isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sudo now stashes tty ctime for tty_tickets on Solaris too.

Browse Source
This commit is contained in:
Todd C. Miller
2010-06-03 08:32:53 -04:00
parent fd1765b562
commit 59e2925374
3 changed files with 30 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
doc/sudo.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0a2 May 28, 2010 1 1.8.0a2 June 3, 2010 1
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.8.0a2 May 28, 2010 2 1.8.0a2 June 3, 2010 2
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 May 28, 2010 3 1.8.0a2 June 3, 2010 3
@@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 May 28, 2010 4 1.8.0a2 June 3, 2010 4
@@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 May 28, 2010 5 1.8.0a2 June 3, 2010 5
@@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0a2 May 28, 2010 6 1.8.0a2 June 3, 2010 6
@@ -447,17 +447,17 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
modification time is within 5 minutes (or whatever the timeout is set modification time is within 5 minutes (or whatever the timeout is set
to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled in _s_u_d_o_e_r_s, the to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled in _s_u_d_o_e_r_s, the
time stamp has per-tty granularity but still may outlive the user's time stamp has per-tty granularity but still may outlive the user's
session. On Linux systems where the devpts filesystem is used, as well session. On Linux systems where the devpts filesystem is used, Solaris
as other systems that utilize a devfs filesystem that monotonically systems with the devices filesystem, as well as other systems that
increase the inode number of devices as they are created (such as Mac utilize a devfs filesystem that monotonically increase the inode number
OS X), ssuuddoo is able to determine when a tty-based time stamp file is of devices as they are created (such as Mac OS X), ssuuddoo is able to
stale and will ignore it. Administrators should not rely on this determine when a tty-based time stamp file is stale and will ignore it.
feature as it is not universally available. Administrators should not rely on this feature as it is not universally
available.
1.8.0a2 June 3, 2010 7
1.8.0a2 May 28, 2010 7
@@ -523,7 +523,7 @@ FFIILLEESS
1.8.0a2 May 28, 2010 8 1.8.0a2 June 3, 2010 8
@@ -589,7 +589,7 @@ CCAAVVEEAATTSS
1.8.0a2 May 28, 2010 9 1.8.0a2 June 3, 2010 9
@@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0a2 May 28, 2010 10 1.8.0a2 June 3, 2010 10

14
doc/sudo.man.in
View File

@@ -148,7 +148,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO @mansectsu@" .IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "May 28, 2010" "1.8.0a2" "MAINTENANCE COMMANDS" .TH SUDO @mansectsu@ "June 3, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -590,12 +590,12 @@ stamp file's modification time is within \f(CW\*(C`@timeout@\*(C'\fR minutes (or
whatever the timeout is set to in \fIsudoers\fR). When the \fItty_tickets\fR whatever the timeout is set to in \fIsudoers\fR). When the \fItty_tickets\fR
option is enabled in \fIsudoers\fR, the time stamp has per-tty granularity option is enabled in \fIsudoers\fR, the time stamp has per-tty granularity
but still may outlive the user's session. On Linux systems where but still may outlive the user's session. On Linux systems where
the devpts filesystem is used, as well as other systems that utilize the devpts filesystem is used, Solaris systems with the devices
a devfs filesystem that monotonically increase the inode number of filesystem, as well as other systems that utilize a devfs filesystem
devices as they are created (such as Mac \s-1OS\s0 X), \fBsudo\fR is able to that monotonically increase the inode number of devices as they are
determine when a tty-based time stamp file is stale and will ignore created (such as Mac \s-1OS\s0 X), \fBsudo\fR is able to determine when a
it. Administrators should not rely on this feature as it is not tty-based time stamp file is stale and will ignore it. Administrators
universally available. should not rely on this feature as it is not universally available.
.PP .PP
Please note that \fBsudo\fR will normally only log the command it Please note that \fBsudo\fR will normally only log the command it
explicitly runs. If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or explicitly runs. If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or

12
doc/sudo.pod
View File

@@ -493,12 +493,12 @@ stamp file's modification time is within C<@timeout@> minutes (or
whatever the timeout is set to in I<sudoers>). When the I<tty_tickets> whatever the timeout is set to in I<sudoers>). When the I<tty_tickets>
option is enabled in I<sudoers>, the time stamp has per-tty granularity option is enabled in I<sudoers>, the time stamp has per-tty granularity
but still may outlive the user's session. On Linux systems where but still may outlive the user's session. On Linux systems where
the devpts filesystem is used, as well as other systems that utilize the devpts filesystem is used, Solaris systems with the devices
a devfs filesystem that monotonically increase the inode number of filesystem, as well as other systems that utilize a devfs filesystem
devices as they are created (such as Mac OS X), B<sudo> is able to that monotonically increase the inode number of devices as they are
determine when a tty-based time stamp file is stale and will ignore created (such as Mac OS X), B<sudo> is able to determine when a
it. Administrators should not rely on this feature as it is not tty-based time stamp file is stale and will ignore it. Administrators
universally available. should not rely on this feature as it is not universally available.
Please note that B<sudo> will normally only log the command it Please note that B<sudo> will normally only log the command it
explicitly runs. If a user runs a command such as C<sudo su> or explicitly runs. If a user runs a command such as C<sudo su> or