Remove some extraneous markup; from Ingo Schwarze

* No need to explicitly end a macro with No before | because | counts as middle punctuation and falls out of the macro, anyway. * No need to explicitly re-open in-line macros after | because | counts as middle punctuation and the macros resume afterwards, anyway. * Simplify the mnemonic remarks regarding the option letters, no need for manual font and spacing control with No and Ns. * Trim Ns No to just Ns, it already implies No.
2025-08-22 01:49:11 +00:00 · 2014-02-15 16:04:07 -07:00 · 2014-02-15 16:04:07 -07:00 · f909c0d132
commit f909c0d132
parent d6397e27cf
7 changed files with 70 additions and 70 deletions
--- a/doc/sudo.conf.mdoc.in
+++ b/doc/sudo.conf.mdoc.in
@ -397,7 +397,7 @@ debug flag syntax used by
 and the
 .Nm sudoers
 plugin is
-.Em subsystem Ns No @ Ns Em priority
+.Em subsystem Ns @ Ns Em priority
 but a plugin is free to use a different format so long as it does
 not include a comma
 .Pq Ql \&, .
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@ -28,7 +28,7 @@
 .Nd execute a command as another user
 .Sh SYNOPSIS
 .Nm sudo
-.Fl h No | Fl K No | Fl k No | Fl V
+.Fl h | K | k | V
 .Nm sudo
 .Fl v
 .Op Fl AknS
@ -59,7 +59,7 @@
 .Op Fl t Ar type
 .Op Fl u Ar user
 .Op Ar VAR Ns = Ns Ar value
-.Op Fl i No | Fl s
+.Op Fl i | s
 .Op Ar command
 .Nm sudoedit
 .Op Fl AknS
@ -145,7 +145,7 @@ Normally, if
 .Nm sudo
 requires a password, it will read it from the user's terminal.
 If the
-.Fl A No ( Em askpass Ns No )
+.Fl A Pq Em askpass
 option is specified, a (possibly graphical) helper program is
 executed to read the user's password and output the password to the
 standard output.
@ -166,7 +166,7 @@ Path askpass /usr/X11R6/bin/ssh-askpass
 If no askpass program is available,
 .Nm sudo
 will exit with an error.
-.It Fl a Ar type , Fl -auth-type Ns No = Ns Ar type
+.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type
 Use the specified BSD authentication
 .Ar type
 when validating the user, if allowed by
@ -184,7 +184,7 @@ background processes started by
 .Nm sudo .
 Most interactive commands will fail to work properly in background
 mode.
-.It Fl C Ar num , Fl -close-from Ns No = Ns Ar num
+.It Fl C Ar num , Fl -close-from Ns = Ns Ar num
 Close all file descriptors greater than or equal to
 .Ar num
 before executing a command.
@ -201,7 +201,7 @@ policy only permits use of the
 option when the administrator has enabled the
 .Em closefrom_override
 option.
-.It Fl c Ar class , Fl -login-class Ns No = Ns Ar class
+.It Fl c Ar class , Fl -login-class Ns = Ns Ar class
 Run the command with resource limits and scheduling priority of
 the specified login
 .Ar class .
@ -274,7 +274,7 @@ If, for some reason,
 is unable to update a file with its edited version, the user will
 receive a warning and the edited copy will remain in a temporary
 file.
-.It Fl g Ar group , Fl -group Ns No = Ns Ar group
+.It Fl g Ar group , Fl -group Ns = Ns Ar group
 Run the command with the primary group set to
 .Ar group
 instead of the primary group specified by the target
@ -305,7 +305,7 @@ user's password database entry.
 Depending on the policy, this may be the default behavior.
 .It Fl h , -help
 Display a short help message to the standard output and exit.
-.It Fl h Ar host , Fl -host Ns No = Ns Ar host
+.It Fl h Ar host , Fl -host Ns = Ns Ar host
 Run the command on the specified
 .Ar host
 if the security policy plugin supports remote commands.
