mirror of
https://github.com/sudo-project/sudo.git
synced 2025-09-04 00:05:11 +00:00
Fix some typos.
Describe error messages not related to policy permissions.
This commit is contained in:
Todd C. Miller
@@ -615,7 +615,7 @@ fully qualified path name ending in a
|
|||||||
When you specify a directory in a
|
When you specify a directory in a
|
||||||
.Li Cmnd_List ,
|
.Li Cmnd_List ,
|
||||||
the user will be able to run any file within that directory
|
the user will be able to run any file within that directory
|
||||||
(but not in any subdirectories therein).
|
(but not in any sub-directories therein).
|
||||||
.Pp
|
.Pp
|
||||||
If a
|
If a
|
||||||
.Li Cmnd
|
.Li Cmnd
|
||||||
@@ -642,7 +642,7 @@ option (or as
|
|||||||
It may take command line arguments just as a normal command does.
|
It may take command line arguments just as a normal command does.
|
||||||
.Ss Defaults
|
.Ss Defaults
|
||||||
Certain configuration options may be changed from their default
|
Certain configuration options may be changed from their default
|
||||||
values at runtime via one or more
|
values at run-time via one or more
|
||||||
.Li Default_Entry
|
.Li Default_Entry
|
||||||
lines.
|
lines.
|
||||||
These may affect all users on any host, all users on a specific host, a
|
These may affect all users on any host, all users on a specific host, a
|
||||||
@@ -901,7 +901,7 @@ type is specified with the command it will override any default values
|
|||||||
specified in
|
specified in
|
||||||
.Em sudoers .
|
.Em sudoers .
|
||||||
A role or type specified on the command line,
|
A role or type specified on the command line,
|
||||||
however, will supercede the values in
|
however, will supersede the values in
|
||||||
.Em sudoers .
|
.Em sudoers .
|
||||||
.Ss Solaris_Priv_Spec
|
.Ss Solaris_Priv_Spec
|
||||||
On Solaris systems,
|
On Solaris systems,
|
||||||
@@ -1032,7 +1032,11 @@ Additionally, a user may only run
|
|||||||
without a password if the
|
without a password if the
|
||||||
.Li NOPASSWD
|
.Li NOPASSWD
|
||||||
tag is present for all a user's entries that pertain to the current host.
|
tag is present for all a user's entries that pertain to the current host.
|
||||||
This behavior may be overridden via the verifypw and listpw options.
|
This behavior may be overridden via the
|
||||||
|
.Em verifypw
|
||||||
|
and
|
||||||
|
.Em listpw
|
||||||
|
options.
|
||||||
.Pp
|
.Pp
|
||||||
.Em NOEXEC and EXEC
|
.Em NOEXEC and EXEC
|
||||||
.Pp
|
.Pp
|
||||||
@@ -1212,7 +1216,7 @@ It will also allow:
|
|||||||
$ sudo cat /var/log/messages /etc/shadow
|
$ sudo cat /var/log/messages /etc/shadow
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
which is probaby not what was intended.
|
which is probably not what was intended.
|
||||||
.Ss Exceptions to wildcard rules
|
.Ss Exceptions to wildcard rules
|
||||||
The following exceptions apply to the above rules:
|
The following exceptions apply to the above rules:
|
||||||
.Bl -tag -width 8n
|
.Bl -tag -width 8n
|
||||||
@@ -2479,7 +2483,7 @@ context to run the command.
|
|||||||
The default type may be overridden on a per-command basis in
|
The default type may be overridden on a per-command basis in
|
||||||
.Em sudoers
|
.Em sudoers
|
||||||
or via command line options.
|
or via command line options.
|
||||||
This option is only available whe
|
This option is only available when
|
||||||
.Nm sudo
|
.Nm sudo
|
||||||
is built with SELinux support.
|
is built with SELinux support.
