR uses time stamp files for credential caching.  Once a
 user has been authenticated, a time stamp is updated and the user
 may then use sudo without a password for a short period of time
-(\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden by the \fItimeout\fR option.
+(\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden by the \fItimeout\fR option).
 By default, \fIsudoers\fR uses a tty-based time stamp which means that
 there is a separate time stamp for each of a user's login sessions.
 The \fItty_tickets\fR option can be disabled to force the use of a
@@ -650,11 +650,11 @@ however, will supercede the values in \fIsudoers\fR.
 .SS "Tag_Spec"
 .IX Subsection "Tag_Spec"
 A command may have zero or more tags associated with it.  There are
-eight possible tag values, \f(CW\*(C`NOPASSWD\*(C'\fR, \f(CW\*(C`PASSWD\*(C'\fR, \f(CW\*(C`NOEXEC\*(C'\fR,
+ten possible tag values, \f(CW\*(C`NOPASSWD\*(C'\fR, \f(CW\*(C`PASSWD\*(C'\fR, \f(CW\*(C`NOEXEC\*(C'\fR,
 \&\f(CW\*(C`EXEC\*(C'\fR, \f(CW\*(C`SETENV\*(C'\fR, \f(CW\*(C`NOSETENV\*(C'\fR, \f(CW\*(C`LOG_INPUT\*(C'\fR, \f(CW\*(C`NOLOG_INPUT\*(C'\fR,
 \&\f(CW\*(C`LOG_OUTPUT\*(C'\fR and \f(CW\*(C`NOLOG_OUTPUT\*(C'\fR.  Once a tag is set on a \f(CW\*(C`Cmnd\*(C'\fR,
 subsequent \f(CW\*(C`Cmnd\*(C'\fRs in the \f(CW\*(C`Cmnd_Spec_List\*(C'\fR, inherit the tag unless
-it is overridden by the opposite tag (i.e.: \f(CW\*(C`PASSWD\*(C'\fR overrides
+it is overridden by the opposite tag (in other words, \f(CW\*(C`PASSWD\*(C'\fR overrides
 \&\f(CW\*(C`NOPASSWD\*(C'\fR and \f(CW\*(C`NOEXEC\*(C'\fR overrides \f(CW\*(C`EXEC\*(C'\fR).
 .PP
 \fI\s-1NOPASSWD\s0 and \s-1PASSWD\s0\fR
@@ -760,7 +760,7 @@ Matches any character \fBnot\fR in the specified range.
 .el .IP "\f(CW\*(C`\ex\*(C'\fR" 8
 .IX Item "x"
 For any character \*(L"x\*(R", evaluates to \*(L"x\*(R".  This is used to
-escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R".
+escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"]\*(R".
 .PP
 \&\s-1POSIX\s0 character classes may also be used if your system's \fIglob\fR\|(3)
 and \fIfnmatch\fR\|(3) functions support them.  However, because the
@@ -817,7 +817,7 @@ themselves include other files.  A hard limit of 128 nested include
 files is enforced to prevent include file loops.
 .PP
 If the path to the include file is not fully-qualified (does not
-begin with a \fI/\fR), it must be located in the same directory as the
+begin with a \f(CW\*(C`/\*(C'\fR), it must be located in the same directory as the
 sudoers file it was included from.  For example, if \fI/etc/sudoers\fR
 contains the line:
 .Sp
@@ -828,7 +828,7 @@ contains the line:
 the file that will be included is \fI/etc/sudoers.local\fR.
 .PP
 The file name may also include the \f(CW%h\fR escape, signifying the short form
-of the host name.  I.e., if the machine's host name is \*(L"xerxes\*(R", then
+of the host name.  In other words, if the machine's host name is \*(L"xerxes\*(R", then
 .PP
 \&\f(CW\*(C`#include /etc/sudoers.%h\*(C'\fR
 .PP
@@ -854,7 +854,7 @@ problems.
 Note that unlike files included via \f(CW\*(C`#include\*(C'\fR, \fBvisudo\fR will not
 edit the files in a \f(CW\*(C`#includedir\*(C'\fR directory unless one of them
 contains a syntax error.  It is still possible to run \fBvisudo\fR
-with the \f(CW\*(C`\-f\*(C'\fR flag to edit the files directly.
+with the \fB\-f\fR flag to edit the files directly.
 .SS "Other special characters and reserved words"
 .IX Subsection "Other special characters and reserved words"
 The pound sign ('#') is used to indicate a comment (unless it is
@@ -939,7 +939,7 @@ variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR
 and \f(CW\*(C`env_check\*(C'\fR lists are then added, followed by any variables
 present in the file specified by the \fIenv_file\fR option (if any).
 The default contents of the \f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are
-displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.  If
+displayed when \fBsudo\fR is run by root with the \fB\-V\fR option.  If
 the \fIsecure_path\fR option is set, its value will be used for the
 \&\f(CW\*(C`PATH\*(C'\fR environment variable.  This flag is \fI@env_reset@\fR by
 default.
@@ -962,7 +962,8 @@ This flag is \fIoff\fR by default.
 .IP "fqdn" 16
 .IX Item "fqdn"
 Set this flag if you want to put fully qualified host names in the
