Expand section on Solaris privileges.

2012-08-02 21:11:25 -04:00
parent e7d1f8d54f
commit 61dfad9c52
3 changed files with 85 additions and 0 deletions
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -441,6 +441,26 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
     privileges or limit privileges are specified with the command it will
     override any default values specified in _s_u_d_o_e_r_s.

+     A privilege set is a comma-separated list of privilege names.  The
+     ppriv(1) command can be used to list all privileges known to the system.
+     For example:
+
+     $ ppriv -l
+
+     In addition, there are several ``special'' privilege strings:
+
+     none      the empty set
+
+     all       the set of all privileges
+
+     zone      the set of all privileges available in the current zone
+
+     basic     the default set of privileges normal users are granted at login
+               time
+
+     Privileges can be excluded from a set by prefixing the privilege name
+     with either an `!' or `-' character.
+
   TTaagg__SSppeecc
     A command may have zero or more tags associated with it.  There are ten
     possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -964,6 +964,41 @@ privilege set associated with a command.
 If privileges or limit privileges are specified with the command
 it will override any default values specified in
 \fIsudoers\fR.
+.PP
+A privilege set is a comma-separated list of privilege names.
+The
+ppriv(1)
+command can be used to list all privileges known to the system.
+For example:
+.nf
+.sp
+.RS 0n
+$ ppriv -l
+.RE
+.fi
+.PP
+In addition, there are several
+``special''
+privilege strings:
+.TP 10n
+none
+the empty set
+.TP 10n
+all
+the set of all privileges
+.TP 10n
+zone
+the set of all privileges available in the current zone
+.TP 10n
+basic
+the default set of privileges normal users are granted at login time
+.PP
+Privileges can be excluded from a set by prefixing the privilege
+name with either an
+`\&!'
+or
+`\-'
+character.
 .SS "Tag_Spec"
 A command may have zero or more tags associated with it.
 There are
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -911,6 +911,36 @@ privilege set associated with a command.
 If privileges or limit privileges are specified with the command
 it will override any default values specified in
 .Em sudoers .
+.Pp
+A privilege set is a comma-separated list of privilege names.
+The
+.Xr ppriv 1
+command can be used to list all privileges known to the system.
+For example:
+.Bd -literal
+$ ppriv -l
+.Ed
+.Pp
+In addition, there are several
+.Dq special
+privilege strings:
+.Bl -tag -width 8n
+.It none
+the empty set
+.It all
+the set of all privileges
+.It zone
+the set of all privileges available in the current zone
+.It basic
+the default set of privileges normal users are granted at login time
+.El
+.Pp
+Privileges can be excluded from a set by prefixing the privilege
+name with either an
+.Ql \&!
+or
+.Ql \-
+character.
 .Ss Tag_Spec
 A command may have zero or more tags associated with it.
 There are