From dc0f16dbc4a7e626d1de33335839a723e6b78220 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 9 Feb 2025 14:32:53 -0700 Subject: [PATCH] Avoid using ".It Li foo ..." in sudo manuals. The .Li macro is deprecated and makes no difference on terminal devices. Also avoid using items greater than 80 characters which will wrap incorrectly. Bug #1075. --- docs/sudo.mdoc.in | 80 +++++++++++++++++++++++++++++++++++---------- docs/visudo.mdoc.in | 18 +++++----- 2 files changed, 72 insertions(+), 26 deletions(-) diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in index 12eb65830..059d760f4 100644 --- a/docs/sudo.mdoc.in +++ b/docs/sudo.mdoc.in @@ -1426,8 +1426,9 @@ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" Error messages produced by .Nm include: -.Bl -tag -width 4n -.It Li editing files in a writable directory is not permitted +.Pp +editing files in a writable directory is not permitted +.Bd -ragged -offset 4n -compact By default, .Nm sudoedit does not permit editing a file when any of the parent directories are writable @@ -1439,7 +1440,10 @@ See the option in .Xr sudoers @mansectform@ for more information. -.It Li editing symbolic links is not permitted +.Ed +.Pp +editing symbolic links is not permitted +.Bd -ragged -offset 4n -compact By default, .Nm sudoedit does not follow symbolic links when opening files. @@ -1448,7 +1452,10 @@ See the option in .Xr sudoers @mansectform@ for more information. -.It Li effective uid is not 0, is sudo installed setuid root? +.Ed +.Pp +effective uid is not 0, is sudo installed setuid root? +.Bd -ragged -offset 4n -compact .Nm was not run with root privileges. The @@ -1457,7 +1464,11 @@ binary must be owned by the root user and have the set-user-ID bit set. Also, it must not be located on a file system mounted with the .Sq nosuid option or on an NFS file system that maps uid 0 to an unprivileged uid. -.It Li effective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? +.Ed +.Pp +effective uid is not 0, is sudo on a file system with the 'nosuid' +option set or an NFS file system without root privileges? +.Bd -ragged -offset 4n -compact .Nm was not run with root privileges. The @@ -1469,10 +1480,16 @@ The most common reason for this is that the file system the binary is located on is mounted with the .Sq nosuid option or it is an NFS file system that maps uid 0 to an unprivileged uid. -.It Li fatal error, unable to load plugins +.Ed +.Pp +fatal error, unable to load plugins +.Bd -ragged -offset 4n -compact An error occurred while loading or initializing the plugins specified in .Xr sudo.conf @mansectform@ . -.It Li invalid environment variable name +.Ed +.Pp +invalid environment variable name +.Bd -ragged -offset 4n -compact One or more environment variable names specified via the .Fl E option contained an equal sign @@ -1480,7 +1497,10 @@ option contained an equal sign The arguments to the .Fl E option should be environment variable names without an associated value. -.It Li no password was provided +.Ed +.Pp +no password was provided +.Bd -ragged -offset 4n -compact When .Nm tried to read the password, it did not receive any characters. @@ -1488,7 +1508,10 @@ This may happen if no terminal is available (or the .Fl S option is specified) and the standard input has been redirected from .Pa /dev/null . -.It Li a terminal is required to read the password +.Ed +.Pp +a terminal is required to read the password +.Bd -ragged -offset 4n -compact .Nm needs to read the password but there is no mechanism available for it to do so. @@ -1511,11 +1534,19 @@ an askpass helper can be configured via either the file or by setting the .Ev SUDO_ASKPASS environment variable. -.It Li no writable temporary directory found +.Ed +.Pp +no writable temporary directory found +.Bd -ragged -offset 4n -compact .Nm sudoedit was unable to find a usable temporary directory in which to store its intermediate files. -.It Li The Do "no new privileges" Dc "flag is set, which prevents sudo from running as root." +.Ed +.Pp +The +.Dq no new privileges +flag is set, which prevents sudo from running as root. +.Bd -ragged -offset 4n -compact .Nm was run by a process that has the Linux .Dq no new privileges @@ -1529,27 +1560,42 @@ The most likely cause for this is running within a container that sets this flag. Check the documentation to see if it is possible to configure the container such that the flag is not set. -.It Li sudo must be owned by uid 0 and have the setuid bit set +.Ed +.Pp +sudo must be owned by uid 0 and have the setuid bit set +.Bd -ragged -offset 4n -compact .Nm was not run with root privileges. The .Nm binary does not have the correct owner or permissions. It must be owned by the root user and have the set-user-ID bit set. -.It Li sudoedit is not supported on this platform +.Ed +.Pp +sudoedit is not supported on this platform +.Bd -ragged -offset 4n -compact It is only possible to run .Nm sudoedit on systems that support setting the effective user-ID. -.It Li timed out reading password +.Ed +.Pp +timed out reading password +.Bd -ragged -offset 4n -compact The user did not enter a password before the password timeout (5 minutes by default) expired. -.It Li you do not exist in the passwd database +.Ed +.Pp +you do not exist in the passwd database +.Bd -ragged -offset 4n -compact Your user-ID does not appear in the system passwd database. -.It Li you may not specify environment variables in edit mode +.Ed +.Pp +you may not specify environment variables in edit mode +.Bd -ragged -offset 4n -compact It is only possible to specify environment variables when running a .Ar command . When editing a file, the editor is run with the user's environment unmodified. -.El +.Ed .Sh SEE ALSO .Xr su 1 , .Xr stat 2 , diff --git a/docs/visudo.mdoc.in b/docs/visudo.mdoc.in index 6bcc2c86e..4eab9557c 100644 --- a/docs/visudo.mdoc.in +++ b/docs/visudo.mdoc.in @@ -398,17 +398,17 @@ syntax errors, .Nm may produce the following messages: .Bl -tag -width 4n -.It Li sudoers file busy, try again later. +.It sudoers file busy, try again later. Someone else is currently editing the .Em sudoers file. -.It Li @sysconfdir@/sudoers: Permission denied +.It @sysconfdir@/sudoers: Permission denied You didn't run .Nm as root. -.It Li you do not exist in the passwd database +.It you do not exist in the passwd database Your user-ID does not appear in the system passwd database. -.It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined +.It Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of uppercase letters, digits, and the underscore @@ -425,14 +425,14 @@ file and the line number where the undefined alias was used. In .Fl s (strict) mode these are errors, not warnings. -.It Li Warning: unused {User,Runas,Host,Cmnd}_Alias +.It Warning: unused {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias was defined but never used. The message is prefixed with the path name of the .Em sudoers file and the line number where the unused alias was defined. You may wish to comment out or remove the unused alias. -.It Li Warning: cycle in {User,Runas,Host,Cmnd}_Alias +.It Warning: cycle in {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, either directly or through an alias it includes. The message is prefixed with the path name of the @@ -448,7 +448,7 @@ will ignore cycles when parsing the .Em sudoers file. -.It Li ignoring editor backup file +.It ignoring editor backup file While processing a .Em @includedir or @@ -461,7 +461,7 @@ Such files are skipped by .Nm sudo and .Nm . -.It Li ignoring file name containing '.' +.It ignoring file name containing '.' While processing a .Em @includedir or @@ -473,7 +473,7 @@ Such files are skipped by .Nm sudo and .Nm . -.It Li unknown defaults entry \&"name\&" +.It unknown defaults entry \&"name\&" The .Em sudoers file contains a