isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use the Oxford comma consistently, it is helpful in technical documents.

Browse Source
This commit is contained in:
Todd C. Miller
2022-01-19 18:41:23 -07:00
parent 144e578324
commit 0d0e7de454
24 changed files with 295 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/cvtsudoers.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2018, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2018, 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "CVTSUDOERS" "1" "December 16, 2021" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
.TH "CVTSUDOERS" "1" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -99,7 +99,7 @@ All Defaults entries.
.TP 10n
global
Global Defaults entries that are applied regardless of
user, runas, host or command.
user, runas, host, or command.
.TP 10n
user
Per-user Defaults entries.
@@ -172,12 +172,12 @@ Conversion to LDIF has the following limitations:
.PD 0
.TP 3n
\fB\(bu\fR
Command, host, runas and user-specific Defaults lines cannot be
Command, host, runas, and user-specific Defaults lines cannot be
translated as they don't have an equivalent in the sudoers LDAP schema.
.PD
.TP 3n
\fB\(bu\fR
Command, host, runas and user aliases are not supported by the
Command, host, runas, and user aliases are not supported by the
sudoers LDAP schema so they are expanded during the conversion.
.PD 0
.PP
@@ -272,10 +272,10 @@ or
.sp
A matching
\fIsudoers\fR
rule may also include users, groups and hosts that are not part of the
rule may also include users, groups, and hosts that are not part of the
\fIfilter\fR.
This can happen when a rule includes multiple users, groups or hosts.
To prune out any non-matching user, group or host from the rules, the
This can happen when a rule includes multiple users, groups, or hosts.
To prune out any non-matching user, group, or host from the rules, the
\fB\-p\fR
option may be used.
.sp
@@ -338,7 +338,7 @@ When the
\fB\-m\fR
option is also specified,
\fBcvtsudoers\fR
will prune out non-matching users, groups and hosts from
will prune out non-matching users, groups, and hosts from
matching entries.
.TP 12n
\fB\-P\fR \fIpadding\fR, \fB\--padding\fR=\fIpadding\fR
@@ -428,7 +428,7 @@ each conflict.
If a host name is specified with the input file,
\fBcvtsudoers\fR
will change the global Defaults settings in that file to be host-specific.
A warning is emitted for command, user or runas-specific Defaults settings
A warning is emitted for command, user, or runas-specific Defaults settings
which cannot be made host-specific.
.TP 3n
\fB\(bu\fR

20
docs/cvtsudoers.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2018, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2018, 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd December 16, 2021
.Dd January 19, 2022
.Dt CVTSUDOERS 1
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -90,7 +90,7 @@ The supported types are:
All Defaults entries.
.It global
Global Defaults entries that are applied regardless of
user, runas, host or command.
user, runas, host, or command.
.It user
Per-user Defaults entries.
.It runas
@@ -148,10 +148,10 @@ server for use with
Conversion to LDIF has the following limitations:
.Bl -bullet -width 1n
.It
Command, host, runas and user-specific Defaults lines cannot be
Command, host, runas, and user-specific Defaults lines cannot be
translated as they don't have an equivalent in the sudoers LDAP schema.
.It
Command, host, runas and user aliases are not supported by the
Command, host, runas, and user aliases are not supported by the
sudoers LDAP schema so they are expanded during the conversion.
.El
.It sudoers
@@ -225,10 +225,10 @@ or
.Pp
A matching
.Em sudoers
rule may also include users, groups and hosts that are not part of the
rule may also include users, groups, and hosts that are not part of the
.Ar filter .
This can happen when a rule includes multiple users, groups or hosts.
To prune out any non-matching user, group or host from the rules, the
This can happen when a rule includes multiple users, groups, or hosts.
To prune out any non-matching user, group, or host from the rules, the
.Fl p
option may be used.
.Pp
@@ -286,7 +286,7 @@ When the
.Fl m
option is also specified,
.Nm
will prune out non-matching users, groups and hosts from
will prune out non-matching users, groups, and hosts from
matching entries.
.It Fl P Ar padding , Fl -padding Ns = Ns Ar padding
When generating LDIF output, construct the initial sudoOrder value by
@@ -372,7 +372,7 @@ each conflict.
If a host name is specified with the input file,
.Nm
will change the global Defaults settings in that file to be host-specific.
A warning is emitted for command, user or runas-specific Defaults settings
A warning is emitted for command, user, or runas-specific Defaults settings
which cannot be made host-specific.
.It
Per-user rules are merged and duplicates are removed.

28
docs/sudo.conf.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2010-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2010-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
.TH "SUDO.CONF" "@mansectform@" "September 17, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO.CONF" "@mansectform@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -29,15 +29,15 @@ The
file is used to configure the
\fBsudo\fR
front-end.
It specifies the security policy and I/O logging plugins, debug flags
as well as plugin-agnostic path names and settings.
It is used to configure sudo plugins, plugin-agnostic path names,
debug flags, and other settings.
.PP
The
\fBsudo.conf\fR
file supports the following directives, described in detail below.
.TP 10n
Plugin
an approval, audit, I/O logging or security policy plugin
an approval, audit, I/O logging, or security policy plugin
.TP 10n
Path
a plugin-agnostic path
@@ -186,7 +186,7 @@ file is present, or if it contains no
lines, the
\fBsudoers\fR
plugin will be used as the default security policy, for I/O logging
(if enabled by the policy) and for auditing.
(if enabled by the policy), and for auditing.
This is equivalent to the following:
.nf
.sp
@@ -493,7 +493,7 @@ Currently,
\fBsudo\fR
supports efficient group queries on AIX,
BSD,
HP-UX, Linux, macOS and Solaris.
HP-UX, Linux, macOS, and Solaris.
This is the default behavior on macOS in
\fBsudo\fR
1.9.6 and higher.
@@ -572,13 +572,13 @@ A
\fRDebug\fR
line consists of the
\fRDebug\fR
keyword, followed by the name of the program, plugin or shared object to debug,
the debug file name and a comma-separated list of debug flags.
keyword, followed by the name of the program, plugin, or shared object
to debug, the debug file name, and a comma-separated list of debug flags.
The debug flag syntax used by
\fBsudo\fR,
the
\fBsudoers\fR
plugin and its associated programs and shared objects is
plugin along with its associated programs and shared objects is
\fIsubsystem\fR@\fIpriority\fR
but a third-party plugin is free to use a different format so long
as it does not include a comma
@@ -637,7 +637,7 @@ entry as the
front-end and could not be configured separately.
.PP
The following priorities are supported, in order of decreasing severity:
\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR,
and
\fIdebug\fR.
Each priority, when specified, also includes all priorities higher
@@ -667,7 +667,7 @@ sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5
.PP
When the function is entered, indicated by a right arrow
\(oq->\(cq,
the program, process ID, function, source file and line number
the program, process ID, function, source file, and line number
are logged.
When the function returns, indicated by a left arrow
\(oq<-\(cq,
@@ -863,10 +863,10 @@ front-end configuration
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
#
# Sudo and related programs support logging debug information to a file.
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
#
# Subsystems vary based on the program; "all" matches all subsystems.
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
# Multiple subsystem@priority may be specified, separated by a comma.
#
#Debug sudo /var/log/sudo_debug all@debug

28
docs/sudo.conf.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2010-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2010-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
.Dd September 17, 2021
.Dd January 19, 2022
.Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -28,15 +28,15 @@ The
file is used to configure the
.Nm sudo
front-end.
It specifies the security policy and I/O logging plugins, debug flags
as well as plugin-agnostic path names and settings.
It is used to configure sudo plugins, plugin-agnostic path names,
debug flags, and other settings.
.Pp
The
.Nm
file supports the following directives, described in detail below.
.Bl -tag -width 8n
.It Plugin
an approval, audit, I/O logging or security policy plugin
an approval, audit, I/O logging, or security policy plugin
.It Path
a plugin-agnostic path
.It Set
@@ -171,7 +171,7 @@ file is present, or if it contains no
lines, the
.Nm sudoers
plugin will be used as the default security policy, for I/O logging
(if enabled by the policy) and for auditing.
(if enabled by the policy), and for auditing.
This is equivalent to the following:
.Bd -literal -offset indent
Plugin sudoers_policy sudoers.so
@@ -453,7 +453,7 @@ Currently,
.Nm sudo
supports efficient group queries on AIX,
.Bx ,
HP-UX, Linux, macOS and Solaris.
HP-UX, Linux, macOS, and Solaris.
This is the default behavior on macOS in
.Nm sudo
1.9.6 and higher.
@@ -522,13 +522,13 @@ A
.Li Debug
line consists of the
.Li Debug
keyword, followed by the name of the program, plugin or shared object to debug,
the debug file name and a comma-separated list of debug flags.
keyword, followed by the name of the program, plugin, or shared object
to debug, the debug file name, and a comma-separated list of debug flags.
The debug flag syntax used by
.Nm sudo ,
the
.Nm sudoers
plugin and its associated programs and shared objects is
plugin along with its associated programs and shared objects is
.Em subsystem Ns @ Ns Em priority
but a third-party plugin is free to use a different format so long
as it does not include a comma
@@ -581,7 +581,7 @@ entry as the
front-end and could not be configured separately.
.Pp
The following priorities are supported, in order of decreasing severity:
.Em crit , err , warn , notice , diag , info , trace
.Em crit , err , warn , notice , diag , info , trace ,
and
.Em debug .
Each priority, when specified, also includes all priorities higher
@@ -608,7 +608,7 @@ sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5
.Pp
When the function is entered, indicated by a right arrow
.Ql -> ,
the program, process ID, function, source file and line number
the program, process ID, function, source file, and line number
are logged.
When the function returns, indicated by a left arrow
.Ql <- ,
@@ -792,10 +792,10 @@ front-end configuration
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
#
# Sudo and related programs support logging debug information to a file.
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
#
# Subsystems vary based on the program; "all" matches all subsystems.
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
# Multiple subsystem@priority may be specified, separated by a comma.
#
#Debug sudo /var/log/sudo_debug all@debug

