mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 23:05:17 +00:00
Code Issues Releases Wiki Activity

Refer to command line options, not flags.

Browse Source
This commit is contained in:
Todd C. Miller
2019-06-20 16:12:32 -06:00
parent 646f09d74d
commit e11fa62cdc
2 changed files with 50 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
doc/sudo_plugin.man.in
View File

@@ -2,7 +2,7 @@
.\" .\"
.\" SPDX-License-Identifier: ISC .\" SPDX-License-Identifier: ISC
.\" .\"
.\" Copyright (c) 2009-2018 Todd C. Miller <Todd.Miller@sudo.ws> .\" Copyright (c) 2009-2019 Todd C. Miller <Todd.Miller@sudo.ws>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.TH "SUDO_PLUGIN" "5" "October 24, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDO_PLUGIN" "5" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -165,9 +165,9 @@ strings.
The vector is terminated by a The vector is terminated by a
\fRNULL\fR \fRNULL\fR
pointer. pointer.
These settings correspond to flags the user specified when running These settings correspond to options the user specified when running
\fBsudo\fR. \fBsudo\fR.
As such, they will only be present when the corresponding flag has As such, they will only be present when the corresponding option has
been specified on the command line. been specified on the command line.
.sp .sp
When parsing When parsing
@@ -189,7 +189,7 @@ might.
bsdauth_type=string bsdauth_type=string
Authentication type, if specified by the Authentication type, if specified by the
\fB\-a\fR \fB\-a\fR
flag, to use on option, to use on
systems where systems where
BSD BSD
authentication is supported. authentication is supported.
@@ -198,7 +198,7 @@ authentication is supported.
closefrom=number closefrom=number
If specified, the user has requested via the If specified, the user has requested via the
\fB\-C\fR \fB\-C\fR
flag that option that
\fBsudo\fR \fBsudo\fR
close all files descriptors with a value of close all files descriptors with a value of
\fInumber\fR \fInumber\fR
@@ -249,7 +249,7 @@ This setting has been deprecated in favor of
ignore_ticket=bool ignore_ticket=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-k\fR \fB\-k\fR
flag along with a option along with a
command, indicating that the user wishes to ignore any cached command, indicating that the user wishes to ignore any cached
authentication credentials. authentication credentials.
\fIimplied_shell\fR \fIimplied_shell\fR
@@ -277,12 +277,12 @@ BSD
login class to use when setting resource limits and nice value, login class to use when setting resource limits and nice value,
if specified by the if specified by the
\fB\-c\fR \fB\-c\fR
flag. option.
.TP 6n .TP 6n
login_shell=bool login_shell=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-i\fR \fB\-i\fR
flag, indicating that option, indicating that
the user wishes to run a login shell. the user wishes to run a login shell.
.TP 6n .TP 6n
max_groups=int max_groups=int
@@ -305,7 +305,7 @@ it is an IPv6 address, else it is IPv4.
noninteractive=bool noninteractive=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-n\fR \fB\-n\fR
flag, indicating that option, indicating that
\fBsudo\fR \fBsudo\fR
should operate in non-interactive mode. should operate in non-interactive mode.
The plugin may reject a command run in non-interactive mode if user The plugin may reject a command run in non-interactive mode if user
@@ -330,13 +330,13 @@ statically compiled into
preserve_environment=bool preserve_environment=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-E\fR \fB\-E\fR
flag, indicating that option, indicating that
the user wishes to preserve the environment. the user wishes to preserve the environment.
.TP 6n .TP 6n
preserve_groups=bool preserve_groups=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-P\fR \fB\-P\fR