-\&\fIsudoers\fR file.  I.e., instead of myhost you would use myhost.mydomain.edu.
+\&\fIsudoers\fR file.
+In other words, instead of myhost you would use myhost.mydomain.edu.
 You may still use the short form if you wish (and even mix the two).
 Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups
 which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example
@@ -975,7 +976,7 @@ command) is already fully qualified you shouldn't need to set
 \&\fIfqdn\fR.  This flag is \fI@fqdn@\fR by default.
 .IP "ignore_dot" 16
 .IX Item "ignore_dot"
-If set, \fBsudo\fR will ignore '.' or '' (current dir) in the \f(CW\*(C`PATH\*(C'\fR
+If set, \fBsudo\fR will ignore \*(L".\*(R" or "" (current dir) in the \f(CW\*(C`PATH\*(C'\fR
 environment variable; the \f(CW\*(C`PATH\*(C'\fR itself is not modified.  This
 flag is \fI@ignore_dot@\fR by default.
 .IP "ignore_local_sudoers" 16
@@ -1006,7 +1007,7 @@ input is also captured and stored in a separate log file.
 .Sp
 Input is logged to the directory specified by the \fIiolog_dir\fR
 option (\fI@iolog_dir@\fR by default) using a unique session \s-1ID\s0 that
-is included in the normal \fBsudo\fR log line, prefixed with \fITSID=\fR.
+is included in the normal \fBsudo\fR log line, prefixed with "\f(CW\*(C`TSID=\*(C'\fR".
 The \fIiolog_file\fR option may be used to control the format of the
 session \s-1ID\s0.
 .Sp
@@ -1025,7 +1026,7 @@ log files.
 .Sp
 Output is logged to the directory specified by the \fIiolog_dir\fR
 option (\fI@iolog_dir@\fR by default) using a unique session \s-1ID\s0 that
-is included in the normal \fBsudo\fR log line, prefixed with \fITSID=\fR.
+is included in the normal \fBsudo\fR log line, prefixed with "\f(CW\*(C`TSID=\*(C'\fR".
 The \fIiolog_file\fR option may be used to control the format of the
 session \s-1ID\s0.
 .Sp
@@ -1234,8 +1235,8 @@ By default, \fBsudo\fR will refuse to run if the user must enter a
 password but it is not possible to disable echo on the terminal.
 If the \fIvisiblepw\fR flag is set, \fBsudo\fR will prompt for a password
 even when it would be visible on the screen.  This makes it possible
-to run things like \f(CW"rsh somehost sudo ls"\fR since \fIrsh\fR\|(1) does
+to run things like \f(CW"ssh somehost sudo ls"\fR since by default, \fIssh\fR\|(1) does
-not allocate a tty.  This flag is \fIoff\fR by default.
+not allocate a tty when running a command.  This flag is \fIoff\fR by default.
 .PP
 \&\fBIntegers\fR:
 .IP "closefrom" 16
@@ -1619,7 +1620,7 @@ of whether the \f(CW\*(C`env_reset\*(C'\fR option is enabled or disabled, variab
 specified by \f(CW\*(C`env_check\*(C'\fR will be preserved in the environment if
 they pass the aforementioned check.  The default list of environment
 variables to check is displayed when \fBsudo\fR is run by root with
-the \fI\-V\fR option.
+the \fB\-V\fR option.
 .IP "env_delete" 16
 .IX Item "env_delete"
 Environment variables to be removed from the user's environment
@@ -1628,7 +1629,7 @@ be a double-quoted, space-separated list or a single value without
 double-quotes.  The list can be replaced, added to, deleted from,
 or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators
 respectively.  The default list of environment variables to remove
-is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.
+is displayed when \fBsudo\fR is run by root with the \fB\-V\fR option.
 Note that many operating systems will remove potentially dangerous
 variables from the environment of any setuid process (such as
 \&\fBsudo\fR).
@@ -1641,7 +1642,7 @@ The argument may be a double-quoted, space-separated list or a
 single value without double-quotes.  The list can be replaced, added
 to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and
 \&\f(CW\*(C`!\*(C'\fR operators respectively.  The default list of variables to keep
-is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.
+is displayed when \fBsudo\fR is run by root with the \fB\-V\fR option.
 .SH "SUDO.CONF"
 .IX Header "SUDO.CONF"
 The \fI@sysconfdir@/sudo.conf\fR file determines which plugins the
@@ -2054,7 +2055,7 @@ privileges.
 For example, given the following \fIsudoers\fR entry:
 .PP
 .Vb 2
-\& john   ALL = /usr/bin/passwd [a\-zA\-Z0\-9]*, /usr/bin/chsh [a\-zA\-Z0\-9]*,
+\& john   ALL = /usr/bin/passwd [a\-zA\-Z0\-9]*, /usr/bin/chsh [a\-zA\-Z0\-9]*,\e
 \&      /usr/bin/chfn [a\-zA\-Z0\-9]*, !/usr/bin/* root
 .Ve
 .PP

