Document new resource limit settings.

2021-11-09 13:33:39 -07:00
parent 7c8746bc70
commit 6f7f8601e4
2 changed files with 288 additions and 2 deletions
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "October 26, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "November 8, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -607,6 +607,86 @@ file grammar will be described below in Extended Backus-Naur
 Form (EBNF).
 Don't despair if you are unfamiliar with EBNF; it is fairly simple,
 and the definitions below are annotated.
 .SS "Resource limits"
 By default,
 \fBsudoers\fR
 uses the operating system's native method of setting resource limits
 for the target user.
 On Linux systems, resource limits are usually set by the
 \fRpam_limits.so\fR
 PAM module.
 On some BSD systems, the
 \fI/etc/login.conf\fR
 file specifies resource limits for the user.
 On AIX systems, resource limits are configured in the
 \fI/etc/security/limits\fR
 file.
 If there is no system mechanism to set per-user resource limits,
 the command will run with the same limits as the invoking user.
 The one exception to this is the core dump file size, which is set by
 \fBsudoers\fR
 to 0 by default.
 Disabling core dumps by default makes it possible to avoid potential
 security problems where the core file is treated as trusted input.
 .PP
 Resource limits may also be set in the
 \fIsudoers\fR
 file itself, in which case they override those set by the system.
 See the
 \fIrlimit_as,\fR
 \fIrlimit_core,\fR
 \fIrlimit_cpu,\fR
 \fIrlimit_data,\fR
 \fIrlimit_fsize,\fR
 \fIrlimit_locks,\fR
 \fIrlimit_memlock,\fR
 \fIrlimit_nofile,\fR
 \fIrlimit_nproc,\fR
 \fIrlimit_rss,\fR
 \fIrlimit_stack\fR
 options described below.
 Resource limits in
 \fBsudoers\fR
 may be specified in one of the following formats:
 .TP 8n
 \(lqvalue\(rq
 Both the soft and hard resource limits are set to the same value.
 The special value
 \(lqinfinity\(rq
 can be used to indicate that the value is unlimited.
 .TP 8n
 \(lqsoft,hard\(rq
 Two comma-separated values.
 The soft limit is set to the first value and the hard limit is set
 to the second.
 Both values must either be enclosed in a set of double quotes,
 or the comma must be escaped with a backslash
 (\(oq\e\(cq).
 The special value
 \(lqinfinity\(rq
 may be used in place of either value.
 .TP 8n
 \(lqdefault\(rq
 The default resource limit for the user will be used.
 This may be a user-specific value (see above) or the value of the
 resource limit when
 \fBsudo\fR
 was invoked for systems that don't support per-user limits.
 .TP 8n
 \(lquser\(rq
 The invoking user's resource limits will be preserved when running
 the command.
 .PP
 For example, to restore the historic core dump file size behavior,
 a line like the following may be used.
 .sp
 .RS 6n
 Defaults rlimit_core=default
 .RE
 .PP
 Resource limits in
 \fBsudoers\fR
 are only supported by version 1.8.7 or higher.
 .SS "Quick guide to EBNF"
 EBNF is a concise and exact way of describing the grammar of a language.
 Each EBNF definition is made up of
@@ -4713,6 +4793,77 @@ sign.
 Defaults to
 \fR@mailto@\fR.
 .TP 14n
 rlimit_as
 The maximum size to which the process's address space may grow (in bytes),
 if supported by the operating system.
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_core
 The largest size core dump file that may be created (in bytes).
 See
 \fIResource limits\fR
 for more information.
 Defaults to 0 (no core dump created).
 .TP 14n
 rlimit_cpu
 The maximum amount of CPU time that the process may use (in seconds).
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_data
 The maximum size of the data segment for the process (in bytes).
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_fsize
 The largest size file that the process may create (in bytes).
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_locks
 The maximum number of locks that the process may establish,
 if supported by the operating system.
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_memlock
 The maximum size that the process may lock in memory (in bytes),
 if supported by the operating system.
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_nofile
 .br
 The maximum number of files that the process may have open.
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_nproc
 The maximum number of processes that the user may run simultaneously.
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_rss
 The maximum size to which the process's resident set size may grow (in bytes).