flag, indicating that option, indicating that
the user wishes to preserve the group vector instead of setting it the user wishes to preserve the group vector instead of setting it
based on the runas user. based on the runas user.
.TP 6n .TP 6n
@@ -350,7 +350,7 @@ prompt=string
The prompt to use when requesting a password, if specified via The prompt to use when requesting a password, if specified via
the the
\fB\-p\fR \fB\-p\fR
flag. option.
.TP 6n .TP 6n
remote_host=string remote_host=string
The name of the remote host to run the command on, if specified via The name of the remote host to run the command on, if specified via
@@ -367,35 +367,35 @@ Only available starting with API version 1.4.
run_shell=bool run_shell=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-s\fR \fB\-s\fR
flag, indicating that the user wishes to run a shell. option, indicating that the user wishes to run a shell.
.TP 6n .TP 6n
runas_group=string runas_group=string
The group name or gid to run the command as, if specified via The group name or gid to run the command as, if specified via
the the
\fB\-g\fR \fB\-g\fR
flag. option.
.TP 6n .TP 6n
runas_user=string runas_user=string
The user name or uid to run the command as, if specified via the The user name or uid to run the command as, if specified via the
\fB\-u\fR \fB\-u\fR
flag. option.
.TP 6n .TP 6n
selinux_role=string selinux_role=string
SELinux role to use when executing the command, if specified by SELinux role to use when executing the command, if specified by
the the
\fB\-r\fR \fB\-r\fR
flag. option.
.TP 6n .TP 6n
selinux_type=string selinux_type=string
SELinux type to use when executing the command, if specified by SELinux type to use when executing the command, if specified by
the the
\fB\-t\fR \fB\-t\fR
flag. option.
.TP 6n .TP 6n
set_home=bool set_home=bool
Set to true if the user specified the Set to true if the user specified the
\fB\-H\fR \fB\-H\fR
flag. option.
If true, set the If true, set the
\fRHOME\fR \fRHOME\fR
environment variable to the target user's home directory. environment variable to the target user's home directory.
@@ -403,7 +403,7 @@ environment variable to the target user's home directory.
sudoedit=bool sudoedit=bool
Set to true when the Set to true when the
\fB\-e\fR \fB\-e\fR
flag is specified or if invoked as option is specified or if invoked as
\fBsudoedit\fR. \fBsudoedit\fR.
The plugin shall substitute an editor into The plugin shall substitute an editor into
\fIargv\fR \fIargv\fR
@@ -720,7 +720,7 @@ in the user's environment, such as
and include it in and include it in
\fIargv_out\fR \fIargv_out\fR
(note that environment (note that environment
variables may include command line flags). variables may include command line options).
The files to be edited should be copied from The files to be edited should be copied from
\fIargv\fR \fIargv\fR
into into
@@ -1193,7 +1193,7 @@ function is called when
\fBsudo\fR \fBsudo\fR
is run with the is run with the
\fB\-v\fR \fB\-v\fR
flag. option.
For policy plugins such as For policy plugins such as
\fBsudoers\fR \fBsudoers\fR
that cache that cache
@@ -1234,7 +1234,7 @@ the
\fB\-k\fR \fB\-k\fR
or or
\fB\-K\fR \fB\-K\fR
flag. option.
For policy plugins such as For policy plugins such as
\fBsudoers\fR \fBsudoers\fR
that that
@@ -1638,9 +1638,9 @@ strings.
The vector is terminated by a The vector is terminated by a
\fRNULL\fR \fRNULL\fR
pointer. pointer.
These settings correspond to flags the user specified when running These settings correspond to options the user specified when running
\fBsudo\fR. \fBsudo\fR.
As such, they will only be present when the corresponding flag has As such, they will only be present when the corresponding option has
been specified on the command line. been specified on the command line.
.sp .sp
When parsing When parsing