|
||||||
.El
|
.El
|
||||||
@@ -2803,7 +2807,7 @@ can log events using either
|
|||||||
.Xr syslog 3
|
.Xr syslog 3
|
||||||
or a simple log file.
|
or a simple log file.
|
||||||
In each case the log format is almost identical.
|
In each case the log format is almost identical.
|
||||||
.Ss Command log entries
|
.Ss Accepted command log entries
|
||||||
Commands that sudo runs are logged using the following format (split
|
Commands that sudo runs are logged using the following format (split
|
||||||
into multiple lines for readability):
|
into multiple lines for readability):
|
||||||
.Bd -literal -offset 4n
|
.Bd -literal -offset 4n
|
||||||
@@ -2878,10 +2882,10 @@ Messages are logged using the locale specified by
|
|||||||
which defaults to the
|
which defaults to the
|
||||||
.Dq Li C
|
.Dq Li C
|
||||||
locale.
|
locale.
|
||||||
.Ss Error log entries
|
.Ss Denied command log entries
|
||||||
If there was a problem running the command, an error string will follow
|
If the user is not allowed to run the command, the reason for the denial
|
||||||
the user name.
|
will follow the user name.
|
||||||
Possible errors include:
|
Possible reasons include:
|
||||||
.Bl -tag -width 4
|
.Bl -tag -width 4
|
||||||
.It user NOT in sudoers
|
.It user NOT in sudoers
|
||||||
The user is not listed in the
|
The user is not listed in the
|
||||||
@@ -2893,8 +2897,7 @@ The user is listed in the
|
|||||||
file but is not allowed to run commands on the host.
|
file but is not allowed to run commands on the host.
|
||||||
.It command not allowed
|
.It command not allowed
|
||||||
The user is listed in the
|
The user is listed in the
|
||||||
.Em
|
.Em sudoers
|
||||||
sudoers
|
|
||||||
file for the host but they are not allowed to run the specified command.
|
file for the host but they are not allowed to run the specified command.
|
||||||
.It 3 incorrect password attempts
|
.It 3 incorrect password attempts
|
||||||
The user failed to enter their password after 3 tries.
|
The user failed to enter their password after 3 tries.
|
||||||
@@ -2906,6 +2909,103 @@ option.
|
|||||||
.Nm sudo Ns No 's
|
.Nm sudo Ns No 's
|
||||||
.Fl n
|
.Fl n
|
||||||
option was specified but a password was required.
|
option was specified but a password was required.
|
||||||
|
.It sorry, you are not allowed to set the following environment variables
|
||||||
|
The user specified environment variables on the command line that
|
||||||
|
were not allowed by
|
||||||
|
.Em sudoers .
|
||||||
|
.El
|
||||||
|
.Ss Error log entries
|
||||||
|
If an error occurs,
|
||||||
|
.Nm sudoers
|
||||||
|
will log a message and, in most cases, send a message to the
|
||||||
|
administrator via email.
|
||||||
|
Possible errors include:
|
||||||
|
.Bl -tag -width 4
|
||||||
|
.It parse error in @sysconfdir@/sudoers near line N
|
||||||
|
.Nm sudoers
|
||||||
|
encountered an error when parsing the specified file.
|
||||||
|
In some cases, the actual error may be one line above or below the
|
||||||
|
line number listed, depending on the type of error.
|
||||||
|
.It problem with defaults entries
|
||||||
|
The sudoers file contains one or more unknown Defaults settings.
|
||||||
|
This does not prevent
|
||||||
|
.Nm sudo
|
||||||
|
from running, but the sudoers file should be checked using
|
||||||
|
.Nm visudo .
|
||||||
|
.It timestamp owner (@timestampowner@): \&No such user
|
||||||
|
The time stamp directory owner, which defaults to
|
||||||
|
@timestampowner@ but which may be specified via the
|
||||||
|
.Em timestampowner
|
||||||
|
setting, could not be found in the password database.