doc/sudoers.pod

@@ -65,7 +65,7 @@ lookup is still done for root, not the user specified by C<SUDO_USER>.
 I<sudoers> uses time stamp files for credential caching.  Once a
 user has been authenticated, a time stamp is updated and the user
 may then use sudo without a password for a short period of time
-(C<@timeout@> minutes unless overridden by the I<timeout> option.
+(C<@timeout@> minutes unless overridden by the I<timeout> option).
 By default, I<sudoers> uses a tty-based time stamp which means that
 there is a separate time stamp for each of a user's login sessions.
 The I<tty_tickets> option can be disabled to force the use of a
@@ -380,7 +380,7 @@ Parameters may be B<flags>, B<integer> values, B<strings>, or B<lists>.
 Flags are implicitly boolean and can be turned off via the '!'
 operator.  Some integer, string and list parameters may also be
 used in a boolean context to disable them.  Values may be enclosed
-in double quotes (C<">) when they contain multiple words.  Special
+in double quotes (C<"">) when they contain multiple words.  Special
 characters may be escaped with a backslash (C<\>).
 
 Lists have two additional assignment operators, C<+=> and C<-=>.
@@ -458,7 +458,7 @@ but  F</bin/kill> and F</usr/bin/lprm> as B<root>.
 We can extend this to allow B<dgb> to run C</bin/ls> with either
 the user or group set to B<operator>:
 
- dgb	boulder = (operator : operator) /bin/ls, (root) /bin/kill, \
+ dgb	boulder = (operator : operator) /bin/ls, (root) /bin/kill,\
 	/usr/bin/lprm
 
 Note that while the group portion of the C<Runas_Spec> permits the
@@ -474,7 +474,7 @@ entry.  The following would all be permitted by the sudoers entry above:
 In the following example, user B<tcm> may run commands that access
 a modem device file with the dialer group.
 
- tcm	boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \
+ tcm	boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\
 	/usr/local/bin/minicom
 
 Note that in this example only the group will be set, the command
@@ -502,11 +502,11 @@ however, will supercede the values in I<sudoers>.
 =head2 Tag_Spec
 
 A command may have zero or more tags associated with it.  There are
-eight possible tag values, C<NOPASSWD>, C<PASSWD>, C<NOEXEC>,
+ten possible tag values, C<NOPASSWD>, C<PASSWD>, C<NOEXEC>,
 C<EXEC>, C<SETENV>, C<NOSETENV>, C<LOG_INPUT>, C<NOLOG_INPUT>,
 C<LOG_OUTPUT> and C<NOLOG_OUTPUT>.  Once a tag is set on a C<Cmnd>,
 subsequent C<Cmnd>s in the C<Cmnd_Spec_List>, inherit the tag unless
-it is overridden by the opposite tag (i.e.: C<PASSWD> overrides
+it is overridden by the opposite tag (in other words, C<PASSWD> overrides
 C<NOPASSWD> and C<NOEXEC> overrides C<EXEC>).
 
 =head3 NOPASSWD and PASSWD
@@ -604,7 +604,7 @@ Matches any character B<not> in the specified range.
 =item C<\x>
 
 For any character "x", evaluates to "x".  This is used to
-escape special characters such as: "*", "?", "[", and "}".
+escape special characters such as: "*", "?", "[", and "]".
 
 =back
 
@@ -667,7 +667,7 @@ themselves include other files.  A hard limit of 128 nested include
 files is enforced to prevent include file loops.
 
 If the path to the include file is not fully-qualified (does not
-begin with a F</>), it must be located in the same directory as the
+begin with a C</>), it must be located in the same directory as the
 sudoers file it was included from.  For example, if F</etc/sudoers>
 contains the line:
 
@@ -680,7 +680,7 @@ C<#include sudoers.local>
 the file that will be included is F</etc/sudoers.local>.
 
 The file name may also include the C<%h> escape, signifying the short form
-of the host name.  I.e., if the machine's host name is "xerxes", then
+of the host name.  In other words, if the machine's host name is "xerxes", then
 
 C<#include /etc/sudoers.%h>
 
@@ -706,7 +706,7 @@ problems.
 Note that unlike files included via C<#include>, B<visudo> will not
 edit the files in a C<#includedir> directory unless one of them
 contains a syntax error.  It is still possible to run B<visudo>
-with the C<-f> flag to edit the files directly.
+with the B<-f> flag to edit the files directly.
 
 =head2 Other special characters and reserved words
 
@@ -801,7 +801,7 @@ variables in the caller's environment that match the C<env_keep>
 and C<env_check> lists are then added, followed by any variables
 present in the file specified by the I<env_file> option (if any).
 The default contents of the C<env_keep> and C<env_check> lists are
-displayed when B<sudo> is run by root with the I<-V> option.  If
+displayed when B<sudo> is run by root with the B<-V> option.  If
 the I<secure_path> option is set, its value will be used for the
 C<PATH> environment variable.  This flag is I<@env_reset@> by
 default.
@@ -826,7 +826,8 @@ This flag is I<off> by default.
 =item fqdn
 
 Set this flag if you want to put fully qualified host names in the
-I<sudoers> file.  I.e., instead of myhost you would use myhost.mydomain.edu.
+I<sudoers> file.
+In other words, instead of myhost you would use myhost.mydomain.edu.
 You may still use the short form if you wish (and even mix the two).
 Beware that turning on I<fqdn> requires B<sudo> to make DNS lookups
 which may make B<sudo> unusable if DNS stops working (for example
@@ -840,7 +841,7 @@ I<fqdn>.  This flag is I<@fqdn@> by default.
 
 =item ignore_dot
 
-If set, B<sudo> will ignore '.' or '' (current dir) in the C<PATH>
+If set, B<sudo> will ignore "." or "" (current dir) in the C<PATH>
 environment variable; the C<PATH> itself is not modified.  This
 flag is I<@ignore_dot@> by default.
 
@@ -875,7 +876,7 @@ input is also captured and stored in a separate log file.
 
 Input is logged to the directory specified by the I<iolog_dir>
 option (F<@iolog_dir@> by default) using a unique session ID that
-is included in the normal B<sudo> log line, prefixed with I<TSID=>.
+is included in the normal B<sudo> log line, prefixed with "C<TSID=>".
 The I<iolog_file> option may be used to control the format of the
 session ID.
 
@@ -895,7 +896,7 @@ log files.
 
