isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use numeric registers to handle conditionals instead of trying

Browse Source 
to do it all with text processing.
This commit is contained in:
Todd C. Miller
2010-05-25 16:13:04 -04:00
parent 5dd8e98ec7
commit 807d1313a5
13 changed files with 217 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configure vendored
View File

@@ -2811,9 +2811,9 @@ PROGS="sudo"
: ${SUDOERS_GID='0'} : ${SUDOERS_GID='0'}
DEV="#" DEV="#"
LDAP="#" LDAP="#"
BAMAN='.\" ' BAMAN=0
LCMAN='.\" ' LCMAN=0
SEMAN='.\" ' SEMAN=0
ZLIB= ZLIB=
AUTH_OBJS= AUTH_OBJS=
AUTH_REG= AUTH_REG=
@@ -5421,7 +5421,7 @@ if test "${with_selinux+set}" = set; then :
SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_LIBS="${SUDO_LIBS} -lselinux"
SUDO_OBJS="${SUDO_OBJS} selinux.o" SUDO_OBJS="${SUDO_OBJS} selinux.o"
PROGS="${PROGS} sesh" PROGS="${PROGS} sesh"
SEMAN="" SEMAN=1
;; ;;
no) ;; no) ;;
*) as_fn_error "\"--with-selinux does not take an argument.\"" "$LINENO" 5 *) as_fn_error "\"--with-selinux does not take an argument.\"" "$LINENO" 5
@@ -13969,7 +13969,7 @@ if test "x$ac_cv_header_login_cap_h" = x""yes; then :
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
#define HAVE_LOGIN_CAP_H 1 #define HAVE_LOGIN_CAP_H 1
_ACEOF _ACEOF
LOGINCAP_USAGE='[-c class|-] '; LCMAN="" LOGINCAP_USAGE='[-c class|-] '; LCMAN=1
case "$OS" in case "$OS" in
freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
;; ;;
@@ -16143,7 +16143,7 @@ if test "x$ac_cv_header_bsd_auth_h" = x""yes; then :
AUTH_OBJS="$AUTH_OBJS bsdauth.lo" AUTH_OBJS="$AUTH_OBJS bsdauth.lo"
BSDAUTH_USAGE='[-a auth_type] ' BSDAUTH_USAGE='[-a auth_type] '
AUTH_EXCL=BSD_AUTH; BAMAN="" AUTH_EXCL=BSD_AUTH; BAMAN=1
else else
as_fn_error "BSD authentication was specified but bsd_auth.h could not be found" "$LINENO" 5 as_fn_error "BSD authentication was specified but bsd_auth.h could not be found" "$LINENO" 5
fi fi

12
configure.in
View File

@@ -135,9 +135,9 @@ PROGS="sudo"
: ${SUDOERS_GID='0'} : ${SUDOERS_GID='0'}
DEV="#" DEV="#"
LDAP="#" LDAP="#"
BAMAN='.\" ' BAMAN=0
LCMAN='.\" ' LCMAN=0
SEMAN='.\" ' SEMAN=0
ZLIB= ZLIB=
AUTH_OBJS= AUTH_OBJS=
AUTH_REG= AUTH_REG=
@@ -1272,7 +1272,7 @@ AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])
SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_LIBS="${SUDO_LIBS} -lselinux"
SUDO_OBJS="${SUDO_OBJS} selinux.o" SUDO_OBJS="${SUDO_OBJS} selinux.o"
PROGS="${PROGS} sesh" PROGS="${PROGS} sesh"
SEMAN="" SEMAN=1
;; ;;
no) ;; no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."]) *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
@@ -1851,7 +1851,7 @@ else
AC_CHECK_HEADERS(termio.h, [], [AC_MSG_ERROR([Must have either termios.h or termio.h to build sudo])]) AC_CHECK_HEADERS(termio.h, [], [AC_MSG_ERROR([Must have either termios.h or termio.h to build sudo])])
fi fi
if test ${with_logincap-'no'} != "no"; then if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN="" AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in case "$OS" in
freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
;; ;;
@@ -2140,7 +2140,7 @@ if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
[BSDAUTH_USAGE='[[-a auth_type]] '] [BSDAUTH_USAGE='[[-a auth_type]] ']
[AUTH_EXCL=BSD_AUTH; BAMAN=""], [AUTH_EXCL=BSD_AUTH; BAMAN=1],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi fi