@ -405,7 +405,7 @@ policy will initialize the group vector to the list of groups the
 target user is a member of.
 The real and effective group IDs, however, are still set to match
 the target user.
-.It Fl p Ar prompt , Fl -prompt Ns No = Ns Ar prompt
+.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt
 Use a custom password prompt with optional escape sequences.
 The following percent
 .Pq Ql %
@ -450,7 +450,7 @@ support PAM unless the
 .Em passprompt_override
 flag is disabled in
 .Em sudoers .
-.It Fl r Ar role , Fl -role Ns No = Ns Ar role
+.It Fl r Ar role , Fl -role Ns = Ns Ar role
 Run the command with an SELinux security context that includes
 the specified
 .Ar role .
@ -468,14 +468,14 @@ via the shell's
 .Fl c
 option.
 If no command is specified, an interactive shell is executed.
-.It Fl t Ar type , Fl -type Ns No = Ns Ar type
+.It Fl t Ar type , Fl -type Ns = Ns Ar type
 Run the command with an SELinux security context that includes
 the specified
 .Ar type .
 If no
 .Ar type
 is specified, the default type is derived from the role.
-.It Fl U Ar user , Fl -other-user Ns No = Ns Ar user
+.It Fl U Ar user , Fl -other-user Ns = Ns Ar user
 Used in conjunction with the
 .Fl l
 option to list the privileges for
@ -487,7 +487,7 @@ The
 policy only allows root or a user with the
 .Li ALL
 privilege on the current host to use this option.
-.It Fl u Ar user , Fl -user Ns No = Ns Ar user
+.It Fl u Ar user , Fl -user Ns = Ns Ar user
 Run the command as a user other than the default target user
 (usually
 .Em root ).
@ -544,9 +544,9 @@ should stop processing command line arguments.
 .Pp
 Environment variables to be set for the command may also be passed
 on the command line in the form of
-.Ar VAR Ns No = Ns Ar value ,
+.Ar VAR Ns = Ns Ar value ,
 e.g.\&
-.Ev LD_LIBRARY_PATH Ns No = Ns Pa /usr/local/pkg/lib .
+.Ev LD_LIBRARY_PATH Ns = Ns Pa /usr/local/pkg/lib .
 Variables passed on the command line are subject to restrictions
 imposed by the security policy plugin.
 The
@ -803,7 +803,7 @@ If a user runs a command such as
 or
 .Li sudo sh ,
 subsequent commands run from that shell are not subject to
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 security policy.
 The same is true for commands that offer shell escapes (including
 most editors).
@ -1000,7 +1000,7 @@ if that user is allowed to run arbitrary commands via
 .Nm sudo .
 Also, many programs (such as editors) allow the user to run commands
 via shell escapes, thus avoiding
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 checks.
 However, on most systems it is possible to prevent shell escapes with the
 .Xr sudoers @mansectform@
--- a/doc/sudo_plugin.mdoc.in
+++ b/doc/sudo_plugin.mdoc.in
@ -139,7 +139,7 @@ function that can be used by the plugin to interact with the user (see below).
 Returns 0 on success and \-1 on failure.
 .It plugin_printf
 A pointer to a
-.Fn printf Ns No -style
+.Fn printf Ns -style
 function that may be used to display informational or error messages
 (see below).
 Returns the number of characters printed on success and \-1 on failure.
@ -188,7 +188,7 @@ The plugin may optionally pass this, or another value, back in the
 list.
 .It debug_flags=string
 A comma-separated list of debug flags that correspond to
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Li Debug
 entry in
 .Xr sudo.conf @mansectform@ ,
@ -200,7 +200,7 @@ The syntax used by
 and the
 .Nm sudoers
 plugin is
-.Em subsystem Ns No @ Ns Em priority
+.Em subsystem Ns @ Ns Em priority
 but the plugin is free to use a different
 format so long as it does not include a comma
 .Pq Ql ,\& .
@ -417,7 +417,7 @@ Any (non-comment) strings immediately after the plugin path are
 passed as arguments to the plugin.