 Output is logged to the directory specified by the I<iolog_dir>
 option (F<@iolog_dir@> by default) using a unique session ID that
-is included in the normal B<sudo> log line, prefixed with I<TSID=>.
+is included in the normal B<sudo> log line, prefixed with "C<TSID=>".
 The I<iolog_file> option may be used to control the format of the
 session ID.
 
@@ -1131,8 +1132,8 @@ By default, B<sudo> will refuse to run if the user must enter a
 password but it is not possible to disable echo on the terminal.
 If the I<visiblepw> flag is set, B<sudo> will prompt for a password
 even when it would be visible on the screen.  This makes it possible
-to run things like C<"rsh somehost sudo ls"> since L<rsh(1)> does
+to run things like C<"ssh somehost sudo ls"> since by default, L<ssh(1)> does
-not allocate a tty.  This flag is I<off> by default.
+not allocate a tty when running a command.  This flag is I<off> by default.
 
 =back
 
@@ -1282,7 +1283,7 @@ of digits and letters, similar to the mktemp() function.
 
 Subject of the mail sent to the I<mailto> user. The escape C<%h>
 will expand to the host name of the machine.
-Default is C<@mailsub@>.
+Default is "C<@mailsub@>".
 
 =item noexec_file
 
@@ -1327,7 +1328,7 @@ two consecutive C<%> characters are collapsed into a single C<%> character
 
 =back
 
-The default value is C<@passprompt@>.
+The default value is "C<@passprompt@>".
 
 =item role
 
@@ -1410,7 +1411,7 @@ path, either fully-qualified or relative to the F<@prefix@/libexec>
 directory, followed by any configuration arguments the plugin
 requires.  These arguments (if any) will be passed to the plugin's
 initialization function.  If arguments are present, the string must
-be enclosed in double quotes (C<">).
+be enclosed in double quotes (C<"">).
 
 For example, given F</etc/sudo-group>, a group file in Unix group
 format, the sample group plugin can be used:
@@ -1499,14 +1500,14 @@ Defaults to the path to sendmail found at configure time.
 =item mailfrom
 
 Address to use for the "from" address when sending warning and error
-mail.  The address should be enclosed in double quotes (C<">) to
+mail.  The address should be enclosed in double quotes (C<"">) to
 protect against B<sudo> interpreting the C<@> sign.  Defaults to
 the name of the user running B<sudo>.
 
 =item mailto
 
 Address to send warning and error mail to.  The address should
-be enclosed in double quotes (C<">) to protect against B<sudo>
+be enclosed in double quotes (C<"">) to protect against B<sudo>
 interpreting the C<@> sign.  Defaults to C<@mailto@>.
 
 =item secure_path
@@ -1577,7 +1578,7 @@ of whether the C<env_reset> option is enabled or disabled, variables
 specified by C<env_check> will be preserved in the environment if
 they pass the aforementioned check.  The default list of environment
 variables to check is displayed when B<sudo> is run by root with
-the I<-V> option.
+the B<-V> option.
 
 =item env_delete
 
@@ -1587,7 +1588,7 @@ be a double-quoted, space-separated list or a single value without
 double-quotes.  The list can be replaced, added to, deleted from,
 or disabled by using the C<=>, C<+=>, C<-=>, and C<!> operators
 respectively.  The default list of environment variables to remove
-is displayed when B<sudo> is run by root with the I<-V> option.
+is displayed when B<sudo> is run by root with the B<-V> option.
 Note that many operating systems will remove potentially dangerous
 variables from the environment of any setuid process (such as
 B<sudo>).
@@ -1601,7 +1602,7 @@ The argument may be a double-quoted, space-separated list or a
 single value without double-quotes.  The list can be replaced, added
 to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
 C<!> operators respectively.  The default list of variables to keep
-is displayed when B<sudo> is run by root with the I<-V> option.
+is displayed when B<sudo> is run by root with the B<-V> option.
 
 =back
 
@@ -1830,8 +1831,8 @@ variables to pass and then define our I<aliases>:
  Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown
  Cmnd_Alias	HALT = /usr/sbin/halt
  Cmnd_Alias	REBOOT = /usr/sbin/reboot
- Cmnd_Alias	SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+ Cmnd_Alias	SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh,\
-			 /usr/local/bin/tcsh, /usr/bin/rsh, \
+			 /usr/local/bin/tcsh, /usr/bin/rsh,\
 			 /usr/local/bin/zsh
  Cmnd_Alias	SU = /usr/bin/su
  Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
@@ -2009,7 +2010,7 @@ privileges.
 
 For example, given the following I<sudoers> entry:
 
- john	ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
+ john	ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\
       /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root
 
 User B<john> can still run C</usr/bin/passwd root> if I<fast_glob> is

doc/sudoreplay.cat

@@ -6,8 +6,8 @@ NNAAMMEE
        sudoreplay - replay sudo session logs
 
 SSYYNNOOPPSSIISS
-       ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t] [--ss
+       ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t]
-       _s_p_e_e_d___f_a_c_t_o_r] ID
+       [--ss _s_p_e_e_d___f_a_c_t_o_r] ID
 
        ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] -l [search expression]
 
@@ -61,13 +61,13 @@ OOPPTTIIOONNSS
                    the IDs that are displayed.  An expression is composed of
                    the following predicates:
 
-                   command _c_o_m_m_a_n_d _p_a_t_t_e_r_n
+                   command _p_a_t_t_e_r_n
                            Evaluates to true if the command run matches
-                           _c_o_m_m_a_n_d _p_a_t_t_e_r_n.  On systems with POSIX regular
+                           _p_a_t_t_e_r_n.  On systems with POSIX regular expression
-                           expression support, the pattern may be an extended
+                           support, the pattern may be an extended regular
-                           regular expression.  On systems without POSIX
+                           expression.  On systems without POSIX regular
-                           regular expression support, a simple substring
+                           expression support, a simple substring match is
-                           match is performed instead.
+                           performed instead.
 
                    cwd _d_i_r_e_c_t_o_r_y
                            Evaluates to true if the command was run with the
@@ -94,8 +94,9 @@ OOPPTTIIOONNSS
                            prior to _d_a_t_e.  See "Date and time format" for a
                            description of supported date and time formats.
 