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 rlimit_stack
 The maximum size to which the process's stack may grow (in bytes).
 See
 \fIResource limits\fR
 for more information.
 .TP 14n
 restricted_env_file
 The
 \fIrestricted_env_file\fR
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd October 26, 2021
+.Dd November 8, 2021
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -593,6 +593,82 @@ file grammar will be described below in Extended Backus-Naur
 Form (EBNF).
 Don't despair if you are unfamiliar with EBNF; it is fairly simple,
 and the definitions below are annotated.
 .Ss Resource limits
 By default,
 .Nm
 uses the operating system's native method of setting resource limits
 for the target user.
 On Linux systems, resource limits are usually set by the
 .Li pam_limits.so
 PAM module.
 On some BSD systems, the
 .Pa /etc/login.conf
 file specifies resource limits for the user.
 On AIX systems, resource limits are configured in the
 .Pa /etc/security/limits
 file.
 If there is no system mechanism to set per-user resource limits,
 the command will run with the same limits as the invoking user.
 The one exception to this is the core dump file size, which is set by
 .Nm
 to 0 by default.
 Disabling core dumps by default makes it possible to avoid potential
 security problems where the core file is treated as trusted input.
 .Pp
 Resource limits may also be set in the
 .Em sudoers
 file itself, in which case they override those set by the system.
 See the
 .Em rlimit_as,
 .Em rlimit_core,
 .Em rlimit_cpu,
 .Em rlimit_data,
 .Em rlimit_fsize,
 .Em rlimit_locks,
 .Em rlimit_memlock,
 .Em rlimit_nofile,
 .Em rlimit_nproc,
 .Em rlimit_rss,
 .Em rlimit_stack
 options described below.
 Resource limits in
 .Nm
 may be specified in one of the following formats:
 .Bl -tag -width 6n
 .It Dq value
 Both the soft and hard resource limits are set to the same value.
 The special value
 .Dq infinity
 can be used to indicate that the value is unlimited.
 .It Dq soft,hard
 Two comma-separated values.
 The soft limit is set to the first value and the hard limit is set
 to the second.
 Both values must either be enclosed in a set of double quotes,
 or the comma must be escaped with a backslash
 .Pq Ql \e .
 The special value
 .Dq infinity
 may be used in place of either value.
 .It Dq default
 The default resource limit for the user will be used.
 This may be a user-specific value (see above) or the value of the
 resource limit when
 .Nm sudo
 was invoked for systems that don't support per-user limits.
 .It Dq user
 The invoking user's resource limits will be preserved when running
 the command.
 .El
 .Pp
 For example, to restore the historic core dump file size behavior,
 a line like the following may be used.
 .sp
 .Dl Defaults rlimit_core=default
 .Pp
 Resource limits in
 .Nm
 are only supported by version 1.8.7 or higher.
 .Ss Quick guide to EBNF
 EBNF is a concise and exact way of describing the grammar of a language.
 Each EBNF definition is made up of
@@ -4402,6 +4478,65 @@ interpreting the
 sign.
 Defaults to
 .Li @mailto@ .
 .It rlimit_as
 The maximum size to which the process's address space may grow (in bytes),
 if supported by the operating system.
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_core
 The largest size core dump file that may be created (in bytes).
 See
 .Sx "Resource limits"
 for more information.
 Defaults to 0 (no core dump created).
 .It rlimit_cpu
 The maximum amount of CPU time that the process may use (in seconds).
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_data
 The maximum size of the data segment for the process (in bytes).
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_fsize
 The largest size file that the process may create (in bytes).
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_locks
 The maximum number of locks that the process may establish,
 if supported by the operating system.
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_memlock
 The maximum size that the process may lock in memory (in bytes),
 if supported by the operating system.
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_nofile
 The maximum number of files that the process may have open.
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_nproc
 The maximum number of processes that the user may run simultaneously.
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_rss
 The maximum size to which the process's resident set size may grow (in bytes).
 See
 .Sx "Resource limits"
 for more information.
 .It rlimit_stack
 The maximum size to which the process's stack may grow (in bytes).
 See
 .Sx "Resource limits"
 for more information.
 .It restricted_env_file
 The
 .Em restricted_env_file