86
doc/sudo.man.in
View File

@@ -18,6 +18,10 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.nr SL @SEMAN@
.nr BA @BAMAN@
.nr LC @LCMAN@
.\"
.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
.\" .\"
.\" Standard preamble: .\" Standard preamble:
@@ -144,7 +148,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO @mansectsu@" .IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "May 11, 2010" "1.8.0a1" "MAINTENANCE COMMANDS" .TH SUDO @mansectsu@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -156,31 +160,31 @@ sudo, sudoedit \- execute a command as another user
\&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR \&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR
.PP .PP
\&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR] \&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR] .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-D\fR\ \fIlevel\fR] [\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
.PP .PP
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR] \&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR] .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-D\fR\ \fIlevel\fR] [\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-U\fR\ \fIuser\ name\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fIcommand\fR] [\fB\-U\fR\ \fIuser\ name\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fIcommand\fR]
.PP .PP
\&\fBsudo\fR [\fB\-AbEHnPS\fR] \&\fBsudo\fR [\fB\-AbEHnPS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR] .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR] [\fB\-C\fR\ \fIfd\fR]
[\fB\-D\fR\ \fIlevel\fR] [\fB\-D\fR\ \fIlevel\fR]
@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] .if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
@SEMAN@[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] .if \n(SL [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
[\fB\s-1VAR\s0\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] [\fIcommand\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] [\fIcommand\fR]
.PP .PP
\&\fBsudoedit\fR [\fB\-AnS\fR] \&\fBsudoedit\fR [\fB\-AnS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR] .if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR] [\fB\-C\fR\ \fIfd\fR]
@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] .if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-D\fR\ \fIlevel\fR] [\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] file ... [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] file ...
@@ -242,14 +246,16 @@ user's password and output the password to the standard output. If
the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the
path to the helper program. Otherwise, the value specified by the path to the helper program. Otherwise, the value specified by the
\&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used. \&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used.
@BAMAN@.IP "\-a \fItype\fR" 12 .if \n(BA \{\
@BAMAN@.IX Item "-a type" .IP "\-a \fItype\fR" 12
@BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the .IX Item "-a type"
@BAMAN@specified authentication type when validating the user, as allowed The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
@BAMAN@by \fI/etc/login.conf\fR. The system administrator may specify a list specified authentication type when validating the user, as allowed
@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R" by \fI/etc/login.conf\fR. The system administrator may specify a list
@BAMAN@entry in \fI/etc/login.conf\fR. This option is only available on systems of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
@BAMAN@that support \s-1BSD\s0 authentication. entry in \fI/etc/login.conf\fR. This option is only available on systems
that support \s-1BSD\s0 authentication.
\}
.IP "\-b" 12 .IP "\-b" 12
.IX Item "-b" .IX Item "-b"
The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
@@ -264,17 +270,19 @@ above the standard error (file descriptor three). Values less than
three are not permitted. This option is only available if the three are not permitted. This option is only available if the
administrator has enabled the \fIclosefrom_override\fR option in administrator has enabled the \fIclosefrom_override\fR option in
\&\fIsudoers\fR\|(@mansectform@). \&\fIsudoers\fR\|(@mansectform@).
@LCMAN@.IP "\-c \fIclass\fR" 12 .if \n(LC \{\
@LCMAN@.IX Item "-c class" .IP "\-c \fIclass\fR" 12
@LCMAN@The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command .IX Item "-c class"
@LCMAN@with resources limited by the specified login class. The \fIclass\fR The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
@LCMAN@argument can be either a class name as defined in \fI/etc/login.conf\fR, with resources limited by the specified login class. The \fIclass\fR
@LCMAN@or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates argument can be either a class name as defined in \fI/etc/login.conf\fR,
@LCMAN@that the command should be run restricted by the default login or a single '\-' character. Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
@LCMAN@capabilities for the user the command is run as. If the \fIclass\fR that the command should be run restricted by the default login
@LCMAN@argument specifies an existing user class, the command must be run capabilities for the user the command is run as. If the \fIclass\fR
@LCMAN@as root, or the \fBsudo\fR command must be run from a shell that is already argument specifies an existing user class, the command must be run
@LCMAN@root. This option is only available on systems with \s-1BSD\s0 login classes. as root, or the \fBsudo\fR command must be run from a shell that is already
root. This option is only available on systems with \s-1BSD\s0 login classes.
\}
.IP "\-D \fIlevel\fR" 12 .IP "\-D \fIlevel\fR" 12
.IX Item "-D level" .IX Item "-D level"
Enable debugging of \fBsudo\fR plugins and \fBsudo\fR itself. The \fIlevel\fR Enable debugging of \fBsudo\fR plugins and \fBsudo\fR itself. The \fIlevel\fR
@@ -435,10 +443,12 @@ The prompt specified by the \fB\-p\fR option will override the system
password prompt on systems that support \s-1PAM\s0 unless the password prompt on systems that support \s-1PAM\s0 unless the
\&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR. \&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR.
.RE .RE
@SEMAN@.IP "\-r \fIrole\fR" 12 .if \n(SL \{\
@SEMAN@.IX Item "-r role" .IP "\-r \fIrole\fR" 12
@SEMAN@The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to .IX Item "-r role"
@SEMAN@have the role specified by \fIrole\fR. The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to
have the role specified by \fIrole\fR.
\}
.IP "\-S" 12 .IP "\-S" 12
.IX Item "-S" .IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
@@ -450,11 +460,13 @@ The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\
environment variable if it is set or the shell as specified in environment variable if it is set or the shell as specified in
\&\fIpasswd\fR\|(@mansectform@). If a command is specified, it is passed to the shell \&\fIpasswd\fR\|(@mansectform@). If a command is specified, it is passed to the shell
for execution. Otherwise, an interactive shell is executed. for execution. Otherwise, an interactive shell is executed.
@SEMAN@.IP "\-t \fItype\fR" 12 .if \n(SL \{\
@SEMAN@.IX Item "-t type" .IP "\-t \fItype\fR" 12
@SEMAN@The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to .IX Item "-t type"
@SEMAN@have the type specified by \fItype\fR. If no type is specified, the default The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to
@SEMAN@type is derived from the specified role. have the type specified by \fItype\fR. If no type is specified, the default
type is derived from the specified role.
\}
.IP "\-U \fIuser\fR" 12 .IP "\-U \fIuser\fR" 12
.IX Item "-U user" .IX Item "-U user"
The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR
@@ -727,7 +739,7 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.SH "SEE ALSO" .SH "SEE ALSO"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
@LCMAN@\&\fIlogin_cap\fR\|(3), .if \n(LC \&\fIlogin_cap\fR\|(3),
\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@) \&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@)
.SH "AUTHORS" .SH "AUTHORS"
.IX Header "AUTHORS" .IX Header "AUTHORS"