-                   tty _t_t_y Evaluates to true if the command was run on the
+                   tty _t_t_y _n_a_m_e
-                           specified terminal device.  The _t_t_y should be
+                           Evaluates to true if the command was run on the
+                           specified terminal device.  The _t_t_y _n_a_m_e should be
                            specified without the _/_d_e_v_/ prefix, e.g.  _t_t_y_0_1
                            instead of _/_d_e_v_/_t_t_y_0_1.
 
@@ -114,20 +115,20 @@ OOPPTTIIOONNSS
                    _a_n_d unless separated by an _o_r.
 
        -m _m_a_x___w_a_i_t Specify an upper bound on how long to wait between key
-                   presses or output data.  By default, ssuuddoo__rreeppllaayy will
+                   presses or output data.  By default, ssuuddoorreeppllaayy will
                    accurately reproduce the delays between key presses or
                    program output.  However, this can be tedious when the
                    session includes long pauses.  When the _-_m option is
                    specified, ssuuddoorreeppllaayy will limit these pauses to at most
                    _m_a_x___w_a_i_t seconds.  The value may be specified as a floating
-                   point number, .e.g. _2_._5.
+                   point number, e.g. _2_._5.
 
        -s _s_p_e_e_d___f_a_c_t_o_r
                    This option causes ssuuddoorreeppllaayy to adjust the number of
                    seconds it will wait between key presses or program output.
                    This can be used to slow down or speed up the display.  For
                    example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as
-                   fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output
+                   fast whereas a _s_p_e_e_d___f_a_c_t_o_r of _._5 would make the output
                    twice as slow.
 
        -V          The --VV (version) option causes ssuuddoorreeppllaayy to print its
@@ -155,7 +156,7 @@ OOPPTTIIOONNSS
        optional.  If no date is specified, the current day is assumed; if no
        time is specified, the first second of the specified date is used.  The
        less significant parts of both time and date may also be omitted, in
-       which case zero is assumed.  For example, the following are all valid:
+       which case zero is assumed.
 
        The following are all valid time and date specifications:
 
@@ -223,24 +224,24 @@ FFIILLEESS
 EEXXAAMMPPLLEESS
        List sessions run by user _m_i_l_l_e_r_t:
 
-        sudoreplay -l user millert
+        # sudoreplay -l user millert
 
        List sessions run by user _b_o_b with a command containing the string vi:
 
-        sudoreplay -l user bob command vi
+        # sudoreplay -l user bob command vi
 
        List sessions run by user _j_e_f_f that match a regular expression:
 
-        sudoreplay -l user jeff command '/bin/[a-z]*sh'
+        # sudoreplay -l user jeff command '/bin/[a-z]*sh'
 
        List sessions run by jeff or bob on the console:
 
-        sudoreplay -l ( user jeff or user bob ) tty console
+        # sudoreplay -l ( user jeff or user bob ) tty console
 
 SSEEEE AALLSSOO
        _s_u_d_o(1m), _s_c_r_i_p_t(1)
 
-AAUUTTHHOORR
+AAUUTTHHOORRSS
        Todd C. Miller
 
 BBUUGGSS
@@ -261,4 +262,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.6                            June 29, 2012                  SUDOREPLAY(1m)
+1.8.6                            July 17, 2012                  SUDOREPLAY(1m)