43
docs/sudo.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2021
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2022
.\" Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.TH "SUDO" "@mansectsu@" "December 11, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "SUDO" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -108,10 +108,10 @@ user-ID is used to determine the user name with which
to query the security policy.
.PP
\fBsudo\fR
supports a plugin architecture for security policies and input/output
logging.
Third parties can develop and distribute their own policy and I/O
logging plugins to work seamlessly with the
supports a plugin architecture for security policies, auditing,
and input/output logging.
Third parties can develop and distribute their own plugins to work
seamlessly with the
\fBsudo\fR
front-end.
The default security policy is
@@ -178,7 +178,8 @@ the
\fB\-e\fR
option (described below), is implied.
.PP
Security policies may log successful and failed attempts to use
Security policies and audit plugins may log successful and failed attempts
to run
\fBsudo\fR.
If an I/O plugin is configured, the running command's input and
output may be logged as well.
@@ -255,7 +256,7 @@ Values less than three are not permitted.
By default,
\fBsudo\fR
will close all open file descriptors other than standard input,
standard output and standard error when executing a command.
standard output, and standard error when executing a command.
The security policy may restrict the user's ability to use this option.
The
\fIsudoers\fR
@@ -444,7 +445,7 @@ Run the shell specified by the target user's password database entry
as a login shell.
This means that login-specific resource files such as
\fI.profile\fR,
\fI.bash_profile\fR
\fI.bash_profile\fR,
or
\fI.login\fR
will be read by the shell.
@@ -484,7 +485,7 @@ When used without a command, invalidates the user's cached credentials.
In other words, the next time
\fBsudo\fR
is run a password will be required.
This option does not require a password and was added to allow a
This option does not require a password, and was added to allow a
user to revoke
\fBsudo\fR
permissions from a
@@ -551,7 +552,7 @@ policy:
.PD 0
.TP 4n
\fR%H\fR
expanded to the host name including the domain name (on if the
expanded to the host name including the domain name (only if the
machine's host name is fully qualified or the
\fIfqdn\fR
option is set in
@@ -693,13 +694,12 @@ Other security policies may not support this.
\fB\-V\fR, \fB\--version\fR
Print the
\fBsudo\fR
version string as well as the version string of the security
policy plugin and any I/O plugins.
If the invoking user is already root the
version string as well as the version string of any configured plugins.
If the invoking user is already root, the
\fB\-V\fR
option will display the arguments passed to configure when
\fBsudo\fR
was built and plugins may display more verbose information such as
was built; plugins may display additional information such as
default options.
.TP 12n
\fB\-v\fR, \fB\--validate\fR
@@ -867,7 +867,8 @@ first.
The
\fIsudoers\fR
policy plugin will only define a close function when I/O logging
is enabled, a pty is required, or the
is enabled, a pty is required, an SELinux role is specified, the
command has an associated timeout, or the
\fIpam_session\fR
or
\fIpam_setcred\fR
@@ -948,7 +949,7 @@ family of functions instead of
If no I/O logging plugins are loaded and the policy plugin has not
defined a
\fBclose\fR()
function, set a command timeout or required that the command be
function, set a command timeout, or required that the command be
run in a new pty,
\fBsudo\fR
may execute the command directly instead of running it as a child process.
@@ -970,7 +971,7 @@ lines,
\fBsudo\fR
will use
sudoers(@mansectform@)
for the policy, auditing and I/O logging plugins.
for the policy, auditing, and I/O logging plugins.
See the
sudo.conf(@mansectform@)
manual for details of the
@@ -1001,7 +1002,7 @@ option, the exit value will only be 0 if the command is permitted by the
security policy, otherwise it will be 1.
.PP
If there is an authentication failure, a configuration/permission
problem or if the given command cannot be executed,
problem, or if the given command cannot be executed,
\fBsudo\fR
exits with a value of 1.
In the latter case, the error string is printed to the standard error.
@@ -1114,7 +1115,7 @@ is set.
\fRMAIL\fR
Set to the mail spool of the target user when the
\fB\-i\fR
option is specified or when
option is specified, or when
\fIenv_reset\fR
is enabled in
\fIsudoers\fR
@@ -1155,7 +1156,7 @@ Set to the login name of the target user when the
option is specified, when the
\fIset_logname\fR
option is enabled in
\fIsudoers\fR
\fIsudoers\fR,
or when the
\fIenv_reset\fR
option is enabled in

43
docs/sudo.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2021
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2022
.\" Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -24,7 +24,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.Dd December 11, 2021
.Dd January 19, 2022
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -112,10 +112,10 @@ user-ID is used to determine the user name with which
to query the security policy.
.Pp
.Nm
supports a plugin architecture for security policies and input/output
logging.
Third parties can develop and distribute their own policy and I/O
logging plugins to work seamlessly with the
supports a plugin architecture for security policies, auditing,
and input/output logging.
Third parties can develop and distribute their own plugins to work
seamlessly with the
.Nm
front-end.
The default security policy is
@@ -182,7 +182,8 @@ the
.Fl e
option (described below), is implied.
.Pp
Security policies may log successful and failed attempts to use
Security policies and audit plugins may log successful and failed attempts
to run
.Nm .
If an I/O plugin is configured, the running command's input and
output may be logged as well.
@@ -250,7 +251,7 @@ Values less than three are not permitted.
By default,
.Nm
will close all open file descriptors other than standard input,
standard output and standard error when executing a command.
standard output, and standard error when executing a command.
The security policy may restrict the user's ability to use this option.
The
.Em sudoers
@@ -421,7 +422,7 @@ Run the shell specified by the target user's password database entry
as a login shell.
This means that login-specific resource files such as
.Pa .profile ,
.Pa .bash_profile
.Pa .bash_profile ,
or
.Pa .login
will be read by the shell.
@@ -459,7 +460,7 @@ When used without a command, invalidates the user's cached credentials.
In other words, the next time
.Nm
is run a password will be required.
This option does not require a password and was added to allow a
This option does not require a password, and was added to allow a
user to revoke
.Nm
permissions from a
@@ -519,7 +520,7 @@ escape sequences are supported by the
policy:
.Bl -tag -width 2n
.It Li %H
expanded to the host name including the domain name (on if the
expanded to the host name including the domain name (only if the
machine's host name is fully qualified or the
.Em fqdn
option is set in
@@ -646,13 +647,12 @@ Other security policies may not support this.
.It Fl V , -version
Print the
.Nm
version string as well as the version string of the security
policy plugin and any I/O plugins.
If the invoking user is already root the
version string as well as the version string of any configured plugins.
If the invoking user is already root, the
.Fl V
option will display the arguments passed to configure when
.Nm
was built and plugins may display more verbose information such as
was built; plugins may display additional information such as
default options.
.It Fl v , -validate
Update the user's cached credentials, authenticating the user
@@ -808,7 +808,8 @@ first.
The
.Em sudoers
policy plugin will only define a close function when I/O logging
is enabled, a pty is required, or the
is enabled, a pty is required, an SELinux role is specified, the
command has an associated timeout, or the
.Em pam_session
or
.Em pam_setcred
@@ -889,7 +890,7 @@ family of functions instead of
If no I/O logging plugins are loaded and the policy plugin has not
defined a
.Fn close
function, set a command timeout or required that the command be
function, set a command timeout, or required that the command be
run in a new pty,
.Nm
may execute the command directly instead of running it as a child process.
@@ -911,7 +912,7 @@ lines,
.Nm
will use
.Xr sudoers @mansectform@
for the policy, auditing and I/O logging plugins.
for the policy, auditing, and I/O logging plugins.
See the
.Xr sudo.conf @mansectform@
manual for details of the
@@ -942,7 +943,7 @@ option, the exit value will only be 0 if the command is permitted by the
security policy, otherwise it will be 1.
.Pp
If there is an authentication failure, a configuration/permission
problem or if the given command cannot be executed,
problem, or if the given command cannot be executed,
.Nm
exits with a value of 1.
In the latter case, the error string is printed to the standard error.
@@ -1051,7 +1052,7 @@ is set.
.It Ev MAIL
Set to the mail spool of the target user when the
.Fl i
option is specified or when
option is specified, or when
.Em env_reset
is enabled in
.Em sudoers
@@ -1090,7 +1091,7 @@ Set to the login name of the target user when the
option is specified, when the
.Em set_logname
option is enabled in
.Em sudoers
.Em sudoers ,
or when the
.Em env_reset
option is enabled in