35
doc/sudo.man.pl
View File

@@ -1,23 +1,32 @@
#!/usr/bin/perl -p #!/usr/bin/perl -p
BEGIN { BEGIN {
%tags = ( 'a', '@BAMAN@', 'c', '@LCMAN@', 'r', '@SEMAN@', 't', '@SEMAN@'); %tags = ( 'a', 'BA', 'c', 'LC', 'r', 'SL', 't', 'SL');
$t = undef; $cond = -1;
} }
if (/^\.IP(.*-([acrt]))?/) {
$t = $1 ? $tags{$2} : undef; # Initialize the numeric register we use for conditionals
} elsif (/-a.*auth_type/) { if ($cond == -1) {
$_ = $tags{'a'} . $_; $_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.\\\"\n$_";
$cond = 0;
}
# Add conditionals
if (/^\.IP.*-([acrt])/) {
$_ = ".if \\n($tags{$1} \\{\\\n$_";
$cond = 1;
} elsif ($cond && /^\.(Sh|SS|IP|PP)/) {
$_ = "\\}\n$_";
$cond = 0;
}
if (/-a.*auth_type/) {
$_ = ".if \\n($tags{'a'} $_";
} elsif (/(-c.*class.*\||login_cap)/) { } elsif (/(-c.*class.*\||login_cap)/) {
$_ = $tags{'c'} . $_; $_ = ".if \\n($tags{'c'} $_";
} elsif (/-r.*role.*-t.*type/) { } elsif (/-r.*role.*-t.*type/) {
$_ = $tags{'r'} . $_; $_ = ".if \\n($tags{'r'} $_";
} }
# Fix up broken pod2man formatting of F<@foo@/bar> # Fix up broken pod2man formatting of F<@foo@/bar>
s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g; s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g;
# comment out Compile-time-specific lines in DESCRIPTION
if ($t) {
$_ = $t . $_;
}