doc/sudoreplay.man.in

@@ -139,7 +139,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOREPLAY @mansectsu@"
-.TH SUDOREPLAY @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
+.TH SUDOREPLAY @mansectsu@ "July 17, 2012" "1.8.6" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,9 +148,9 @@
 sudoreplay \- replay sudo session logs
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
-\&\fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR \fIdirectory\fR] [\fB\-f\fR \fIfilter\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0
+\&\fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR\ \fIdirectory\fR] [\fB\-f\fR\ \fIfilter\fR] [\fB\-m\fR\ \fImax_wait\fR] [\fB\-s\fR\ \fIspeed_factor\fR] \s-1ID\s0
 .PP
-\&\fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR \fIdirectory\fR] \-l [search expression]
+\&\fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR\ \fIdirectory\fR] \-l [search\ expression]
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 \&\fBsudoreplay\fR plays back or lists the output logs created by \fBsudo\fR.
@@ -183,7 +183,7 @@ Double the playback speed.
 .IP "\-d \fIdirectory\fR" 12
 .IX Item "-d directory"
 Use \fIdirectory\fR to for the session logs instead of the default,
-\&\fI/var/log/sudo\-io\fR.
+\&\fI@iolog_dir@\fR.
 .IP "\-f \fIfilter\fR" 12
 .IX Item "-f filter"
 By default, \fBsudoreplay\fR will play back the command's standard
@@ -203,9 +203,9 @@ by file name (or sequence number).  If a \fIsearch expression\fR is
 specified, it will be used to restrict the IDs that are displayed.
 An expression is composed of the following predicates:
 .RS 12
-.IP "command \fIcommand pattern\fR" 8
+.IP "command \fIpattern\fR" 8
-.IX Item "command command pattern"
+.IX Item "command pattern"
-Evaluates to true if the command run matches \fIcommand pattern\fR.
+Evaluates to true if the command run matches \fIpattern\fR.
 On systems with \s-1POSIX\s0 regular expression support, the pattern may
 be an extended regular expression.  On systems without \s-1POSIX\s0 regular
 expression support, a simple substring match is performed instead.
@@ -232,10 +232,10 @@ Note that \fBsudo\fR runs commands as user \fIroot\fR by default.
 Evaluates to true if the command was run on or prior to \fIdate\fR.
 See \*(L"Date and time format\*(R" for a description of supported
 date and time formats.
-.IP "tty \fItty\fR" 8
+.IP "tty \fItty name\fR" 8
-.IX Item "tty tty"
+.IX Item "tty tty name"
 Evaluates to true if the command was run on the specified terminal
-device.  The \fItty\fR should be specified without the \fI/dev/\fR prefix,
+device.  The \fItty name\fR should be specified without the \fI/dev/\fR prefix,
 e.g.  \fItty01\fR instead of \fI/dev/tty01\fR.
 .IP "user \fIuser name\fR" 8
 .IX Item "user user name"
@@ -255,19 +255,19 @@ by an \fIor\fR.
 .IP "\-m \fImax_wait\fR" 12
 .IX Item "-m max_wait"
 Specify an upper bound on how long to wait between key presses or
-output data.  By default, \fBsudo_replay\fR will accurately reproduce
+output data.  By default, \fBsudoreplay\fR will accurately reproduce
 the delays between key presses or program output.  However, this
 can be tedious when the session includes long pauses.  When the
 \&\fI\-m\fR option is specified, \fBsudoreplay\fR will limit these pauses
 to at most \fImax_wait\fR seconds.  The value may be specified as a
-floating point number, .e.g. \fI2.5\fR.
+floating point number, e.g. \fI2.5\fR.
 .IP "\-s \fIspeed_factor\fR" 12
 .IX Item "-s speed_factor"
 This option causes \fBsudoreplay\fR to adjust the number of seconds
 it will wait between key presses or program output.  This can be
 used to slow down or speed up the display.  For example, a
 \&\fIspeed_factor\fR of \fI2\fR would make the output twice as fast whereas
-a \fIspeed_factor\fR of <.5> would make the output twice as slow.
+a \fIspeed_factor\fR of \fI.5\fR would make the output twice as slow.
 .IP "\-V" 12
 .IX Item "-V"
 The \fB\-V\fR (version) option causes \fBsudoreplay\fR to print its version number
@@ -294,8 +294,7 @@ Either time or date may be omitted, the am/pm and timezone are
 optional.  If no date is specified, the current day is assumed; if
 no time is specified, the first second of the specified date is
 used.  The less significant parts of both time and date may also
-be omitted, in which case zero is assumed.  For example, the following
+be omitted, in which case zero is assumed.
-are all valid:
 .PP
 The following are all valid time and date specifications:
 .IP "now" 8
@@ -336,29 +335,37 @@ The current time but 14 days ago.
 10:01 am, September 17, 2009.
 .SH "FILES"
 .IX Header "FILES"
-.IP "\fI/var/log/sudo\-io\fR" 24
+.ie n .IP "\fI@iolog_dir@\fR" 24
-.IX Item "/var/log/sudo-io"
+.el .IP "\fI@iolog_dir@\fR" 24
+.IX Item "@iolog_dir@"
 The default I/O log directory.
-.IP "\fI/var/log/sudo\-io/00/00/01/log\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/log\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/log"
+.el .IP "\fI@iolog_dir@/00/00/01/log\fR" 24
+.IX Item "@iolog_dir@/00/00/01/log"
 Example session log info.
-.IP "\fI/var/log/sudo\-io/00/00/01/stdin\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/stdin\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/stdin"
+.el .IP "\fI@iolog_dir@/00/00/01/stdin\fR" 24
+.IX Item "@iolog_dir@/00/00/01/stdin"
 Example session standard input log.
-.IP "\fI/var/log/sudo\-io/00/00/01/stdout\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/stdout\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/stdout"
+.el .IP "\fI@iolog_dir@/00/00/01/stdout\fR" 24
+.IX Item "@iolog_dir@/00/00/01/stdout"
 Example session standard output log.
-.IP "\fI/var/log/sudo\-io/00/00/01/stderr\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/stderr\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/stderr"
+.el .IP "\fI@iolog_dir@/00/00/01/stderr\fR" 24
+.IX Item "@iolog_dir@/00/00/01/stderr"
 Example session standard error log.
-.IP "\fI/var/log/sudo\-io/00/00/01/ttyin\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/ttyin\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/ttyin"
+.el .IP "\fI@iolog_dir@/00/00/01/ttyin\fR" 24
+.IX Item "@iolog_dir@/00/00/01/ttyin"
 Example session tty input file.
-.IP "\fI/var/log/sudo\-io/00/00/01/ttyout\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/ttyout\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/ttyout"
+.el .IP "\fI@iolog_dir@/00/00/01/ttyout\fR" 24
+.IX Item "@iolog_dir@/00/00/01/ttyout"
 Example session tty output file.
-.IP "\fI/var/log/sudo\-io/00/00/01/timing\fR" 24
+.ie n .IP "\fI@iolog_dir@/00/00/01/timing\fR" 24
-.IX Item "/var/log/sudo-io/00/00/01/timing"
+.el .IP "\fI@iolog_dir@/00/00/01/timing\fR" 24
+.IX Item "@iolog_dir@/00/00/01/timing"
 Example session timing file.
 .PP
 Note that the \fIstdin\fR, \fIstdout\fR and \fIstderr\fR files will be empty
@@ -369,31 +376,31 @@ command.
 List sessions run by user \fImillert\fR:
 .PP
 .Vb 1
-\& sudoreplay \-l user millert
+\& # sudoreplay \-l user millert
 .Ve
 .PP
 List sessions run by user \fIbob\fR with a command containing the string vi:
 .PP
 .Vb 1
-\& sudoreplay \-l user bob command vi
+\& # sudoreplay \-l user bob command vi
 .Ve
 .PP
 List sessions run by user \fIjeff\fR that match a regular expression:
 .PP
 .Vb 1
-\& sudoreplay \-l user jeff command \*(Aq/bin/[a\-z]*sh\*(Aq
+\& # sudoreplay \-l user jeff command \*(Aq/bin/[a\-z]*sh\*(Aq
 .Ve
 .PP
 List sessions run by jeff or bob on the console:
 .PP
 .Vb 1
-\& sudoreplay \-l ( user jeff or user bob ) tty console
+\& # sudoreplay \-l ( user jeff or user bob ) tty console
 .Ve
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIsudo\fR\|(@mansectsu@), \fIscript\fR\|(1)
-.SH "AUTHOR"
+.SH "AUTHORS"
-.IX Header "AUTHOR"
+.IX Header "AUTHORS"
 Todd C. Miller
 .SH "BUGS"
 .IX Header "BUGS"