 These arguments are split on a white space boundary and are passed to
 the plugin in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 array of strings.
 If no arguments were
 specified,
@ -471,7 +471,7 @@ The name of the user invoking
 .El
 .It user_env
 The user's environment in the form of a
-.Dv NULL Ns No -terminated vector of
+.Dv NULL Ns -terminated vector of
 .Dq name=value
 strings.
 .Pp
@ -658,7 +658,7 @@ pointer.
 .It env_add
 Additional environment variables specified by the user on the command
 line in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 vector of
 .Dq name=value
 strings.
@ -889,14 +889,14 @@ the invoking user's existing entry.
 Unsupported values will be ignored.
 .It argv_out
 The
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 argument vector to pass to the
 .Xr execve 2
 system call when executing the command.
 The plugin is responsible for allocating and populating the vector.
 .It user_env_out
 The
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 environment vector to use when executing the command.
 The plugin is responsible for allocating and populating the vector.
 .El
@ -1046,7 +1046,7 @@ The
 .Em user_env
 argument points to the environment the command will
 run in, in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 vector of
 .Dq name=value
 strings.
@ -1330,7 +1330,7 @@ The
 function returns 0 on success and \-1 on failure.
 .It plugin_printf
 A pointer to a
-.Fn printf Ns No -style
+.Fn printf Ns -style
 function that may be used by the
 .Fn show_version
 function to display version information (see
@ -1410,7 +1410,7 @@ wishes to run in the same form as what would be passed to the
 system call.
 .It user_env
 The user's environment in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 vector of
 .Dq name=value
 strings.
@ -1432,7 +1432,7 @@ Any (non-comment) strings immediately after the plugin path are
 treated as arguments to the plugin.
 These arguments are split on a white space boundary and are passed to
 the plugin in the form of a
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 array of strings.
 If no arguments were specified,
 .Em plugin_options
@ -1926,7 +1926,7 @@ The caller must include a trailing newline in
 if one is to be printed.
 .Pp
 A
-.Fn printf Ns No -style
+.Fn printf Ns -style
 function is also available that can be used to display informational
 or error messages to the user, which is usually more convenient for
 simple messages where no use input is required.
@ -1960,7 +1960,7 @@ typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...);
 Pointers to the
 .Fn conversation
 and
-.Fn printf Ns No -style
+.Fn printf Ns -style
 functions are passed
 in to the plugin's
 .Fn open
@ -1994,7 +1994,7 @@ It is also useful as a maximum value for the
 function when clearing passwords filled in by the conversation function.
 .Pp
 The
-.Fn printf Ns No -style
+.Fn printf Ns -style
 function uses the same underlying mechanism as the
 .Fn conversation
 function but only supports
@ -2110,12 +2110,12 @@ major and minor version number of the group plugin API supported by
 .Nm sudoers .
 .It plugin_printf
 A pointer to a
-.Fn printf Ns No -style
+.Fn printf Ns -style
 function that may be used to display informational or error message to the user.
 Returns the number of characters printed on success and \-1 on failure.
 .It argv
 A
-.Dv NULL Ns No -terminated
+.Dv NULL Ns -terminated
 array of arguments generated from the
 .Em group_plugin
 option in
--- a/doc/sudoers.ldap.mdoc.in
+++ b/doc/sudoers.ldap.mdoc.in
@ -76,18 +76,18 @@ is no need for a specialized tool to check syntax.
 Another major difference between LDAP and file-based
 .Em sudoers
 is that in LDAP,
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
 Aliases are not supported.
 .Pp
 For the most part, there is really no need for
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
 Aliases.
 Unix groups, non-Unix groups (via the
 .Em group_plugin )
 or user netgroups can be used in place of User_Aliases and Runas_Aliases.
 Host netgroups can be used in place of Host_Aliases.
 Since groups and netgroups can also be stored in LDAP there is no real need for
-.Nm sudo Ns No -specific
+.Nm sudo Ns -specific
 aliases.