70
doc/sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0a1 April 7, 2010 1 1.8.0a1 May 25, 2010 1
@@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 2 1.8.0a1 May 25, 2010 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 3 1.8.0a1 May 25, 2010 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 4 1.8.0a1 May 25, 2010 4
@@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 5 1.8.0a1 May 25, 2010 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 6 1.8.0a1 May 25, 2010 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 7 1.8.0a1 May 25, 2010 7
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 8 1.8.0a1 May 25, 2010 8
@@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.8.0a1 April 7, 2010 9 1.8.0a1 May 25, 2010 9
@@ -615,7 +615,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
alternative is to place a colon-separated list of alternative is to place a colon-separated list of
editors in the editor variable. vviissuuddoo will then only editors in the editor variable. vviissuuddoo will then only
use the EDITOR or VISUAL if they match a value use the EDITOR or VISUAL if they match a value
specified in editor. This flag is _o_n by default. specified in editor. This flag is _o_f_f by default.
env_reset If set, ssuuddoo will reset the environment to only contain env_reset If set, ssuuddoo will reset the environment to only contain
the LOGNAME, SHELL, USER, USERNAME and the SUDO_* the LOGNAME, SHELL, USER, USERNAME and the SUDO_*
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 10 1.8.0a1 May 25, 2010 10
@@ -675,7 +675,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ignore_dot If set, ssuuddoo will ignore '.' or '' (current dir) in the ignore_dot If set, ssuuddoo will ignore '.' or '' (current dir) in the
PATH environment variable; the PATH itself is not PATH environment variable; the PATH itself is not
modified. This flag is _o_n by default. modified. This flag is _o_f_f by default.
ignore_local_sudoers ignore_local_sudoers
If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be
@@ -691,7 +691,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
_o_f_f by default. _o_f_f by default.
insults If set, ssuuddoo will insult users when they enter an insults If set, ssuuddoo will insult users when they enter an
incorrect password. This flag is _o_n by default. incorrect password. This flag is _o_f_f by default.
log_host If set, the host name will be logged in the (non- log_host If set, the host name will be logged in the (non-
syslog) ssuuddoo log file. This flag is _o_f_f by default. syslog) ssuuddoo log file. This flag is _o_f_f by default.
@@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 11 1.8.0a1 May 25, 2010 11
@@ -758,10 +758,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
passprompt_override passprompt_override
The password prompt specified by _p_a_s_s_p_r_o_m_p_t will The password prompt specified by _p_a_s_s_p_r_o_m_p_t will
normally only be used if the password prompt provided by normally only be used if the password prompt provided
systems such as PAM matches the string "Password:". If by systems such as PAM matches the string "Password:".
_p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always be If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always
used. This flag is _o_f_f by default. be used. This flag is _o_f_f by default.
preserve_groups By default, ssuuddoo will initialize the group vector to preserve_groups By default, ssuuddoo will initialize the group vector to
the list of groups the target user is in. When the list of groups the target user is in. When
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 12 1.8.0a1 May 25, 2010 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 13 1.8.0a1 May 25, 2010 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 14 1.8.0a1 May 25, 2010 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 15 1.8.0a1 May 25, 2010 15
@@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 16 1.8.0a1 May 25, 2010 16
@@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 17 1.8.0a1 May 25, 2010 17
@@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 18 1.8.0a1 May 25, 2010 18
@@ -1196,7 +1196,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
option is not set by default. option is not set by default.
syslog Syslog facility if syslog is being used for logging (negate syslog Syslog facility if syslog is being used for logging (negate
to disable syslog logging). Defaults to authpriv. to disable syslog logging). Defaults to local2.
verifypw This option controls when a password will be required when verifypw This option controls when a password will be required when
a user runs ssuuddoo with the --vv option. It has the following a user runs ssuuddoo with the --vv option. It has the following
@@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 19 1.8.0a1 May 25, 2010 19
@@ -1315,7 +1315,7 @@ EEXXAAMMPPLLEESS
1.8.0a1 April 7, 2010 20 1.8.0a1 May 25, 2010 20
@@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 21 1.8.0a1 May 25, 2010 21
@@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 22 1.8.0a1 May 25, 2010 22
@@ -1513,7 +1513,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0a1 April 7, 2010 23 1.8.0a1 May 25, 2010 23
@@ -1579,7 +1579,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
1.8.0a1 April 7, 2010 24 1.8.0a1 May 25, 2010 24
@@ -1616,7 +1616,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
approach is to give the user permission to run ssuuddooeeddiitt. approach is to give the user permission to run ssuuddooeeddiitt.
SSEEEE AALLSSOO SSEEEE AALLSSOO
_r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_u_d_o(1m), _v_i_s_u_d_o(1m)
CCAAVVEEAATTSS CCAAVVEEAATTSS
The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which
@@ -1645,7 +1645,7 @@ DDIISSCCLLAAIIMMEERR
1.8.0a1 April 7, 2010 25 1.8.0a1 May 25, 2010 25
@@ -1711,6 +1711,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0a1 April 7, 2010 26 1.8.0a1 May 25, 2010 26