10
docs/sudo_logsrv.proto.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_LOGSRV.PROTO" "@mansectform@" "August 3, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_LOGSRV.PROTO" "@mansectform@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -124,7 +124,7 @@ An
is used to represent information about the invoking user as well as the
execution environment the command runs in the form of key-value pairs.
The key is always a string but the value may be a 64-bit integer,
a string, an array of strings or an array of 64-bit integers.
a string, an array of strings, or an array of 64-bit integers.
The event log data is composed of
\fIInfoMessage\fR
entries.
@@ -361,7 +361,7 @@ message IoBuffer {
An
\fIIoBuffer\fR
is used to represent data from terminal input, terminal
output, standard input, standard output or standard error.
output, standard input, standard output, or standard error.
It contains the following members:
.TP 8n
delay
@@ -373,7 +373,7 @@ should be calculated using a monotonic clock where possible.
.TP 8n
data
The binary I/O log data from terminal input, terminal output,
standard input, standard output or standard error.
standard input, standard output, or standard error.
.SS "ChangeWindowSize winsize_event"
.nf
.RS 0n

10
docs/sudo_logsrv.proto.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd August 3, 2021
.Dd January 19, 2022
.Dt SUDO_LOGSRV.PROTO @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -116,7 +116,7 @@ An
is used to represent information about the invoking user as well as the
execution environment the command runs in the form of key-value pairs.
The key is always a string but the value may be a 64-bit integer,
a string, an array of strings or an array of 64-bit integers.
a string, an array of strings, or an array of 64-bit integers.
The event log data is composed of
.Em InfoMessage
entries.
@@ -334,7 +334,7 @@ message IoBuffer {
An
.Em IoBuffer
is used to represent data from terminal input, terminal
output, standard input, standard output or standard error.
output, standard input, standard output, or standard error.
It contains the following members:
.Bl -tag -width Ds
.It delay
@@ -345,7 +345,7 @@ The
should be calculated using a monotonic clock where possible.
.It data
The binary I/O log data from terminal input, terminal output,
standard input, standard output or standard error.
standard input, standard output, or standard error.
.El
.Ss ChangeWindowSize winsize_event
.Bd -literal

14
docs/sudo_logsrvd.conf.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2019-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "October 16, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -31,7 +31,7 @@ log server.
It uses an INI-style format made up of sections in square brackets and
\(lqkey = value\(rq
pairs specific to each section below the section name.
Depending on the key, values may be integers, booleans or strings.
Depending on the key, values may be integers, booleans, or strings.
Section and key names are not case sensitive, but values are.
.PP
The pound sign
@@ -571,7 +571,7 @@ are set, I/O log files and directories are created with group-ID 0.
.TP 10n
iolog_mode = mode
The file mode to use when creating I/O log files.
Mode bits for read and write permissions for owner, group or other
Mode bits for read and write permissions for owner, group, or other
are honored, everything else is ignored.
The file permissions will always include the owner read and
write bits, even if they are not present in the specified mode.
@@ -612,7 +612,7 @@ The
section configures how (and if) security policy events are logged.
.TP 6n
log_type = string
Where to log accept, reject and alert events reported by the policy.
Where to log accept, reject, and alert events reported by the policy.
Supported values are
\fIsyslog\fR,
\fIlogfile\fR,
@@ -718,7 +718,7 @@ creates log messages up to 960 bytes which corresponds to the
historic
BSD
syslog implementation which used a 1024 byte buffer
to store the message, date, hostname and program name.
to store the message, date, hostname, and program name.
.sp
To prevent syslog messages from being truncated,
\fBsudo_logsrvd\fR
@@ -956,7 +956,7 @@ Sudo log server configuration file
#maxseq = 2176782336
[eventlog]
# Where to log accept, reject, exit and alert events.
# Where to log accept, reject, exit, and alert events.
# Accepted values are syslog, logfile, or none.
# Defaults to syslog
#log_type = syslog

14
docs/sudo_logsrvd.conf.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2019-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd October 16, 2021
.Dd January 19, 2022
.Dt SUDO_LOGSRVD.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -30,7 +30,7 @@ log server.
It uses an INI-style format made up of sections in square brackets and
.Dq key = value
pairs specific to each section below the section name.
Depending on the key, values may be integers, booleans or strings.
Depending on the key, values may be integers, booleans, or strings.
Section and key names are not case sensitive, but values are.
.Pp
The pound sign
@@ -505,7 +505,7 @@ nor
are set, I/O log files and directories are created with group-ID 0.
.It iolog_mode = mode
The file mode to use when creating I/O log files.
Mode bits for read and write permissions for owner, group or other
Mode bits for read and write permissions for owner, group, or other
are honored, everything else is ignored.
The file permissions will always include the owner read and
write bits, even if they are not present in the specified mode.
@@ -545,7 +545,7 @@ The
section configures how (and if) security policy events are logged.
.Bl -tag -width 4n
.It log_type = string
Where to log accept, reject and alert events reported by the policy.
Where to log accept, reject, and alert events reported by the policy.
Supported values are
.Em syslog ,
.Em logfile ,
@@ -646,7 +646,7 @@ creates log messages up to 960 bytes which corresponds to the
historic
.Bx
syslog implementation which used a 1024 byte buffer
to store the message, date, hostname and program name.
to store the message, date, hostname, and program name.
.Pp
To prevent syslog messages from being truncated,
.Nm sudo_logsrvd
@@ -884,7 +884,7 @@ Sudo log server configuration file
#maxseq = 2176782336
[eventlog]
# Where to log accept, reject, exit and alert events.
# Where to log accept, reject, exit, and alert events.
# Accepted values are syslog, logfile, or none.
# Defaults to syslog
#log_type = syslog