doc/sudoreplay.pod

@@ -21,9 +21,9 @@ sudoreplay - replay sudo session logs
 
 =head1 SYNOPSIS
 
-B<sudoreplay> [B<-h>] [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID
+B<sudoreplay> [B<-h>] S<[B<-d> I<directory>]> S<[B<-f> I<filter>]> S<[B<-m> I<max_wait>]> S<[B<-s> I<speed_factor>]> ID
 
-B<sudoreplay> [B<-h>] [B<-d> I<directory>] -l [search expression]
+B<sudoreplay> [B<-h>] S<[B<-d> I<directory>]> -l S<[search expression]>
 
 =head1 DESCRIPTION
 
@@ -70,7 +70,7 @@ B<sudoreplay> accepts the following command line options:
 =item -d I<directory>
 
 Use I<directory> to for the session logs instead of the default,
-F</var/log/sudo-io>.
+F<@iolog_dir@>.
 
 =item -f I<filter>
 
@@ -95,9 +95,9 @@ An expression is composed of the following predicates:
 
 =over 8
 
-=item command I<command pattern>
+=item command I<pattern>
 
-Evaluates to true if the command run matches I<command pattern>.
+Evaluates to true if the command run matches I<pattern>.
 On systems with POSIX regular expression support, the pattern may
 be an extended regular expression.  On systems without POSIX regular
 expression support, a simple substring match is performed instead.
@@ -130,10 +130,10 @@ Evaluates to true if the command was run on or prior to I<date>.
 See L<"Date and time format"> for a description of supported
 date and time formats.
 
-=item tty I<tty>
+=item tty I<tty name>
 
 Evaluates to true if the command was run on the specified terminal
-device.  The I<tty> should be specified without the F</dev/> prefix,
+device.  The I<tty name> should be specified without the F</dev/> prefix,
 e.g.  F<tty01> instead of F</dev/tty01>.
 
 =item user I<user name>
@@ -154,12 +154,12 @@ by an I<or>.
 =item -m I<max_wait>
 
 Specify an upper bound on how long to wait between key presses or
-output data.  By default, B<sudo_replay> will accurately reproduce
+output data.  By default, B<sudoreplay> will accurately reproduce
 the delays between key presses or program output.  However, this
 can be tedious when the session includes long pauses.  When the
 I<-m> option is specified, B<sudoreplay> will limit these pauses
 to at most I<max_wait> seconds.  The value may be specified as a
-floating point number, .e.g. I<2.5>.
+floating point number, e.g. I<2.5>.
 
 =item -s I<speed_factor>
 
@@ -167,7 +167,7 @@ This option causes B<sudoreplay> to adjust the number of seconds
 it will wait between key presses or program output.  This can be
 used to slow down or speed up the display.  For example, a
 I<speed_factor> of I<2> would make the output twice as fast whereas
-a I<speed_factor> of <.5> would make the output twice as slow.
+a I<speed_factor> of I<.5> would make the output twice as slow.
 
 =item -V
 
@@ -206,8 +206,7 @@ Either time or date may be omitted, the am/pm and timezone are
 optional.  If no date is specified, the current day is assumed; if
 no time is specified, the first second of the specified date is
 used.  The less significant parts of both time and date may also
-be omitted, in which case zero is assumed.  For example, the following
+be omitted, in which case zero is assumed.
-are all valid:
 
 The following are all valid time and date specifications:
 
@@ -267,35 +266,35 @@ The current time but 14 days ago.
 
 =over 24
 
-=item F</var/log/sudo-io>
+=item F<@iolog_dir@>
 
 The default I/O log directory.
 
-=item F</var/log/sudo-io/00/00/01/log>
+=item F<@iolog_dir@/00/00/01/log>
 
 Example session log info.
 
-=item F</var/log/sudo-io/00/00/01/stdin>
+=item F<@iolog_dir@/00/00/01/stdin>
 
 Example session standard input log.
 