 .Pp
 Cmnd_Aliases are not really required either since it is possible
@ -421,7 +421,7 @@ sudoHost: !web01
 .Ed
 .Ss Sudoers schema
 In order to use
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 LDAP support, the
 .Nm sudo
 schema must be
@ -451,7 +451,7 @@ Sudo reads the
 file for LDAP-specific configuration.
 Typically, this file is shared between different LDAP-aware clients.
 As such, most of the settings are not
-.Nm sudo Ns No -specific.
+.Nm sudo Ns -specific.
 Note that
 .Nm sudo
 parses
@ -564,9 +564,9 @@ The
 parameter specifies the amount of time, in seconds, to wait while trying
 to connect to an LDAP server.
 If multiple
-.Sy URI Ns No s
+.Sy URI Ns s
 or
-.Sy HOST Ns No s
+.Sy HOST Ns s
 are specified, this is the amount of time to wait before trying
 the next one in the list.
 .It Sy NETWORK_TIMEOUT Ar seconds
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@ -348,7 +348,7 @@ and, as such, it is not possible for
 to preserve them.
 .Pp
 As a special case, if
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Fl i
 option (initial login) is
 specified,
@ -533,7 +533,7 @@ non-Unix group names and IDs (prefixed with
 and
 .Ql %:#
 respectively) and
-.Li User_Alias Ns No es.
+.Li User_Alias Ns es.
 Each list item may be prefixed with zero or more
 .Ql \&!
 operators.
@ -607,9 +607,9 @@ is similar to a
 .Li User_List
 except that instead
 of
-.Li User_Alias Ns No es
+.Li User_Alias Ns es
 it can contain
-.Li Runas_Alias Ns No es .
+.Li Runas_Alias Ns es .
 Note that
 user names and groups are matched as strings.
 In other words, two
@ -875,7 +875,7 @@ may be run as.
 A fully-specified
 .Li Runas_Spec
 consists of two
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
 (as defined above) separated by a colon
 .Pq Ql :\&
 and enclosed in a set of parentheses.
@ -883,18 +883,18 @@ The first
 .Li Runas_List
 indicates
 which users the command may be run as via
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Fl u
 option.
 The second defines a list of groups that can be specified via
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Fl g
 option.
 If both
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
 are specified, the command may be run with any combination of users
 and groups listed in their respective
-.Li Runas_List Ns No s.
+.Li Runas_List Ns s.
 If only the first is specified, the command may be run as any user
 in the list but no
 .Fl g
@ -907,7 +907,7 @@ second is specified, the command may be run as the invoking user
 with the group set to any listed in the
 .Li Runas_List .
 If both
-.Li Runas_List Ns No s
+.Li Runas_List Ns s
 are empty, the command may only be run as the invoking user.
 If no
 .Li Runas_Spec
@ -930,7 +930,7 @@ may run
 .Pa /bin/ls ,
 .Pa /bin/kill ,
 and
-.Pa /usr/bin/lprm Ns No \(em Ns but
+.Pa /usr/bin/lprm Ns \(em Ns but
 only as
 .Sy operator .
 E.g.,
@ -1087,7 +1087,7 @@ and
 Once a tag is set on a
 .Li Cmnd ,
 subsequent
-.Li Cmnd Ns No s
+.Li Cmnd Ns s
 in the
 .Li Cmnd_Spec_List ,
 inherit the tag unless it is overridden by the opposite tag (in other words,
@ -1579,7 +1579,7 @@ when used as part of a word (e.g.\& a user name or host name):
 .Ql )\& ,
 .Ql \e .
 .Sh SUDOERS OPTIONS
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 behavior can be modified by
 .Li Default_Entry
 lines, as explained earlier.
@ -1628,7 +1628,7 @@ This flag is
 by default.
 .It closefrom_override
 If set, the user may use
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Fl C
 option which overrides the default starting point at which
 .Nm sudo
@ -2637,9 +2637,9 @@ escape sequences.