61
docs/sudo_plugin.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2009-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_PLUGIN" "5" "November 8, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_PLUGIN" "5" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -33,11 +33,10 @@ systems that support them) or compiled statically into the
binary itself.
By default, the
\fBsudoers\fR
policy plugin and an associated I/O logging plugin are used.
plugin provides audit, security policy and I/O logging capabilities.
Via the plugin API,
\fBsudo\fR
can be configured to use alternate policy and/or I/O logging plugins
provided by third parties.
can be configured to use alternate plugins provided by third parties.
The plugins to be used are specified in the
sudo.conf(@mansectform@)
file.
@@ -286,8 +285,7 @@ from the
\fBcheck_policy\fR()
function, which will cause
\fBsudo\fR
to print a usage message and
exit.
to print a usage message and exit.
.TP 6n
implied_shell=bool
If the user does not specify a program on the command line,
@@ -1404,7 +1402,7 @@ SELinux type to use when executing the command.
set_utmp=bool
Create a utmp (or utmpx) entry when a pseudo-terminal is allocated.
By default, the new entry will be a copy of the user's existing utmp
entry (if any), with the tty, time, type and pid fields updated.
entry (if any), with the tty, time, type, and pid fields updated.
.TP 6n
sudoedit=bool
Set to true when in
@@ -1546,7 +1544,7 @@ int (*list)(int argc, char * const argv[], int verbose,
.RS 6n
.sp
List available privileges for the invoking user.
Returns 1 on success, 0 on failure and \-1 on error.
Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
\fBconversation\fR()
or
@@ -1651,7 +1649,7 @@ function should be
\fRNULL\fR
if the plugin does not support credential caching.
.sp
Returns 1 on success, 0 on failure and \-1 on error.
Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
\fBconversation\fR()
or
@@ -1794,7 +1792,7 @@ front-end before using
\fIuser_env_out\fR.
Failure to do so may result in a crash.
.sp
Returns 1 on success, 0 on failure and \-1 on error.
Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
\fBconversation\fR()
or
@@ -1835,7 +1833,7 @@ The
\fBregister_hook\fR()
function should be used to register any supported
hooks the plugin needs.
It returns 0 on success, 1 if the hook type is not supported and \-1
It returns 0 on success, 1 if the hook type is not supported, and \-1
if the major version in
\fRstruct hook\fR
does not match the front-end's major hook API version.
@@ -2038,7 +2036,7 @@ When an I/O plugin is loaded,
runs the command in a pseudo-terminal.
This makes it possible to log the input and output from the user's
session.
If any of the standard input, standard output or standard error do not
If any of the standard input, standard output, or standard error do not
correspond to a tty,
\fBsudo\fR
will open a pipe to capture
@@ -2051,10 +2049,10 @@ The log_ttyout function receives output from the pseudo-terminal that is
suitable for replaying the user's session at a later time.
The
\fBlog_stdin\fR(),
\fBlog_stdout\fR()
\fBlog_stdout\fR(),
and
\fBlog_stderr\fR()
functions are only called if the standard input, standard output
functions are only called if the standard input, standard output,
or standard error respectively correspond to something other than
a tty.
.PP
@@ -2439,7 +2437,7 @@ the user but before it is passed to the running command.
This allows the plugin to reject data if it chooses to (for instance
if the input contains banned content).
Returns 1 if the data should be passed to the command, 0 if the data
is rejected (which will terminate the running command) or \-1 if an
is rejected (which will terminate the running command), or \-1 if an
error occurred.
.sp
The function arguments are as follows:
@@ -2499,7 +2497,7 @@ the command but before it is written to the user's terminal.
This allows the plugin to reject data if it chooses to (for instance
if the output contains banned content).
Returns 1 if the data should be passed to the user, 0 if the data is rejected
(which will terminate the running command) or \-1 if an error occurred.
(which will terminate the running command), or \-1 if an error occurred.
.sp
The function arguments are as follows:
.TP 6n
@@ -2559,8 +2557,9 @@ It is called whenever data can be read from the standard input but
before it is passed to the running command.
This allows the plugin to reject data if it chooses to
(for instance if the input contains banned content).
Returns 1 if the data should be passed to the command, 0 if the data is
rejected (which will terminate the running command) or \-1 if an error occurred.
Returns 1 if the data should be passed to the command, 0 if the
data is rejected (which will terminate the running command), or \-1
if an error occurred.
.sp
The function arguments are as follows:
.TP 6n
@@ -2620,8 +2619,9 @@ It is called whenever data can be read from the command but before
it is written to the standard output.
This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content).
Returns 1 if the data should be passed to the user, 0 if the data is
rejected (which will terminate the running command) or \-1 if an error occurred.
Returns 1 if the data should be passed to the user, 0 if the data
is rejected (which will terminate the running command), or \-1 if
an error occurred.
.sp
The function arguments are as follows:
.TP 6n
@@ -2681,8 +2681,9 @@ It is called whenever data can be read from the command but before it
is written to the standard error.
This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content).
Returns 1 if the data should be passed to the user, 0 if the data is
rejected (which will terminate the running command) or \-1 if an error occurred.
Returns 1 if the data should be passed to the user, 0 if the data
is rejected (which will terminate the running command), or \-1 if
an error occurred.
.sp
The function arguments are as follows:
.TP 6n
@@ -3009,7 +3010,7 @@ The
function may also be used to display additional error message to the user.
The
\fBconversation\fR()
function returns 0 on success and \-1 on failure.
function returns 0 on success, and \-1 on failure.
.TP 6n
plugin_printf
A pointer to a
@@ -3227,7 +3228,7 @@ front-end.
plugin_type
The type of plugin that accepted the command, currently either
\fRSUDO_POLICY_PLUGIN\fR,
\fRSUDO_POLICY_APPROVAL\fR
\fRSUDO_POLICY_APPROVAL\fR,
or
\fRSUDO_FRONT_END\fR.
The
@@ -3346,7 +3347,7 @@ The name of the plugin that rejected the command.
plugin_type
The type of plugin that rejected the command, currently either
\fRSUDO_POLICY_PLUGIN\fR,
\fRSUDO_APPROVAL_PLUGIN\fR
\fRSUDO_APPROVAL_PLUGIN\fR,
or
\fRSUDO_IO_PLUGIN\fR.
.sp
@@ -4787,12 +4788,12 @@ or
try to write the message to the user's terminal.
If the terminal is unavailable, the standard error or standard output
will be used, depending upon whether
The user's terminal is always used when possible for input,
this flag is only used for output.
\fRSUDO_CONV_ERROR_MSG\fR
or
\fRSUDO_CONV_INFO_MSG\fR
was used.
The user's terminal is always used when possible for input,
this flag is only used for output.
.PP
The
\fItimeout\fR
@@ -4891,7 +4892,7 @@ This can be used to query a group source other than the standard Unix
group database.
Two sample group plugins are bundled with
\fBsudo\fR,
\fIgroup_file\fR
\fIgroup_file\fR,
and
\fIsystem_group\fR,
are detailed in
@@ -4902,7 +4903,7 @@ A group plugin must declare and populate a
\fRsudoers_group_plugin\fR
struct in the global scope.
This structure contains pointers to the functions that implement plugin
initialization, cleanup and group lookup.
initialization, cleanup, and group lookup.
.nf
.sp
.RS 0n