|
||||||
|
.It unable to open/read @sysconfdir@/sudoers
|
||||||
|
The sudoers file could not be opened for reading.
|
||||||
|
This can happen when the sudoers file is located on a remote
|
||||||
|
file system that maps user ID 0 to a different value.
|
||||||
|
Normally,
|
||||||
|
.Nm sudoers
|
||||||
|
tries to open sudoers using group permissions to avoid this problem.
|
||||||
|
Consider changing the ownership of
|
||||||
|
.Pa @sysconfdir@/sudoers
|
||||||
|
by adding an option like
|
||||||
|
.Dq sudoers_uid=N
|
||||||
|
(where
|
||||||
|
.Sq N
|
||||||
|
is the user ID that owns the sudoers file)
|
||||||
|
to the
|
||||||
|
.Nm sudoers
|
||||||
|
plugin line in the
|
||||||
|
.Pa @sysconfdir@/sudo.conf
|
||||||
|
file.
|
||||||
|
.It unable to stat @sysconfdir@/sudoers
|
||||||
|
The
|
||||||
|
.Pa @sysconfdir@/sudoers
|
||||||
|
file is missing.
|
||||||
|
.It @sysconfdir@/sudoers is not a regular file
|
||||||
|
The
|
||||||
|
.Pa @sysconfdir@/sudoers
|
||||||
|
file exists but is not a regular file or symbolic link.
|
||||||
|
.It @sysconfdir@/sudoers is owned by uid N, should be 0
|
||||||
|
The sudoers file has the wrong owner.
|
||||||
|
If you wish to change the sudoers file owner, please add
|
||||||
|
.Dq sudoers_uid=N
|
||||||
|
(where
|
||||||
|
.Sq N
|
||||||
|
is the user ID that owns the sudoers file) to the
|
||||||
|
.Nm sudoers
|
||||||
|
plugin line in the
|
||||||
|
.Pa @sysconfdir@/sudo.conf
|
||||||
|
file.
|
||||||
|
.It @sysconfdir@/sudoers is world writable
|
||||||
|
The permissions on the sudoers file allow all users to write to it.
|
||||||
|
The sudoers file must not be world-writable, the default file mode
|
||||||
|
is 0440 (readable by owner and group, writable by none).
|
||||||
|
The default mode may be changed via the
|
||||||
|
.Dq sudoers_mode
|
||||||
|
option to the
|
||||||
|
.Nm sudoers
|
||||||
|
plugin line in the
|
||||||
|
.Pa @sysconfdir@/sudo.conf
|
||||||
|
file.
|
||||||
|
.It @sysconfdir@/sudoers is owned by gid N, should be 1
|
||||||
|
The sudoers file has the wrong group ownership.
|
||||||
|
If you wish to change the sudoers file group ownership, please add
|
||||||
|
.Dq sudoers_gid=N
|
||||||
|
(where
|
||||||
|
.Sq N
|
||||||
|
is the group ID that owns the sudoers file) to the
|
||||||
|
.Nm sudoers
|
||||||
|
plugin line in the
|
||||||
|
.Pa @sysconfdir@/sudo.conf
|
||||||
|
file.
|
||||||
|
.It unable to open @timedir@/username/ttyname
|
||||||
|
.Em sudoers
|
||||||
|
was unable to read or create the user's time stamp file.
|
||||||
|
.It unable to write to @timedir@/username/ttyname
|
||||||
|
.Em sudoers
|
||||||
|
was unable to write to the user's time stamp file.
|
||||||
|
.It unable to mkdir to @timedir@/username
|
||||||
|
.Em sudoers
|
||||||
|
was unable to create the user's time stamp directory.
|
||||||
.El
|
.El
|
||||||
.Ss Notes on logging via syslog
|
.Ss Notes on logging via syslog
|
||||||
By default,
|
By default,
|
||||||
|
|||||||
Reference in New Issue
Block a user