mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Document that the target user's groups may be specified via the -g option.

Browse Source
This commit is contained in:
Todd C. Miller 2018-10-27 12:52:17 -06:00
parent 03c56db408
commit fb015fac1b
6 changed files with 37 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/sudo.cat
View File

@ -167,7 +167,9 @@ DDEESSCCRRIIPPTTIIOONN
require that the `#' be escaped with a backslash (`\'). If require that the `#' be escaped with a backslash (`\'). If
no --uu option is specified, the command will be run as the no --uu option is specified, the command will be run as the
invoking user. In either case, the primary group will be set invoking user. In either case, the primary group will be set
to _g_r_o_u_p. to _g_r_o_u_p. The _s_u_d_o_e_r_s policy permits any of the target
user's groups to be specified via the --gg option as long as
the --PP option is not in use.
--HH, ----sseett--hhoommee --HH, ----sseett--hhoommee
Request that the security policy set the HOME environment Request that the security policy set the HOME environment
@ -736,4 +738,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.26 October 13, 2018 Sudo 1.8.26 Sudo 1.8.26 October 27, 2018 Sudo 1.8.26

10
doc/sudo.man.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDO" "8" "October 13, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "SUDO" "8" "October 27, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -363,6 +363,14 @@ If no
option is specified, the command will be run as the invoking user. option is specified, the command will be run as the invoking user.
In either case, the primary group will be set to In either case, the primary group will be set to
\fIgroup\fR. \fIgroup\fR.
The
\fIsudoers\fR
policy permits any of the target user's groups to be specified via
the
\fB\-g\fR
option as long as the
\fB\-P\fR
option is not in use.
.TP 12n .TP 12n
\fB\-H\fR, \fB\--set-home\fR \fB\-H\fR, \fB\--set-home\fR
Request that the security policy set the Request that the security policy set the

10
doc/sudo.mdoc.in
View File

@ -18,7 +18,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd October 13, 2018 .Dd October 27, 2018
.Dt SUDO @mansectsu@ .Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -330,6 +330,14 @@ If no
option is specified, the command will be run as the invoking user. option is specified, the command will be run as the invoking user.
In either case, the primary group will be set to In either case, the primary group will be set to
.Ar group . .Ar group .
The
.Em sudoers
policy permits any of the target user's groups to be specified via
the
.Fl g
option as long as the
.Fl P
option is not in use.
.It Fl H , -set-home .It Fl H , -set-home
Request that the security policy set the Request that the security policy set the
.Ev HOME .Ev HOME

21
doc/sudoers.cat
View File

@ -530,15 +530,16 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
defined above) separated by a colon (`:') and enclosed in a set of defined above) separated by a colon (`:') and enclosed in a set of
parentheses. The first Runas_List indicates which users the command may parentheses. The first Runas_List indicates which users the command may
be run as via ssuuddoo's --uu option. The second defines a list of groups that be run as via ssuuddoo's --uu option. The second defines a list of groups that
can be specified via ssuuddoo's --gg option. If both Runas_Lists are can be specified via ssuuddoo's --gg option in addition to any of the target
specified, the command may be run with any combination of users and user's groups. If both Runas_Lists are specified, the command may be run
groups listed in their respective Runas_Lists. If only the first is with any combination of users and groups listed in their respective
specified, the command may be run as any user in the list but no --gg Runas_Lists. If only the first is specified, the command may be run as
option may be specified. If the first Runas_List is empty but the second any user in the list but no --gg option may be specified. If the first
is specified, the command may be run as the invoking user with the group Runas_List is empty but the second is specified, the command may be run
set to any listed in the Runas_List. If both Runas_Lists are empty, the as the invoking user with the group set to any listed in the Runas_List.
command may only be run as the invoking user. If no Runas_Spec is If both Runas_Lists are empty, the command may only be run as the
specified the command may be run as rroooott and no group may be specified. invoking user. If no Runas_Spec is specified the command may be run as
rroooott and no group may be specified.
A Runas_Spec sets the default for the commands that follow it. What this A Runas_Spec sets the default for the commands that follow it. What this
means is that for the entry: means is that for the entry:
@ -2927,4 +2928,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.26 October 7, 2018 Sudo 1.8.26 Sudo 1.8.26 October 27, 2018 Sudo 1.8.26

4
doc/sudoers.man.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "5" "October 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "5" "October 27, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -1092,7 +1092,7 @@ option.
The second defines a list of groups that can be specified via The second defines a list of groups that can be specified via
\fBsudo\fR's \fBsudo\fR's
\fB\-g\fR \fB\-g\fR
option. option in addition to any of the target user's groups.
If both If both
\fRRunas_List\fRs \fRRunas_List\fRs
are specified, the command may be run with any combination of users are specified, the command may be run with any combination of users

4
doc/sudoers.mdoc.in
View File

@ -18,7 +18,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd October 7, 2018 .Dd October 27, 2018
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -1045,7 +1045,7 @@ option.
The second defines a list of groups that can be specified via The second defines a list of groups that can be specified via
.Nm sudo Ns 's .Nm sudo Ns 's
.Fl g .Fl g
option. option in addition to any of the target user's groups.
If both If both
.Li Runas_List Ns s .Li Runas_List Ns s
are specified, the command may be run with any combination of users are specified, the command may be run with any combination of users