61
docs/sudo_plugin.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2009-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd November 8, 2021
.Dd January 19, 2022
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -32,11 +32,10 @@ systems that support them) or compiled statically into the
binary itself.
By default, the
.Nm sudoers
policy plugin and an associated I/O logging plugin are used.
plugin provides audit, security policy and I/O logging capabilities.
Via the plugin API,
.Nm sudo
can be configured to use alternate policy and/or I/O logging plugins
provided by third parties.
can be configured to use alternate plugins provided by third parties.
The plugins to be used are specified in the
.Xr sudo.conf @mansectform@
file.
@@ -265,8 +264,7 @@ from the
.Fn check_policy
function, which will cause
.Nm sudo
to print a usage message and
exit.
to print a usage message and exit.
.It implied_shell=bool
If the user does not specify a program on the command line,
.Nm sudo
@@ -1256,7 +1254,7 @@ SELinux type to use when executing the command.
.It set_utmp=bool
Create a utmp (or utmpx) entry when a pseudo-terminal is allocated.
By default, the new entry will be a copy of the user's existing utmp
entry (if any), with the tty, time, type and pid fields updated.
entry (if any), with the tty, time, type, and pid fields updated.
.It sudoedit=bool
Set to true when in
.Em sudoedit
@@ -1380,7 +1378,7 @@ int (*list)(int argc, char * const argv[], int verbose,
.Ed
.Pp
List available privileges for the invoking user.
Returns 1 on success, 0 on failure and \-1 on error.
Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
.Fn conversation
or
@@ -1474,7 +1472,7 @@ function should be
.Dv NULL
if the plugin does not support credential caching.
.Pp
Returns 1 on success, 0 on failure and \-1 on error.
Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
.Fn conversation
or
@@ -1605,7 +1603,7 @@ front-end before using
.Em user_env_out .
Failure to do so may result in a crash.
.Pp
Returns 1 on success, 0 on failure and \-1 on error.
Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
.Fn conversation
or
@@ -1641,7 +1639,7 @@ The
.Fn register_hook
function should be used to register any supported
hooks the plugin needs.
It returns 0 on success, 1 if the hook type is not supported and \-1
It returns 0 on success, 1 if the hook type is not supported, and \-1
if the major version in
.Li struct hook
does not match the front-end's major hook API version.
@@ -1828,7 +1826,7 @@ When an I/O plugin is loaded,
runs the command in a pseudo-terminal.
This makes it possible to log the input and output from the user's
session.
If any of the standard input, standard output or standard error do not
If any of the standard input, standard output, or standard error do not
correspond to a tty,
.Nm sudo
will open a pipe to capture
@@ -1841,10 +1839,10 @@ The log_ttyout function receives output from the pseudo-terminal that is
suitable for replaying the user's session at a later time.
The
.Fn log_stdin ,
.Fn log_stdout
.Fn log_stdout ,
and
.Fn log_stderr
functions are only called if the standard input, standard output
functions are only called if the standard input, standard output,
or standard error respectively correspond to something other than
a tty.
.Pp
@@ -2192,7 +2190,7 @@ the user but before it is passed to the running command.
This allows the plugin to reject data if it chooses to (for instance
if the input contains banned content).
Returns 1 if the data should be passed to the command, 0 if the data
is rejected (which will terminate the running command) or \-1 if an
is rejected (which will terminate the running command), or \-1 if an
error occurred.
.Pp
The function arguments are as follows:
@@ -2243,7 +2241,7 @@ the command but before it is written to the user's terminal.
This allows the plugin to reject data if it chooses to (for instance
if the output contains banned content).
Returns 1 if the data should be passed to the user, 0 if the data is rejected
(which will terminate the running command) or \-1 if an error occurred.
(which will terminate the running command), or \-1 if an error occurred.
.Pp
The function arguments are as follows:
.Bl -tag -width 4n
@@ -2294,8 +2292,9 @@ It is called whenever data can be read from the standard input but
before it is passed to the running command.
This allows the plugin to reject data if it chooses to
(for instance if the input contains banned content).
Returns 1 if the data should be passed to the command, 0 if the data is
rejected (which will terminate the running command) or \-1 if an error occurred.
Returns 1 if the data should be passed to the command, 0 if the
data is rejected (which will terminate the running command), or \-1
if an error occurred.
.Pp
The function arguments are as follows:
.Bl -tag -width 4n
@@ -2346,8 +2345,9 @@ It is called whenever data can be read from the command but before
it is written to the standard output.
This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content).
Returns 1 if the data should be passed to the user, 0 if the data is
rejected (which will terminate the running command) or \-1 if an error occurred.
Returns 1 if the data should be passed to the user, 0 if the data
is rejected (which will terminate the running command), or \-1 if
an error occurred.
.Pp
The function arguments are as follows:
.Bl -tag -width 4n
@@ -2398,8 +2398,9 @@ It is called whenever data can be read from the command but before it
is written to the standard error.
This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content).
Returns 1 if the data should be passed to the user, 0 if the data is
rejected (which will terminate the running command) or \-1 if an error occurred.
Returns 1 if the data should be passed to the user, 0 if the data
is rejected (which will terminate the running command), or \-1 if
an error occurred.
.Pp
The function arguments are as follows:
.Bl -tag -width 4n
@@ -2691,7 +2692,7 @@ The
function may also be used to display additional error message to the user.
The
.Fn conversation
function returns 0 on success and \-1 on failure.
function returns 0 on success, and \-1 on failure.
.It plugin_printf
A pointer to a
.Fn printf Ns -style
@@ -2884,7 +2885,7 @@ front-end.
.It plugin_type
The type of plugin that accepted the command, currently either
.Dv SUDO_POLICY_PLUGIN ,
.Dv SUDO_POLICY_APPROVAL
.Dv SUDO_POLICY_APPROVAL ,
or
.Dv SUDO_FRONT_END .
The
@@ -2991,7 +2992,7 @@ The name of the plugin that rejected the command.
.It plugin_type
The type of plugin that rejected the command, currently either
.Dv SUDO_POLICY_PLUGIN ,
.Dv SUDO_APPROVAL_PLUGIN
.Dv SUDO_APPROVAL_PLUGIN ,
or
.Dv SUDO_IO_PLUGIN .
.Pp
@@ -4237,12 +4238,12 @@ or
try to write the message to the user's terminal.
If the terminal is unavailable, the standard error or standard output
will be used, depending upon whether
The user's terminal is always used when possible for input,
this flag is only used for output.
.Dv SUDO_CONV_ERROR_MSG
or
.Dv SUDO_CONV_INFO_MSG
was used.
The user's terminal is always used when possible for input,
this flag is only used for output.
.El
.Pp
The
@@ -4333,7 +4334,7 @@ This can be used to query a group source other than the standard Unix
group database.
Two sample group plugins are bundled with
.Nm sudo ,
.Em group_file
.Em group_file ,
and
.Em system_group ,
are detailed in
@@ -4344,7 +4345,7 @@ A group plugin must declare and populate a
.Li sudoers_group_plugin
struct in the global scope.
This structure contains pointers to the functions that implement plugin
initialization, cleanup and group lookup.
initialization, cleanup, and group lookup.
.Bd -literal
struct sudoers_group_plugin {
unsigned int version;

13
docs/sudo_plugin_python.man.in
View File

@@ -3,6 +3,7 @@
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2019-2021 Robert Manner <robert.manner@oneidentity.com>
.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +17,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_PLUGIN_PYTHON" "5" "September 17, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_PLUGIN_PYTHON" "5" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -97,7 +98,7 @@ The actual methods required depent on the type of the plugin,
but most return an
\(lqint\(rq
result code, as documented in
sudo_plugin(@mansctsu@),
sudo_plugin(@mansectsu@),
that indicates whether or not the method was successful.
The Python sudo module defines the following constants to improve readability:
.RS 4n
@@ -327,7 +328,7 @@ strings.
.sp
To accept a command, at the very minimum the plugin must set in the
\fIcommand\fR,
\fIrunas_uid\fR
\fIrunas_uid\fR,
and
\fIrunas_gid\fR
keys.
@@ -709,7 +710,7 @@ log_stderr(self, buf: str) -> int
.RS 6n
.sp
Receive the user input or output of the terminal device and
application standard input / output / error.
application standard input, standard output, or standard error.
See the matching calls in
sudo_plugin(@mansectform@).
.sp
@@ -1022,7 +1023,7 @@ front-end.
plugin_type
The type of plugin that accepted the command, currently either
\fRsudo.PLUGIN_TYPE.POLICY\fR,
\fRsudo.PLUGIN_TYPE.APPROVAL\fR
\fRsudo.PLUGIN_TYPE.APPROVAL\fR,
or
\fRsudo.PLUGIN_TYPE.SUDO\fR.
The
@@ -1082,7 +1083,7 @@ The name of the plugin that rejected the command.
plugin_type
The type of plugin that rejected the command, currently either
\fRsudo.PLUGIN_TYPE.POLICY\fR,
\fRsudo.PLUGIN_TYPE.APPROVAL\fR
\fRsudo.PLUGIN_TYPE.APPROVAL\fR,
or
\fRsudo.PLUGIN_TYPE.IO\fR.
.sp

13
docs/sudo_plugin_python.mdoc.in
View File

@@ -2,6 +2,7 @@
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2019-2021 Robert Manner <robert.manner@oneidentity.com>
.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd September 17, 2021
.Dd January 19, 2022
.Dt SUDO_PLUGIN_PYTHON @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -86,7 +87,7 @@ The actual methods required depent on the type of the plugin,
but most return an
.Dq int
result code, as documented in
.Xr sudo_plugin @mansctsu@ ,
.Xr sudo_plugin @mansectsu@ ,
that indicates whether or not the method was successful.
The Python sudo module defines the following constants to improve readability:
.Bl -column "sudo.RC.USAGE_ERROR" "XXX" -offset 4n
@@ -280,7 +281,7 @@ strings.
.Pp
To accept a command, at the very minimum the plugin must set in the
.Em command ,
.Em runas_uid
.Em runas_uid ,
and
.Em runas_gid
keys.
@@ -581,7 +582,7 @@ log_stderr(self, buf: str) -> int
.Ed
.Pp
Receive the user input or output of the terminal device and
application standard input / output / error.
application standard input, standard output, or standard error.
See the matching calls in
.Xr sudo_plugin @mansectform@ .
.Pp
@@ -817,7 +818,7 @@ front-end.
.It plugin_type
The type of plugin that accepted the command, currently either
.Dv sudo.PLUGIN_TYPE.POLICY ,
.Dv sudo.PLUGIN_TYPE.APPROVAL
.Dv sudo.PLUGIN_TYPE.APPROVAL ,
or
.Dv sudo.PLUGIN_TYPE.SUDO .
The
@@ -866,7 +867,7 @@ The name of the plugin that rejected the command.
.It plugin_type
The type of plugin that rejected the command, currently either
.Dv sudo.PLUGIN_TYPE.POLICY ,
.Dv sudo.PLUGIN_TYPE.APPROVAL
.Dv sudo.PLUGIN_TYPE.APPROVAL ,
or
.Dv sudo.PLUGIN_TYPE.IO .
.Pp

