isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand section on Solaris privileges.

Browse Source
This commit is contained in:
Todd C. Miller
2012-08-02 21:11:25 -04:00
parent e7d1f8d54f
commit 61dfad9c52
3 changed files with 85 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
doc/sudoers.cat
View File

@@ -441,6 +441,26 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
privileges or limit privileges are specified with the command it will privileges or limit privileges are specified with the command it will
override any default values specified in _s_u_d_o_e_r_s. override any default values specified in _s_u_d_o_e_r_s.
A privilege set is a comma-separated list of privilege names. The
ppriv(1) command can be used to list all privileges known to the system.
For example:
$ ppriv -l
In addition, there are several ``special'' privilege strings:
none the empty set
all the set of all privileges
zone the set of all privileges available in the current zone
basic the default set of privileges normal users are granted at login
time
Privileges can be excluded from a set by prefixing the privilege name
with either an `!' or `-' character.
TTaagg__SSppeecc TTaagg__SSppeecc
A command may have zero or more tags associated with it. There are ten A command may have zero or more tags associated with it. There are ten
possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV, possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,

35
doc/sudoers.man.in
View File

@@ -964,6 +964,41 @@ privilege set associated with a command.
If privileges or limit privileges are specified with the command If privileges or limit privileges are specified with the command
it will override any default values specified in it will override any default values specified in
\fIsudoers\fR. \fIsudoers\fR.
.PP
A privilege set is a comma-separated list of privilege names.
The
ppriv(1)
command can be used to list all privileges known to the system.
For example:
.nf
.sp
.RS 0n
$ ppriv -l
.RE
.fi
.PP
In addition, there are several
``special''
privilege strings:
.TP 10n
none
the empty set
.TP 10n
all
the set of all privileges
.TP 10n
zone
the set of all privileges available in the current zone
.TP 10n
basic
the default set of privileges normal users are granted at login time
.PP
Privileges can be excluded from a set by prefixing the privilege
name with either an
`\&!'
or
`\-'
character.
.SS "Tag_Spec" .SS "Tag_Spec"
A command may have zero or more tags associated with it. A command may have zero or more tags associated with it.
There are There are

30
doc/sudoers.mdoc.in
View File

@@ -911,6 +911,36 @@ privilege set associated with a command.
If privileges or limit privileges are specified with the command If privileges or limit privileges are specified with the command
it will override any default values specified in it will override any default values specified in
.Em sudoers . .Em sudoers .
.Pp
A privilege set is a comma-separated list of privilege names.
The
.Xr ppriv 1
command can be used to list all privileges known to the system.
For example:
.Bd -literal
$ ppriv -l
.Ed
.Pp
In addition, there are several
.Dq special
privilege strings:
.Bl -tag -width 8n
.It none
the empty set
.It all
the set of all privileges
.It zone
the set of all privileges available in the current zone
.It basic
the default set of privileges normal users are granted at login time
.El
.Pp
Privileges can be excluded from a set by prefixing the privilege
name with either an
.Ql \&!
or
.Ql \-
character.
.Ss Tag_Spec .Ss Tag_Spec
A command may have zero or more tags associated with it. A command may have zero or more tags associated with it.
There are There are