26
doc/sudoers.ldap.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.7.3b2 December 19, 2009 1 1.8.0a1 May 25, 2010 1
@@ -127,7 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 2 1.8.0a1 May 25, 2010 2
@@ -193,7 +193,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 3 1.8.0a1 May 25, 2010 3
@@ -259,7 +259,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 4 1.8.0a1 May 25, 2010 4
@@ -325,7 +325,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 5 1.8.0a1 May 25, 2010 5
@@ -391,7 +391,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 6 1.8.0a1 May 25, 2010 6
@@ -457,7 +457,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 7 1.8.0a1 May 25, 2010 7
@@ -523,7 +523,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 8 1.8.0a1 May 25, 2010 8
@@ -589,7 +589,7 @@ EEXXAAMMPPLLEESS
1.7.3b2 December 19, 2009 9 1.8.0a1 May 25, 2010 9
@@ -655,7 +655,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 10 1.8.0a1 May 25, 2010 10
@@ -721,7 +721,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.3b2 December 19, 2009 11 1.8.0a1 May 25, 2010 11
@@ -745,7 +745,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
) )
SSEEEE AALLSSOO SSEEEE AALLSSOO
_l_d_a_p_._c_o_n_f(4), _s_u_d_o_e_r_s(5) _l_d_a_p_._c_o_n_f(4), _s_u_d_o_e_r_s(4)
CCAAVVEEAATTSS CCAAVVEEAATTSS
The way that _s_u_d_o_e_r_s is parsed differs between Note that there are The way that _s_u_d_o_e_r_s is parsed differs between Note that there are
@@ -787,6 +787,6 @@ DDIISSCCLLAAIIMMEERR
1.7.3b2 December 19, 2009 12 1.8.0a1 May 25, 2010 12

4
doc/sudoers.ldap.man.in
View File

@@ -140,7 +140,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS.LDAP @mansectform@" .IX Title "SUDOERS.LDAP @mansectform@"
.TH SUDOERS.LDAP @mansectform@ "December 19, 2009" "1.7.3b2" "MAINTENANCE COMMANDS" .TH SUDOERS.LDAP @mansectform@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -790,7 +790,7 @@ schema directory (e.g. \fI/etc/openldap/schema\fR), add the proper
.Ve .Ve
.SH "SEE ALSO" .SH "SEE ALSO"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIldap.conf\fR\|(@mansectform@), \fIsudoers\fR\|(5) \&\fIldap.conf\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@)
.SH "CAVEATS" .SH "CAVEATS"
.IX Header "CAVEATS" .IX Header "CAVEATS"
The way that \fIsudoers\fR is parsed differs between Note that there The way that \fIsudoers\fR is parsed differs between Note that there