16
docs/sudoers.ldap.man.in
View File

@@ -194,7 +194,7 @@ only be allowed if the digest matches.
This may be useful in situations where the user invoking
\fBsudo\fR
has write access to the command or its parent directory.
The following digest formats are supported: sha224, sha256, sha384 and sha512.
The following digest formats are supported: sha224, sha256, sha384, and sha512.
The digest name must be followed by a colon
(\(oq:\&\(cq)
and then the actual digest, in either hex or base64 format.
@@ -369,7 +369,7 @@ A
\fRsudoRole\fR
must contain at least one
\fRsudoUser\fR,
\fRsudoHost\fR
\fRsudoHost\fR,
and
\fRsudoCommand\fR.
.PP
@@ -425,7 +425,7 @@ Match all
\fRnisNetgroup\fR
records with a
\fRnisNetgroupTriple\fR
containing the user, host and NIS domain.
containing the user, host, and NIS domain.
The query will match
\fRnisNetgroupTriple\fR
entries with either the short or long form of the host name or
@@ -461,7 +461,7 @@ For the most part, there is little need for
\fBsudo\fR-specific
Aliases.
Unix groups, non-Unix groups (via the
\fIgroup_plugin\fR)
\fIgroup_plugin\fR),
or user netgroups can be used in place of User_Aliases and Runas_Aliases.
Host netgroups can be used in place of Host_Aliases.
Since groups and netgroups can also be stored in LDAP there is no real need for
@@ -535,7 +535,7 @@ that contains multiple commands.
Multiple users and/or groups may be assigned to the
\fRsudoRole\fR.
.PP
Also, host, user, runas and command-based
Also, host, user, runas, and command-based
\fRDefaults\fR
entries are not supported.
However, a
@@ -941,9 +941,9 @@ If the
\fBSSL\fR
parameter is set to
\fRon\fR,
\fRtrue\fR
\fRor\fR
\fRyes\fR,
\fRtrue\fR,
or
\fRyes\fR
TLS (SSL) encryption is always used when communicating with the LDAP server.
Typically, this involves connecting to the server on port 636 (ldaps).
.TP 6n

16
docs/sudoers.ldap.mdoc.in
View File

@@ -186,7 +186,7 @@ only be allowed if the digest matches.
This may be useful in situations where the user invoking
.Nm sudo
has write access to the command or its parent directory.
The following digest formats are supported: sha224, sha256, sha384 and sha512.
The following digest formats are supported: sha224, sha256, sha384, and sha512.
The digest name must be followed by a colon
.Pq Ql :\&
and then the actual digest, in either hex or base64 format.
@@ -351,7 +351,7 @@ A
.Li sudoRole
must contain at least one
.Li sudoUser ,
.Li sudoHost
.Li sudoHost ,
and
.Li sudoCommand .
.Pp
@@ -404,7 +404,7 @@ Match all
.Li nisNetgroup
records with a
.Li nisNetgroupTriple
containing the user, host and NIS domain.
containing the user, host, and NIS domain.
The query will match
.Li nisNetgroupTriple
entries with either the short or long form of the host name or
@@ -440,7 +440,7 @@ For the most part, there is little need for
.Nm sudo Ns -specific
Aliases.
Unix groups, non-Unix groups (via the
.Em group_plugin )
.Em group_plugin ) ,
or user netgroups can be used in place of User_Aliases and Runas_Aliases.
Host netgroups can be used in place of Host_Aliases.
Since groups and netgroups can also be stored in LDAP there is no real need for
@@ -511,7 +511,7 @@ that contains multiple commands.
Multiple users and/or groups may be assigned to the
.Li sudoRole .
.Pp
Also, host, user, runas and command-based
Also, host, user, runas, and command-based
.Li Defaults
entries are not supported.
However, a
@@ -879,9 +879,9 @@ If the
.Sy SSL
parameter is set to
.Li on ,
.Li true
.Li or
.Li yes ,
.Li true ,
or
.Li yes
TLS (SSL) encryption is always used when communicating with the LDAP server.
Typically, this involves connecting to the server on port 636 (ldaps).
.It Sy SSL Ar start_tls

56
docs/sudoers.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "January 8, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS" "@mansectform@" "January 18, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -43,7 +43,7 @@ policy plugin.
The policy is driven by
the
\fI@sysconfdir@/sudoers\fR
file or, optionally in LDAP.
file or, optionally, in LDAP.
The policy format is described in detail in the
\fISUDOERS FILE FORMAT\fR
section.
@@ -56,14 +56,14 @@ sudoers.ldap(@mansectform@).
\fBsudo\fR
consults the
sudo.conf(@mansectform@)
file to determine which policy and I/O logging plugins to load.
file to determine which plugins to load.
If no
sudo.conf(@mansectform@)
file is present, or if it contains no
\fRPlugin\fR
lines,
\fBsudoers\fR
will be used for policy decisions and I/O logging.
will be used for auditing, policy decisions and I/O logging.
To explicitly configure
sudo.conf(@mansectform@)
to use the
@@ -300,7 +300,7 @@ for a description of the log file format.
\fBsudoers\fR
is also capable of running a command in a pseudo-terminal and logging all
input and/or output.
The standard input, standard output and standard error can be logged
The standard input, standard output, and standard error can be logged
even when not associated with a terminal.
I/O logging is not on by default but can be enabled using
the
@@ -372,7 +372,7 @@ Additional variables, such as
and
\fRTERM\fR,
are preserved from the invoking user's environment if permitted by the
\fIenv_check\fR
\fIenv_check\fR,
or
\fIenv_keep\fR
options.
@@ -846,7 +846,7 @@ non-Unix group names and IDs (prefixed with
\(oq%:\(cq
and
\(oq%:#\(cq
respectively) and
respectively), and
\fRUser_Alias\fRes.
Each list item may be prefixed with zero or more
\(oq\&!\(cq
@@ -957,7 +957,7 @@ A
\fRHost_List\fR
is made up of one or more host names, IP addresses,
network numbers, netgroups (prefixed with
\(oq+\(cq)
\(oq+\(cq),
and other aliases.
Again, the value of an item may be negated with the
\(oq\&!\(cq
@@ -1100,7 +1100,7 @@ Starting with version 1.9.0, the
\fBALL\fR
reserved word can be used in conjunction with a
\fRDigest_List\fR.
The following digest formats are supported: sha224, sha256, sha384 and sha512.
The following digest formats are supported: sha224, sha256, sha384, and sha512.
The string may be specified in either hex or base64 format
(base64 is more compact).
There are several utilities capable of generating SHA-2 digests in hex
@@ -1217,7 +1217,7 @@ operator to remove an element
that does not exist in a list.
.PP
Defaults entries are parsed in the following order: generic, host,
user and runas Defaults first, then command defaults.
user, and runas Defaults first, then command defaults.
If there are multiple Defaults settings of the same type, the last
matching setting is used.
The following Defaults settings are parsed before all others since
@@ -1586,13 +1586,13 @@ A command may have a timeout associated with it.
If the timeout expires before the command has exited, the
command will be terminated.
The timeout may be specified in combinations of days, hours,
minutes and seconds with a single-letter case-insensitive suffix
minutes, and seconds with a single-letter case-insensitive suffix
that indicates the unit of time.
For example, a timeout of 7 days, 8 hours, 30 minutes and
For example, a timeout of 7 days, 8 hours, 30 minutes, and
10 seconds would be written as
\fR7d8h30m10s\fR.
If a number is specified without a unit, seconds are assumed.
Any of the days, minutes, hours or seconds may be omitted.
Any of the days, minutes, hours, or seconds may be omitted.
The order must be from largest to smallest unit and a unit
may not be specified more than once.
.PP
@@ -1818,7 +1818,7 @@ section below.
.sp
By default,
\fBsudo\fR
requires that a user authenticate him or herself
requires that a user authenticate
before running a command.
This behavior can be modified via the
\fRNOPASSWD\fR
@@ -1933,7 +1933,7 @@ and logged just like they would be if run through
\fBsudo\fR
directly.
This is useful in conjunction with commands that allow shell escapes
such as editors, shells and paginators.
such as editors, shells, and paginators.
.sp
In the following example, user
\fBchuck\fR
@@ -1959,7 +1959,7 @@ works and whether or not it will work on your system.
allows shell-style
\fIwildcards\fR
(aka meta or glob characters)
to be used in host names, path names and command line arguments in the
to be used in host names, path names, and command line arguments in the
\fIsudoers\fR
file.
Wildcard matching is done via the
@@ -2745,7 +2745,7 @@ This flag is only effective on systems for which
\fBsudoers\fR
supports audit logging, including
FreeBSD,
Linux, macOS and Solaris.
Linux, macOS, and Solaris.
This flag is
\fIon\fR
by default.
@@ -3186,7 +3186,7 @@ This setting is only supported by version 1.9.8 or higher.
.TP 18n
netgroup_tuple
If set, netgroup lookups will be performed using the full netgroup
tuple: host name, user name and domain (if one is set).
tuple: host name, user name, and domain (if one is set).
Historically,
\fBsudo\fR
only matched the user name and domain for netgroups used in a
@@ -3549,12 +3549,12 @@ A pseudo-terminal is allocated by
\fBsudo\fR
when it is running in a terminal and one or more of the
\fIlog_input\fR,
\fIlog_output\fR
\fIlog_output\fR,
or
\fIuse_pty\fR
flags is enabled.
By default, the new entry will be a copy of the user's existing utmp
entry (if any), with the tty, time, type and pid fields updated.
entry (if any), with the tty, time, type, and pid fields updated.
This flag is
\fIon\fR
by default.
@@ -3823,7 +3823,7 @@ closefrom
Before it executes a command,
\fBsudo\fR
will close all open file descriptors other than standard input,
standard output and standard error (ie: file descriptors 0-2).
standard output, and standard error (file descriptors 0-2).
The
\fIclosefrom\fR
option can be used to specify a different file descriptor at which
@@ -3896,7 +3896,7 @@ creates log messages up to 980 bytes which corresponds to the
historic
BSD
syslog implementation which used a 1024 byte buffer
to store the message, date, hostname and program name.
to store the message, date, hostname, and program name.
To prevent syslog messages from being truncated,
\fBsudoers\fR
will split up log messages that are larger than
@@ -4178,7 +4178,7 @@ This setting is only supported by version 1.8.19 or higher.
.TP 18n
iolog_mode
The file mode to use when creating I/O log files.
Mode bits for read and write permissions for owner, group or other
Mode bits for read and write permissions for owner, group, or other
are honored, everything else is ignored.
The file permissions will always include the owner read and
write bits, even if they are not present in the specified mode.
@@ -4935,7 +4935,7 @@ It is only possible to use
\fIrunchroot\fR
as a command-specific Defaults setting if the command exists with
the same path both inside and outside the chroot jail.
This restriction does not apply to generic, host or user-based
This restriction does not apply to generic, host, or user-based
Defaults settings or to a
\fICmnd_Spec\fR
that includes a
@@ -6304,7 +6304,7 @@ The user
may run any command on any machine except for those in the
\fISERVERS\fR
\fRHost_Alias\fR
(primary, mail, www and ns).
(primary, mail, www, and ns).
.nf
.sp
.RS 0n
@@ -6460,7 +6460,7 @@ allow shell escapes, which lets a user bypass
\fBsudo\fR's
access control and logging.
Common programs that permit shell escapes include shells (obviously),
editors, paginators, mail and terminal programs.
editors, paginators, mail, and terminal programs.
.PP
There are four basic approaches to this problem:
.TP 10n
@@ -6850,7 +6850,7 @@ The priorities used by
\fBsudoers\fR,
in order of decreasing severity,
are:
\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR,
and
\fIdebug\fR.
Each priority, when specified, also includes all priorities higher
@@ -6898,7 +6898,7 @@ LDAP-based sudoers
logging support
.TP 10n
\fImatch\fR
matching of users, groups, hosts and netgroups in the
matching of users, groups, hosts, and netgroups in the
\fIsudoers\fR
file
.TP 10n