50
doc/sudo_plugin.mdoc.in
View File

@@ -1,7 +1,7 @@
.\" .\"
.\" SPDX-License-Identifier: ISC .\" SPDX-License-Identifier: ISC
.\" .\"
.\" Copyright (c) 2009-2018 Todd C. Miller <Todd.Miller@sudo.ws> .\" Copyright (c) 2009-2019 Todd C. Miller <Todd.Miller@sudo.ws>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd October 24, 2018 .Dd June 20, 2019
.Dt SUDO_PLUGIN @mansectform@ .Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -153,9 +153,9 @@ strings.
The vector is terminated by a The vector is terminated by a
.Dv NULL .Dv NULL
pointer. pointer.
These settings correspond to flags the user specified when running These settings correspond to options the user specified when running
.Nm sudo . .Nm sudo .
As such, they will only be present when the corresponding flag has As such, they will only be present when the corresponding option has
been specified on the command line. been specified on the command line.
.Pp .Pp
When parsing When parsing
@@ -174,14 +174,14 @@ might.
.It bsdauth_type=string .It bsdauth_type=string
Authentication type, if specified by the Authentication type, if specified by the
.Fl a .Fl a
flag, to use on option, to use on
systems where systems where
.Bx .Bx
authentication is supported. authentication is supported.
.It closefrom=number .It closefrom=number
If specified, the user has requested via the If specified, the user has requested via the
.Fl C .Fl C
flag that option that
.Nm sudo .Nm sudo
close all files descriptors with a value of close all files descriptors with a value of
.Em number .Em number
@@ -229,7 +229,7 @@ This setting has been deprecated in favor of
.It ignore_ticket=bool .It ignore_ticket=bool
Set to true if the user specified the Set to true if the user specified the
.Fl k .Fl k
flag along with a option along with a
command, indicating that the user wishes to ignore any cached command, indicating that the user wishes to ignore any cached
authentication credentials. authentication credentials.
.Em implied_shell .Em implied_shell
@@ -255,11 +255,11 @@ will pass the plugin the path to the user's shell and set
login class to use when setting resource limits and nice value, login class to use when setting resource limits and nice value,
if specified by the if specified by the
.Fl c .Fl c
flag. option.
.It login_shell=bool .It login_shell=bool
Set to true if the user specified the Set to true if the user specified the
.Fl i .Fl i
flag, indicating that option, indicating that
the user wishes to run a login shell. the user wishes to run a login shell.
.It max_groups=int .It max_groups=int
The maximum number of groups a user may belong to. The maximum number of groups a user may belong to.
@@ -279,7 +279,7 @@ it is an IPv6 address, else it is IPv4.
.It noninteractive=bool .It noninteractive=bool
Set to true if the user specified the Set to true if the user specified the
.Fl n .Fl n
flag, indicating that option, indicating that
.Nm sudo .Nm sudo
should operate in non-interactive mode. should operate in non-interactive mode.
The plugin may reject a command run in non-interactive mode if user The plugin may reject a command run in non-interactive mode if user
@@ -301,12 +301,12 @@ statically compiled into
.It preserve_environment=bool .It preserve_environment=bool
Set to true if the user specified the Set to true if the user specified the
.Fl E .Fl E
flag, indicating that option, indicating that
the user wishes to preserve the environment. the user wishes to preserve the environment.
.It preserve_groups=bool .It preserve_groups=bool
Set to true if the user specified the Set to true if the user specified the
.Fl P .Fl P
flag, indicating that option, indicating that
the user wishes to preserve the group vector instead of setting it the user wishes to preserve the group vector instead of setting it
based on the runas user. based on the runas user.
.It progname=string .It progname=string
@@ -318,7 +318,7 @@ or
The prompt to use when requesting a password, if specified via The prompt to use when requesting a password, if specified via
the the
.Fl p .Fl p
flag. option.
.It remote_host=string .It remote_host=string
The name of the remote host to run the command on, if specified via The name of the remote host to run the command on, if specified via
the the
@@ -333,37 +333,37 @@ Only available starting with API version 1.4.
.It run_shell=bool .It run_shell=bool
Set to true if the user specified the Set to true if the user specified the
.Fl s .Fl s
flag, indicating that the user wishes to run a shell. option, indicating that the user wishes to run a shell.
.It runas_group=string .It runas_group=string
The group name or gid to run the command as, if specified via The group name or gid to run the command as, if specified via
the the
.Fl g .Fl g
flag. option.
.It runas_user=string .It runas_user=string
The user name or uid to run the command as, if specified via the The user name or uid to run the command as, if specified via the
.Fl u .Fl u
flag. option.
.It selinux_role=string .It selinux_role=string
SELinux role to use when executing the command, if specified by SELinux role to use when executing the command, if specified by
the the
.Fl r .Fl r
flag. option.
.It selinux_type=string .It selinux_type=string
SELinux type to use when executing the command, if specified by SELinux type to use when executing the command, if specified by
the the
.Fl t .Fl t
flag. option.
.It set_home=bool .It set_home=bool
Set to true if the user specified the Set to true if the user specified the
.Fl H .Fl H
flag. option.
If true, set the If true, set the
.Li HOME .Li HOME
environment variable to the target user's home directory. environment variable to the target user's home directory.
.It sudoedit=bool .It sudoedit=bool
Set to true when the Set to true when the
.Fl e .Fl e
flag is specified or if invoked as option is specified or if invoked as
.Nm sudoedit . .Nm sudoedit .
The plugin shall substitute an editor into The plugin shall substitute an editor into
.Em argv .Em argv
@@ -634,7 +634,7 @@ in the user's environment, such as
and include it in and include it in
.Em argv_out .Em argv_out
(note that environment (note that environment
variables may include command line flags). variables may include command line options).
The files to be edited should be copied from The files to be edited should be copied from
.Em argv .Em argv
into into
@@ -1046,7 +1046,7 @@ function is called when
.Nm sudo .Nm sudo
is run with the is run with the
.Fl v .Fl v
flag. option.
For policy plugins such as For policy plugins such as
.Nm sudoers .Nm sudoers
that cache that cache
@@ -1082,7 +1082,7 @@ the
.Fl k .Fl k
or or
.Fl K .Fl K
flag. option.
For policy plugins such as For policy plugins such as
.Nm sudoers .Nm sudoers
that that
@@ -1458,9 +1458,9 @@ strings.
The vector is terminated by a The vector is terminated by a
.Dv NULL .Dv NULL
pointer. pointer.
These settings correspond to flags the user specified when running These settings correspond to options the user specified when running
.Nm sudo . .Nm sudo .
As such, they will only be present when the corresponding flag has As such, they will only be present when the corresponding option has
been specified on the command line. been specified on the command line.
.Pp .Pp
When parsing When parsing