From 3040bf54c99ed1baa9e7006be2fed3d5fa71f80e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 20 Dec 2022 09:18:46 -0700 Subject: [PATCH] Mention the "list" privilege in the description of the -U option. --- docs/sudo.man.in | 17 ++++++++++++----- docs/sudo.mdoc.in | 17 ++++++++++++----- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/docs/sudo.man.in b/docs/sudo.man.in index 4dd91544a..f86a57031 100644 --- a/docs/sudo.man.in +++ b/docs/sudo.man.in @@ -555,7 +555,8 @@ Not all security policies support credential caching. If no \fIcommand\fR is specified, list the privileges for the invoking user (or the -user specified by the +\fIuser\fR +specified by the \fB\-U\fR option) on the current host. A longer list format is used if this option is specified multiple times @@ -737,11 +738,17 @@ instead of for the invoking user. The security policy may restrict listing other users' privileges. When using the \fIsudoers\fR -policy, only root or a user with the ability to run any -\fIcommand\fR -as either root or the specified +policy, the +\fB\-U\fR +option is restricted to the root user and users with either the +\(lqlist\(rq +priviege for the specified \fIuser\fR -on the current host may use this option. +or the ability to run any +\fIcommand\fR +as root or +\fIuser\fR +on the current host. .TP 12n \fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR Used to set a timeout for the diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in index 405f6c437..cb174c382 100644 --- a/docs/sudo.mdoc.in +++ b/docs/sudo.mdoc.in @@ -529,7 +529,8 @@ Not all security policies support credential caching. If no .Ar command is specified, list the privileges for the invoking user (or the -user specified by the +.Ar user +specified by the .Fl U option) on the current host. A longer list format is used if this option is specified multiple times @@ -688,11 +689,17 @@ instead of for the invoking user. The security policy may restrict listing other users' privileges. When using the .Em sudoers -policy, only root or a user with the ability to run any -.Ar command -as either root or the specified +policy, the +.Fl U +option is restricted to the root user and users with either the +.Dq list +priviege for the specified .Ar user -on the current host may use this option. +or the ability to run any +.Ar command +as root or +.Ar user +on the current host. .It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout Used to set a timeout for the .Ar command .