64
doc/sudoers.man.in
View File

@@ -18,6 +18,10 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.nr SL @SEMAN@
.nr BA @BAMAN@
.nr LC @LCMAN@
.\"
.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
.\" .\"
.\" Standard preamble: .\" Standard preamble:
@@ -144,7 +148,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS @mansectform@" .IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "April 7, 2010" "1.8.0a1" "MAINTENANCE COMMANDS" .TH SUDOERS @mansectform@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -403,10 +407,15 @@ See \*(L"\s-1SUDOERS\s0 \s-1OPTIONS\s0\*(R" for a list of supported Defaults par
\& Cmnd_Spec_List ::= Cmnd_Spec | \& Cmnd_Spec_List ::= Cmnd_Spec |
\& Cmnd_Spec \*(Aq,\*(Aq Cmnd_Spec_List \& Cmnd_Spec \*(Aq,\*(Aq Cmnd_Spec_List
\& \&
\& Cmnd_Spec ::= Runas_Spec? Tag_Spec* Cmnd .ie \n(SL \& Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
.el \& Cmnd_Spec ::= Runas_Spec? Tag_Spec* Cmnd
\& \&
\& Runas_Spec ::= \*(Aq(\*(Aq Runas_List? (\*(Aq:\*(Aq Runas_List)? \*(Aq)\*(Aq \& Runas_Spec ::= \*(Aq(\*(Aq Runas_List? (\*(Aq:\*(Aq Runas_List)? \*(Aq)\*(Aq
\& \&
.if \n(SL \{\
\& SELinux_Spec ::= (\*(AqROLE=role\*(Aq | \*(AqTYPE=type\*(Aq)
\&
\}
\& Tag_Spec ::= (\*(AqNOPASSWD:\*(Aq | \*(AqPASSWD:\*(Aq | \*(AqNOEXEC:\*(Aq | \*(AqEXEC:\*(Aq | \& Tag_Spec ::= (\*(AqNOPASSWD:\*(Aq | \*(AqPASSWD:\*(Aq | \*(AqNOEXEC:\*(Aq | \*(AqEXEC:\*(Aq |
\& \*(AqSETENV:\*(Aq | \*(AqNOSETENV:\*(Aq | \*(AqTRANSCRIPT:\*(Aq | \*(AqNOTRANSCRIPT:\*(Aq) \& \*(AqSETENV:\*(Aq | \*(AqNOSETENV:\*(Aq | \*(AqTRANSCRIPT:\*(Aq | \*(AqNOTRANSCRIPT:\*(Aq)
.Ve .Ve
@@ -475,6 +484,15 @@ only the group will be set, the command still runs as user \fBtcm\fR.
\& tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \e \& tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \e
\& /usr/local/bin/minicom \& /usr/local/bin/minicom
.Ve .Ve
.if \n(SL \{\
.SS "SELinux_Spec"
.IX Subsection "SELinux_Spec"
On systems with SELinux support, \fIsudoers\fR entries may optionally have
an SELinux role and/or type associated with a command. If a role or
type is specified with the command it will override any default values
specified in \fIsudoers\fR. A role or type specified on the command line,
however, will supercede the values in \fIsudoers\fR.
\}
.SS "Tag_Spec" .SS "Tag_Spec"
.IX Subsection "Tag_Spec" .IX Subsection "Tag_Spec"
A command may have zero or more tags associated with it. There are A command may have zero or more tags associated with it. There are
@@ -979,11 +997,13 @@ umask in \fIsudoers\fR than the user's own umask and matches historical
behavior. If \fIumask_override\fR is not set, \fBsudo\fR will set the behavior. If \fIumask_override\fR is not set, \fBsudo\fR will set the
umask to be the union of the user's umask and what is specified in umask to be the union of the user's umask and what is specified in
\&\fIsudoers\fR. This flag is \fIoff\fR by default. \&\fIsudoers\fR. This flag is \fIoff\fR by default.
@LCMAN@.IP "use_loginclass" 16 .if \n(LC \{\
@LCMAN@.IX Item "use_loginclass" .IP "use_loginclass" 16
@LCMAN@If set, \fBsudo\fR will apply the defaults specified for the target user's .IX Item "use_loginclass"