 .Pp
 In addition to the escape sequences, path names that end in six or
 more
-.Li X Ns No s
+.Li X Ns s
 will have the
-.Li X Ns No s
+.Li X Ns s
 replaced with a unique combination of digits and letters, similar to the
 .Xr mktemp 3
 function.
@ -2653,7 +2653,7 @@ overwritten unless
 .Em iolog_file
 ends in six or
 more
-.Li X Ns No s .
+.Li X Ns s .
 .It lecture_status_dir
 The directory in which
 .Nm sudo
@ -3150,7 +3150,7 @@ Environment variables to be preserved in the user's environment when the
 .Em env_reset
 option is in effect.
 This allows fine-grained control over the environment
-.Nm sudo Ns No -spawned
+.Nm sudo Ns -spawned
 processes will receive.
 The argument may be a double-quoted, space-separated list or a
 single value without double-quotes.
@ -3328,7 +3328,7 @@ failed attempts and the value of the
 .Em passwd_tries
 option.
 .It a password is required
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Fl n
 option was specified but a password was required.
 .It sorry, you are not allowed to set the following environment variables
@ -3998,7 +3998,7 @@ executes a program, that program is free to do whatever
 it pleases, including run other programs.
 This can be a security issue since it is not uncommon for a program to
 allow shell escapes, which lets a user bypass
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 access control and logging.
 Common programs that permit shell escapes include shells (obviously),
 editors, paginators, mail and terminal programs.
@ -4024,7 +4024,7 @@ variable (usually
 .Ev LD_PRELOAD )
 to an alternate shared library.
 On such systems,
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Em noexec
 functionality can be used to prevent a program run by
 .Nm sudo
@ -4209,7 +4209,7 @@ The
 plugin uses the same debug flag format as the
 .Nm sudo
 front-end:
-.Em subsystem Ns No @ Ns Em priority .
+.Em subsystem Ns @ Ns Em priority .
 .Pp
 The priorities used by
 .Nm sudoers ,
--- a/doc/sudoreplay.mdoc.in
+++ b/doc/sudoreplay.mdoc.in
@ -67,7 +67,7 @@ log file.
 The
 .Em ID
 may also be determined using
-.Nm sudoreplay Ns No 's
+.Nm sudoreplay Ns 's
 list mode.
 .Pp
 In list mode,
@ -81,7 +81,7 @@ will act on the following keys:
 .Bl -tag -width 12n
 .It So Li \en Sc No or So Li \er Sc
 Skip to the next replay event; useful for long pauses.
-.It So Li \  Sc No (space)
+.It So Li \  Sc Pq space
 Pause output; press any key to resume.
 .It Ql <
 Reduce the playback speed by one half.
@ -91,12 +91,12 @@ Double the playback speed.
 .Pp
 The options are as follows:
 .Bl -tag -width Fl
-.It Fl d Ar dir , Fl -directory Ns No = Ns Ar dir
+.It Fl d Ar dir , Fl -directory Ns = Ns Ar dir
 Store session logs in
 .Ar dir
 instead of the default,
 .Pa @iolog_dir@ .
-.It Fl f Ar filter , Fl -filter Ns No = Ns Ar filter
+.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter
 Select which I/O type(s) to display.
 By default,
 .Nm sudoreplay
--- a/doc/visudo.mdoc.in
+++ b/doc/visudo.mdoc.in
@ -140,7 +140,7 @@ will exit with a value of 0.
 If an error is encountered,
 .Nm visudo
 will exit with a value of 1.
-.It Fl f Ar sudoers , Fl -file Ns No = Ns Ar sudoers
+.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers
 Specify an alternate
 .Em sudoers
 file location.
@ -196,7 +196,7 @@ Print the
 and
 .Em sudoers
 grammar versions and exit.
-.It Fl x Ar file , Fl -export Ns No = Ns Ar file
+.It Fl x Ar file , Fl -export Ns = Ns Ar file
 Export
 .Em sudoers
 in JSON format and write it to