56
docs/sudoers.mdoc.in
View File

@@ -24,7 +24,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.Dd January 8, 2022
.Dd January 18, 2022
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -42,7 +42,7 @@ policy plugin.
The policy is driven by
the
.Pa @sysconfdir@/sudoers
file or, optionally in LDAP.
file or, optionally, in LDAP.
The policy format is described in detail in the
.Sx SUDOERS FILE FORMAT
section.
@@ -55,14 +55,14 @@ in LDAP, please see
.Nm sudo
consults the
.Xr sudo.conf @mansectform@
file to determine which policy and I/O logging plugins to load.
file to determine which plugins to load.
If no
.Xr sudo.conf @mansectform@
file is present, or if it contains no
.Li Plugin
lines,
.Nm
will be used for policy decisions and I/O logging.
will be used for auditing, policy decisions and I/O logging.
To explicitly configure
.Xr sudo.conf @mansectform@
to use the
@@ -289,7 +289,7 @@ for a description of the log file format.
.Nm
is also capable of running a command in a pseudo-terminal and logging all
input and/or output.
The standard input, standard output and standard error can be logged
The standard input, standard output, and standard error can be logged
even when not associated with a terminal.
I/O logging is not on by default but can be enabled using
the
@@ -361,7 +361,7 @@ Additional variables, such as
and
.Ev TERM ,
are preserved from the invoking user's environment if permitted by the
.Em env_check
.Em env_check ,
or
.Em env_keep
options.
@@ -815,7 +815,7 @@ non-Unix group names and IDs (prefixed with
.Ql %:
and
.Ql %:#
respectively) and
respectively), and
.Li User_Alias Ns es.
Each list item may be prefixed with zero or more
.Ql \&!
@@ -919,7 +919,7 @@ A
.Li Host_List
is made up of one or more host names, IP addresses,
network numbers, netgroups (prefixed with
.Ql + )
.Ql + ) ,
and other aliases.
Again, the value of an item may be negated with the
.Ql \&!
@@ -1059,7 +1059,7 @@ Starting with version 1.9.0, the
.Sy ALL
reserved word can be used in conjunction with a
.Li Digest_List .
The following digest formats are supported: sha224, sha256, sha384 and sha512.
The following digest formats are supported: sha224, sha256, sha384, and sha512.
The string may be specified in either hex or base64 format
(base64 is more compact).
There are several utilities capable of generating SHA-2 digests in hex
@@ -1167,7 +1167,7 @@ operator to remove an element
that does not exist in a list.
.Pp
Defaults entries are parsed in the following order: generic, host,
user and runas Defaults first, then command defaults.
user, and runas Defaults first, then command defaults.
If there are multiple Defaults settings of the same type, the last
matching setting is used.
The following Defaults settings are parsed before all others since
@@ -1502,13 +1502,13 @@ A command may have a timeout associated with it.
If the timeout expires before the command has exited, the
command will be terminated.
The timeout may be specified in combinations of days, hours,
minutes and seconds with a single-letter case-insensitive suffix
minutes, and seconds with a single-letter case-insensitive suffix
that indicates the unit of time.
For example, a timeout of 7 days, 8 hours, 30 minutes and
For example, a timeout of 7 days, 8 hours, 30 minutes, and
10 seconds would be written as
.Li 7d8h30m10s .
If a number is specified without a unit, seconds are assumed.
Any of the days, minutes, hours or seconds may be omitted.
Any of the days, minutes, hours, or seconds may be omitted.
The order must be from largest to smallest unit and a unit
may not be specified more than once.
.Pp
@@ -1724,7 +1724,7 @@ section below.
.sp
By default,
.Nm sudo
requires that a user authenticate him or herself
requires that a user authenticate
before running a command.
This behavior can be modified via the
.Li NOPASSWD
@@ -1829,7 +1829,7 @@ and logged just like they would be if run through
.Nm sudo
directly.
This is useful in conjunction with commands that allow shell escapes
such as editors, shells and paginators.
such as editors, shells, and paginators.
.Pp
In the following example, user
.Sy chuck
@@ -1851,7 +1851,7 @@ works and whether or not it will work on your system.
allows shell-style
.Em wildcards
(aka meta or glob characters)
to be used in host names, path names and command line arguments in the
to be used in host names, path names, and command line arguments in the
.Em sudoers
file.
Wildcard matching is done via the
@@ -2589,7 +2589,7 @@ This flag is only effective on systems for which
.Nm
supports audit logging, including
.Fx ,
Linux, macOS and Solaris.
Linux, macOS, and Solaris.
This flag is
.Em on
by default.
@@ -3001,7 +3001,7 @@ by default.
This setting is only supported by version 1.9.8 or higher.
.It netgroup_tuple
If set, netgroup lookups will be performed using the full netgroup
tuple: host name, user name and domain (if one is set).
tuple: host name, user name, and domain (if one is set).
Historically,
.Nm sudo
only matched the user name and domain for netgroups used in a
@@ -3343,12 +3343,12 @@ A pseudo-terminal is allocated by
.Nm sudo
when it is running in a terminal and one or more of the
.Em log_input ,
.Em log_output
.Em log_output ,
or
.Em use_pty
flags is enabled.
By default, the new entry will be a copy of the user's existing utmp
entry (if any), with the tty, time, type and pid fields updated.
entry (if any), with the tty, time, type, and pid fields updated.
This flag is
.Em on
by default.
@@ -3602,7 +3602,7 @@ by default.
Before it executes a command,
.Nm sudo
will close all open file descriptors other than standard input,
standard output and standard error (ie: file descriptors 0-2).
standard output, and standard error (file descriptors 0-2).
The
.Em closefrom
option can be used to specify a different file descriptor at which
@@ -3670,7 +3670,7 @@ creates log messages up to 980 bytes which corresponds to the
historic
.Bx
syslog implementation which used a 1024 byte buffer
to store the message, date, hostname and program name.
to store the message, date, hostname, and program name.
To prevent syslog messages from being truncated,
.Nm
will split up log messages that are larger than
@@ -3933,7 +3933,7 @@ are set, I/O log files and directories are created with group-ID 0.
This setting is only supported by version 1.8.19 or higher.
.It iolog_mode
The file mode to use when creating I/O log files.
Mode bits for read and write permissions for owner, group or other
Mode bits for read and write permissions for owner, group, or other
are honored, everything else is ignored.
The file permissions will always include the owner read and
write bits, even if they are not present in the specified mode.
@@ -4606,7 +4606,7 @@ It is only possible to use
.Em runchroot
as a command-specific Defaults setting if the command exists with
the same path both inside and outside the chroot jail.
This restriction does not apply to generic, host or user-based
This restriction does not apply to generic, host, or user-based
Defaults settings or to a
.Em Cmnd_Spec
that includes a
@@ -5831,7 +5831,7 @@ The user
may run any command on any machine except for those in the
.Em SERVERS
.Li Host_Alias
(primary, mail, www and ns).
(primary, mail, www, and ns).
.Bd -literal
jill SERVERS = /usr/bin/, !SU, !SHELLS
.Ed
@@ -5966,7 +5966,7 @@ allow shell escapes, which lets a user bypass
.Nm sudo Ns 's
access control and logging.
Common programs that permit shell escapes include shells (obviously),
editors, paginators, mail and terminal programs.
editors, paginators, mail, and terminal programs.
.Pp
There are four basic approaches to this problem:
.Bl -tag -width 8n
@@ -6339,7 +6339,7 @@ The priorities used by
.Nm ,
in order of decreasing severity,
are:
.Em crit , err , warn , notice , diag , info , trace
.Em crit , err , warn , notice , diag , info , trace ,
and
.Em debug .
Each priority, when specified, also includes all priorities higher
@@ -6379,7 +6379,7 @@ LDAP-based sudoers
.It Em logging
logging support
.It Em match
matching of users, groups, hosts and netgroups in the
matching of users, groups, hosts, and netgroups in the
.Em sudoers
file
.It Em netif