@LCMAN@login class if one exists. Only available if \fBsudo\fR is configured with If set, \fBsudo\fR will apply the defaults specified for the target user's
@LCMAN@the \-\-with\-logincap option. This flag is \fIoff\fR by default. login class if one exists. Only available if \fBsudo\fR is configured with
the \-\-with\-logincap option. This flag is \fIoff\fR by default.
\}
.IP "visiblepw" 16 .IP "visiblepw" 16
.IX Item "visiblepw" .IX Item "visiblepw"
By default, \fBsudo\fR will refuse to run if the user must enter a By default, \fBsudo\fR will refuse to run if the user must enter a
@@ -1100,12 +1120,14 @@ two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW
.Sp .Sp
The default value is \f(CW\*(C`@passprompt@\*(C'\fR. The default value is \f(CW\*(C`@passprompt@\*(C'\fR.
.RE .RE
@SEMAN@.IP "role" 16 .if \n(SL \{\
@SEMAN@.IX Item "role" .IP "role" 16
@SEMAN@The default SELinux role to use when constructing a new security .IX Item "role"
@SEMAN@context to run the command. The default role may be overridden on The default SELinux role to use when constructing a new security
@SEMAN@a per-command basis in \fIsudoers\fR or via command line options. context to run the command. The default role may be overridden on
@SEMAN@This option is only available whe \fBsudo\fR is built with SELinux support. a per-command basis in \fIsudoers\fR or via command line options.
This option is only available whe \fBsudo\fR is built with SELinux support.
\}
.IP "runas_default" 16 .IP "runas_default" 16
.IX Item "runas_default" .IX Item "runas_default"
The default user to run commands as if the \fB\-u\fR option is not specified The default user to run commands as if the \fB\-u\fR option is not specified
@@ -1133,12 +1155,14 @@ The default is \fI@timedir@\fR.
.IX Item "timestampowner" .IX Item "timestampowner"
The owner of the timestamp directory and the timestamps stored therein. The owner of the timestamp directory and the timestamps stored therein.
The default is \f(CW\*(C`root\*(C'\fR. The default is \f(CW\*(C`root\*(C'\fR.
@SEMAN@.IP "type" 16 .if \n(SL \{\
@SEMAN@.IX Item "type" .IP "type" 16
@SEMAN@The default SELinux type to use when constructing a new security .IX Item "type"
@SEMAN@context to run the command. The default type may be overridden on The default SELinux type to use when constructing a new security
@SEMAN@a per-command basis in \fIsudoers\fR or via command line options. context to run the command. The default type may be overridden on
@SEMAN@This option is only available whe \fBsudo\fR is built with SELinux support. a per-command basis in \fIsudoers\fR or via command line options.
This option is only available whe \fBsudo\fR is built with SELinux support.
\}
.PP .PP
\&\fBStrings that can be used in a boolean context\fR: \&\fBStrings that can be used in a boolean context\fR:
.IP "askpass" 12 .IP "askpass" 12
@@ -1665,7 +1689,7 @@ editor, a safer approach is to give the user permission to run
\&\fBsudoedit\fR. \&\fBsudoedit\fR.
.SH "SEE ALSO" .SH "SEE ALSO"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8) \&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
.SH "CAVEATS" .SH "CAVEATS"
.IX Header "CAVEATS" .IX Header "CAVEATS"
The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR

42
doc/sudoers.man.pl
View File

@@ -1,25 +1,39 @@
#!/usr/bin/perl -p #!/usr/bin/perl -p
BEGIN { BEGIN {
$t = undef; $cond = -1;
} }
if (/^\./) { # Initialize the numeric register we use for conditionals
if (/^\.I[PX].*use_loginclass/) { if ($cond == -1) {
$t = '@LCMAN@'; $_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.\\\"\n$_";
} elsif (/^\.I[PX].*(role|type)/) { $cond = 0;
$t = '@SEMAN@'; }
} else {
$t = undef; # Make SELinux_Spec conditional
} if (/(.*)SELinux_Spec\? (.*)$/) {
$_ = ".ie \\n(SL $_.el $1$2\n";
} elsif (/^(.*SELinux_Spec ::=)/) {
$_ = ".if \\n(SL \\{\\\n$_";
} elsif (/^(.*Tag_Spec ::=)/) {
$_ = "\\}\n$_";
}
if (/^\.S[Sh] "SELinux_Spec"/) {
$_ = ".if \\n(SL \\{\\\n$_";
$cond = 1;
} elsif (/^\.IP "(role|type)"/) {
$_ = ".if \\n(SL \\{\\\n$_";
$cond = 1;
} elsif (/^\.IP "use_loginclass"/) {
$_ = ".if \\n(LC \\{\\\n$_";
$cond = 1;
} elsif ($cond && /^\.(Sh|SS|IP|PP)/) {
$_ = "\\}\n$_";
$cond = 0;
} }
# Fix up broken pod2man formatting of F<@foo@/bar> # Fix up broken pod2man formatting of F<@foo@/bar>
s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g; s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g;
s/\\f\(\CW\@([^\@]*)\\fR\@/\@$1\@/g; s/\\f\(\CW\@([^\@]*)\\fR\@/\@$1\@/g;
#\f(CW@secure_path\fR@ #\f(CW@secure_path\fR@
# Comment out Compile-time-specific lines in DESCRIPTION
if ($t) {
$_ = $t . $_;
}

10
doc/sudoreplay.cat
View File

@@ -61,7 +61,7 @@ OOPPTTIIOONNSS
1.7.3b2 December 19, 2009 1 1.8.0a1 May 25, 2010 1
@@ -127,7 +127,7 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
1.7.3b2 December 19, 2009 2 1.8.0a1 May 25, 2010 2
@@ -193,7 +193,7 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
1.7.3b2 December 19, 2009 3 1.8.0a1 May 25, 2010 3
@@ -259,7 +259,7 @@ SSUUPPPPOORRTT
1.7.3b2 December 19, 2009 4 1.8.0a1 May 25, 2010 4
@@ -325,6 +325,6 @@ DDIISSCCLLAAIIMMEERR
1.7.3b2 December 19, 2009 5 1.8.0a1 May 25, 2010 5

2
doc/sudoreplay.man.in
View File

@@ -139,7 +139,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOREPLAY @mansectsu@" .IX Title "SUDOREPLAY @mansectsu@"
.TH SUDOREPLAY @mansectsu@ "December 19, 2009" "1.7.3b2" "MAINTENANCE COMMANDS" .TH SUDOREPLAY @mansectsu@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l

8
doc/visudo.cat
View File

@@ -61,7 +61,7 @@ OOPPTTIIOONNSS
1.7.3b2 December 19, 2009 1 1.8.0a1 May 25, 2010 1
@@ -120,14 +120,14 @@ DDIIAAGGNNOOSSTTIICCSS
--ss (strict) mode this is an error, not a warning. --ss (strict) mode this is an error, not a warning.
SSEEEE AALLSSOO SSEEEE AALLSSOO
_v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(1m)
AAUUTTHHOORR AAUUTTHHOORR
Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo
1.7.3b2 December 19, 2009 2 1.8.0a1 May 25, 2010 2
@@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR
1.7.3b2 December 19, 2009 3 1.8.0a1 May 25, 2010 3

4
doc/visudo.man.in
View File

@@ -144,7 +144,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "VISUDO @mansectsu@" .IX Title "VISUDO @mansectsu@"
.TH VISUDO @mansectsu@ "December 19, 2009" "1.7.3b2" "MAINTENANCE COMMANDS" .TH VISUDO @mansectsu@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -268,7 +268,7 @@ used. You may wish to comment out or remove the unused alias. In
\&\fB\-s\fR (strict) mode this is an error, not a warning. \&\fB\-s\fR (strict) mode this is an error, not a warning.
.SH "SEE ALSO" .SH "SEE ALSO"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8) \&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(@mansectsu@)
.SH "AUTHOR" .SH "AUTHOR"
.IX Header "AUTHOR" .IX Header "AUTHOR"
Many people have worked on \fIsudo\fR over the years; this version of Many people have worked on \fIsudo\fR over the years; this version of