-=item F</var/log/sudo-io/00/00/01/stdout>
+=item F<@iolog_dir@/00/00/01/stdout>
 
 Example session standard output log.
 
-=item F</var/log/sudo-io/00/00/01/stderr>
+=item F<@iolog_dir@/00/00/01/stderr>
 
 Example session standard error log.
 
-=item F</var/log/sudo-io/00/00/01/ttyin>
+=item F<@iolog_dir@/00/00/01/ttyin>
 
 Example session tty input file.
 
-=item F</var/log/sudo-io/00/00/01/ttyout>
+=item F<@iolog_dir@/00/00/01/ttyout>
 
 Example session tty output file.
 
-=item F</var/log/sudo-io/00/00/01/timing>
+=item F<@iolog_dir@/00/00/01/timing>
 
 Example session timing file.
 
@@ -309,25 +308,25 @@ command.
 
 List sessions run by user I<millert>:
 
- sudoreplay -l user millert
+ # sudoreplay -l user millert
 
 List sessions run by user I<bob> with a command containing the string vi:
 
- sudoreplay -l user bob command vi
+ # sudoreplay -l user bob command vi
 
 List sessions run by user I<jeff> that match a regular expression:
 
- sudoreplay -l user jeff command '/bin/[a-z]*sh'
+ # sudoreplay -l user jeff command '/bin/[a-z]*sh'
 
 List sessions run by jeff or bob on the console:
 
- sudoreplay -l ( user jeff or user bob ) tty console
+ # sudoreplay -l ( user jeff or user bob ) tty console
 
 =head1 SEE ALSO
 
 L<sudo(8)>, L<script(1)>
 
-=head1 AUTHOR
+=head1 AUTHORS
 
 Todd C. Miller
 

doc/visudo.cat

@@ -95,10 +95,10 @@ DDIIAAGGNNOOSSTTIICCSS
            You didn't run vviissuuddoo as root.
 
        Can't find you in the passwd database
-           Your userid does not appear in the system passwd file.
+           Your user ID does not appear in the system passwd file.
 
        Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
-           Either you are trying to use an undeclare
+           Either you are trying to use an undeclared
            {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
            that consists solely of uppercase letters, digits, and the
            underscore ('_') character.  In the latter case, you can ignore the
@@ -119,15 +119,15 @@ DDIIAAGGNNOOSSTTIICCSS
 SSEEEE AALLSSOO
        _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(1m)
 
-AAUUTTHHOORR
+AAUUTTHHOORRSS
        Many people have worked on ssuuddoo over the years; this version of vviissuuddoo
        was written by:
 
-        Todd Miller
+        Todd C. Miller
 
        See the CONTRIBUTORS file in the ssuuddoo distribution
-       (http://www.sudo.ws/sudo/contributors.html) for a list of people who
+       (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
-       have contributed to ssuuddoo.
+       people who have contributed to ssuuddoo.
 
 CCAAVVEEAATTSS
        There is no easy way to prevent a user from gaining a root shell if the
@@ -151,4 +151,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.6                            June 29, 2012                      VISUDO(1m)
+1.8.6                            July 13, 2012                      VISUDO(1m)

doc/visudo.man.in

@@ -144,7 +144,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "June 29, 2012" "1.8.6" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "July 13, 2012" "1.8.6" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -258,10 +258,10 @@ Someone else is currently editing the \fIsudoers\fR file.
 You didn't run \fBvisudo\fR as root.
 .IP "Can't find you in the passwd database" 4
 .IX Item "Can't find you in the passwd database"
-Your userid does not appear in the system passwd file.
+Your user \s-1ID\s0 does not appear in the system passwd file.
 .IP "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" 4
 .IX Item "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined"
-Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias
+Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
 or you have a user or host name listed that consists solely of
 uppercase letters, digits, and the underscore ('_') character.  In
 the latter case, you can ignore the warnings (\fBsudo\fR will not
@@ -280,17 +280,17 @@ the \fIsudoers\fR file.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(@mansectsu@)
-.SH "AUTHOR"
+.SH "AUTHORS"
-.IX Header "AUTHOR"
+.IX Header "AUTHORS"
 Many people have worked on \fBsudo\fR over the years; this version of
 \&\fBvisudo\fR was written by:
 .PP
 .Vb 1
-\& Todd Miller
+\& Todd C. Miller
 .Ve
 .PP
 See the \s-1CONTRIBUTORS\s0 file in the \fBsudo\fR distribution
-(http://www.sudo.ws/sudo/contributors.html) for a list of people
+(http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people
 who have contributed to \fBsudo\fR.
 .SH "CAVEATS"
 .IX Header "CAVEATS"

doc/visudo.pod

@@ -156,11 +156,11 @@ You didn't run B<visudo> as root.
 
 =item Can't find you in the passwd database
 
-Your userid does not appear in the system passwd file.
+Your user ID does not appear in the system passwd file.
 
 =item Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
 
-Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias
+Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
 or you have a user or host name listed that consists solely of
 uppercase letters, digits, and the underscore ('_') character.  In
 the latter case, you can ignore the warnings (B<sudo> will not
@@ -185,15 +185,15 @@ the I<sudoers> file.
 
 L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>
 
-=head1 AUTHOR
+=head1 AUTHORS
 
 Many people have worked on B<sudo> over the years; this version of
 B<visudo> was written by:
 
- Todd Miller
+ Todd C. Miller
 
 See the CONTRIBUTORS file in the B<sudo> distribution
-(http://www.sudo.ws/sudo/contributors.html) for a list of people
+(http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people
 who have contributed to B<sudo>.
 
 =head1 CAVEATS