10
docs/sudoreplay.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2009-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDOREPLAY" "@mansectsu@" "August 13, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "SUDOREPLAY" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -89,7 +89,7 @@ list mode.
In list mode,
\fBsudoreplay\fR
can be used to find the ID of a session based on a number of criteria
such as the user, tty or command run.
such as the user, tty, or command run.
.PP
In replay mode, if the standard input and output are connected to a terminal
and the
@@ -131,7 +131,7 @@ instead of the default,
Select which I/O type(s) to display.
By default,
\fBsudoreplay\fR
will display the command's standard output, standard error and tty output.
will display the command's standard output, standard error, and tty output.
The
\fIfilter\fR
argument is a comma-separated list, consisting of one or more of following:
@@ -241,7 +241,7 @@ Predicates may be abbreviated to the shortest unique string.
.sp
Predicates may be combined using
\fIand\fR,
\fIor\fR
\fIor\fR,
and
\fI\&!\fR
operators as well as

10
docs/sudoreplay.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 2009-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" Copyright (c) 2009-2022 Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd August 13, 2021
.Dd January 19, 2022
.Dt SUDOREPLAY @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -87,7 +87,7 @@ list mode.
In list mode,
.Nm
can be used to find the ID of a session based on a number of criteria
such as the user, tty or command run.
such as the user, tty, or command run.
.Pp
In replay mode, if the standard input and output are connected to a terminal
and the
@@ -126,7 +126,7 @@ instead of the default,
Select which I/O type(s) to display.
By default,
.Nm
will display the command's standard output, standard error and tty output.
will display the command's standard output, standard error, and tty output.
The
.Ar filter
argument is a comma-separated list, consisting of one or more of following:
@@ -222,7 +222,7 @@ Predicates may be abbreviated to the shortest unique string.
.Pp
Predicates may be combined using
.Em and ,
.Em or
.Em or ,
and
.Em \&!
operators as well as

21
docs/visudo.man.in
View File

@@ -2,7 +2,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 1996,1998-2005, 2007-2021
.\" Copyright (c) 1996,1998-2005, 2007-2022
.\" Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "VISUDO" "@mansectsu@" "November 6, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "VISUDO" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -71,10 +71,7 @@ The
option should be used with extreme caution because if
\fBvisudo\fR
believes there to be a syntax error, so will
\fBsudo\fR
and no one will be able to run
\fBsudo\fR
again until the error is fixed.
\fBsudo\fR.
If
\(oqe\(cq
is typed to edit the
@@ -96,7 +93,7 @@ separated list of editors allowed to be used with
\fBvisudo\fR
will choose the editor that matches the user's
\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
\fRVISUAL\fR,
or
\fREDITOR\fR
environment variable if possible, or the first editor in the
@@ -105,7 +102,7 @@ Note that
\fBsudo\fR
does not preserve the
\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
\fRVISUAL\fR,
or
\fREDITOR\fR
environment variables unless they are present in the
@@ -126,7 +123,7 @@ If set,
\fBvisudo\fR
will use the value of the
\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
\fRVISUAL\fR,
or
\fREDITOR\fR
environment variables before falling back on the default editor list.
@@ -143,7 +140,7 @@ variable.
\fBvisudo\fR
will then only use
\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
\fRVISUAL\fR,
or
\fREDITOR\fR
if they match a value specified in
@@ -152,7 +149,7 @@ If the
\fIenv_reset\fR
flag is enabled, the
\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
\fRVISUAL\fR,
and/or
\fREDITOR\fR
environment variables must be present in the
@@ -307,7 +304,7 @@ will also parse the arguments to the
\fIsudoers\fR
plugin to override the default
\fIsudoers\fR
path name, UID, GID and file mode.
path name, UID, GID, and file mode.
These arguments, if present, should be listed after the path to the plugin
(i.e., after
\fIsudoers.so\fR).

21
docs/visudo.mdoc.in
View File

@@ -1,7 +1,7 @@
.\"
.\" SPDX-License-Identifier: ISC
.\"
.\" Copyright (c) 1996,1998-2005, 2007-2021
.\" Copyright (c) 1996,1998-2005, 2007-2022
.\" Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -20,7 +20,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd November 6, 2021
.Dd January 19, 2022
.Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -69,10 +69,7 @@ The
option should be used with extreme caution because if
.Nm
believes there to be a syntax error, so will
.Nm sudo
and no one will be able to run
.Nm sudo
again until the error is fixed.
.Nm sudo .
If
.Ql e
is typed to edit the
@@ -94,7 +91,7 @@ separated list of editors allowed to be used with
.Nm
will choose the editor that matches the user's
.Ev SUDO_EDITOR ,
.Ev VISUAL
.Ev VISUAL ,
or
.Ev EDITOR
environment variable if possible, or the first editor in the
@@ -103,7 +100,7 @@ Note that
.Nm sudo
does not preserve the
.Ev SUDO_EDITOR ,
.Ev VISUAL
.Ev VISUAL ,
or
.Ev EDITOR
environment variables unless they are present in the
@@ -123,7 +120,7 @@ If set,
.Nm
will use the value of the
.Ev SUDO_EDITOR ,
.Ev VISUAL
.Ev VISUAL ,
or
.Ev EDITOR
environment variables before falling back on the default editor list.
@@ -140,7 +137,7 @@ variable.
.Nm
will then only use
.Ev SUDO_EDITOR ,
.Ev VISUAL
.Ev VISUAL ,
or
.Ev EDITOR
if they match a value specified in
@@ -149,7 +146,7 @@ If the
.Em env_reset
flag is enabled, the
.Ev SUDO_EDITOR ,
.Ev VISUAL
.Ev VISUAL ,
and/or
.Ev EDITOR
environment variables must be present in the
@@ -299,7 +296,7 @@ will also parse the arguments to the
.Em sudoers
plugin to override the default
.Em sudoers
path name, UID, GID and file mode.
path name, UID, GID, and file mode.
These arguments, if present, should be listed after the path to the plugin
(i.e., after
.Pa sudoers.so ) .

4
examples/sudo.conf.in
View File

@@ -129,10 +129,10 @@
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
#
# Sudo and related programs support logging debug information to a file.
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
#
# Subsystems vary based on the program; "all" matches all subsystems.
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
# Multiple subsystem@priority may be specified, separated by a comma.
#
#Debug sudo /var/log/sudo_debug all@debug

2
examples/sudo_logsrvd.conf
View File

@@ -187,7 +187,7 @@
#maxseq = 2176782336
[eventlog]
# Where to log accept, reject, exit and alert events.
# Where to log accept, reject, exit, and alert events.
# Accepted values are syslog, logfile, or none.
# Defaults to syslog
#log_type = syslog