diff --git a/INSTALL.md b/INSTALL.md index c71ee9bf3..90ec39f50 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -11,9 +11,9 @@ about the `configure` script itself. ## System requirements To build sudo from the source distribution you need a POSIX-compliant -operating system (any modern version of BSD, Linux or Unix should work), +operating system (any modern version of BSD, Linux, or Unix should work), an ANSI/ISO C compiler that supports the "long long" type, variadic -macros (a C99 feature) as well as the ar, make and ranlib utilities. +macros (a C99 feature) as well as the ar, make, and ranlib utilities. If you wish to modify the parser then you will need flex version 2.5.2 or later and either bison or byacc (sudo comes with a @@ -97,10 +97,10 @@ Defaults are listed in brackets after the description. This includes the executables and plugins. [same as PREFIX] --bindir=DIR - Install cvtsudoers, sudo, sudoedit and sudoreplay in DIR. [EPREFIX/bin] + Install cvtsudoers, sudo, sudoedit, and sudoreplay in DIR. [EPREFIX/bin] --sbindir=DIR - Install sudo_logsrvd, sudo_sendlog and visudo in DIR. [EPREFIX/sbin] + Install sudo_logsrvd, sudo_sendlog, and visudo in DIR. [EPREFIX/sbin] --libexecdir=DIR Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] @@ -245,8 +245,8 @@ Defaults are listed in brackets after the description. Use select() instead of poll() in the event loop. By default, sudo will use poll() on systems that support it. Some systems have a broken poll() implementation and need to use select instead. - On Mac OS X, select() is always used since its poll() doesn't - support devices. + On macOS, select() is always used since its poll() doesn't + support character devices. --disable-rpath By default, configure will use -Rpath in addition to -Lpath @@ -291,7 +291,7 @@ Defaults are listed in brackets after the description. Enable the use of the zlib compress library when storing I/O log files. If specified, location is the base directory containing the zlib include and lib directories. The special - values "system", "builtin", "shared" and "static" can be + values "system", "builtin", "shared", and "static" can be used to indicate that the system version of zlib should be used or that the version of zlib shipped with sudo should be used instead. If "static" is specified, sudo will @@ -372,7 +372,7 @@ Defaults are listed in brackets after the description. --with-logincap This adds support for login classes specified in `/etc/login.conf`. - It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and + It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD, and NetBSD (where available). By default, a login class is not applied unless the "use_loginclass" option is defined in sudoers or the user specifies a class on the command line. @@ -472,7 +472,7 @@ Defaults are listed in brackets after the description. --with-bsm-audit Enable support for sudo BSM audit logs on systems that support it. - This includes recent versions of FreeBSD, Mac OS X and Solaris. + This includes recent versions of FreeBSD, macOS and Solaris. --with-linux-audit Enable audit support for Linux systems. Audits attempts @@ -531,7 +531,7 @@ Defaults are listed in brackets after the description. Enable DCE support for systems without PAM. Known to work on HP-UX 9.X, 10.X, and 11.0; other systems may require source code and/or `configure` changes. On systems with PAM support - (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the + (such as HP-UX 11.0 and higher, Solaris, FreeBSD, and Linux), the DCE PAM module (usually libpam_dce) should be used instead. --with-fwtk[=DIR] @@ -567,7 +567,7 @@ Defaults are listed in brackets after the description. --with-pam Enable PAM support. This is on by default for Darwin, FreeBSD, - Linux, Solaris and HP-UX (version 11 and higher). + Linux, Solaris, and HP-UX (version 11 and higher). NOTE: on RedHat Linux and Fedora you **must** have an `/etc/pam.d/sudo` file installed. You may either use the example pam.conf file included @@ -775,13 +775,13 @@ Defaults are listed in brackets after the description. Sudoers option: editor --with-env-editor=no, --without-env-editor - By default, visudo will consult the SUDO_EDITOR, VISUAL and EDITOR + By default, visudo will consult the SUDO_EDITOR, VISUAL, and EDITOR environment variables before falling back on the default editor list (as specified by --with-editor). visudo is typically run as root so this option may allow a user with visudo privileges to run arbitrary commands as root without logging. Some sites may with to disable this and use a colon-separated list of "safe" editors with the --with-editor - option. visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR + option. visudo will then only use the SUDO_EDITOR, VISUAL, or EDITOR variables if they match a value specified via --with-editor. Sudoers option: env_editor @@ -915,7 +915,7 @@ Defaults are listed in brackets after the description. --with-passprompt="PASSWORD PROMPT" Default prompt to use when asking for a password; can be overridden via the -p option and the SUDO_PROMPT environment variable. Supports - the "%H", "%h", "%U" and "%u" escapes as documented in the sudo + the "%H", "%h", "%U", and "%u" escapes as documented in the sudo manual page. The default value is "Password:". Sudoers option: passprompt @@ -1013,8 +1013,8 @@ also need the "openldap-devel" (rpm) or "libldap2-dev" (deb) package. #### macOS -The pseudo-tty support in the Mac OS X kernel has bugs related to -its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals. It does +The pseudo-tty support in the Darwin kernel has bugs related to +its handling of the SIGTSTP, SIGTTIN, and SIGTTOU signals. It does not restart reads and writes when those signals are delivered. This may cause problems for some commands when I/O logging is enabled. The issue has been reported to Apple and is bug id #7952709. diff --git a/README.LDAP.md b/README.LDAP.md index c17e83a9f..80833ec74 100644 --- a/README.LDAP.md +++ b/README.LDAP.md @@ -28,7 +28,7 @@ For information on OpenLDAP, please see http://www.openldap.org/. ## Definitions Many times the word 'Directory' is used in the document to refer to the LDAP -server, structure and contents. +server, structure, and contents. Many times 'options' are used in this document to refer to sudoer 'defaults'. They are one and the same. @@ -90,7 +90,7 @@ suitable LDAP browser. For example: There is no need to restart slapd when updating on-line configuration. -For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory, +For Netscape-derived LDAP servers such as SunONE, iPlanet, or Fedora Directory, copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif. On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/. diff --git a/docs/HISTORY.md b/docs/HISTORY.md index 700525bce..f728f62dd 100644 --- a/docs/HISTORY.md +++ b/docs/HISTORY.md @@ -6,7 +6,7 @@ A Brief History of Sudo Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, -Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to +Cliff Spencer, Gretchen Phillips, John LoVerso, and Don Gworek, was posted to the net.sources Usenet newsgroup in December of 1985. ## Sudo at CU-Boulder @@ -44,7 +44,7 @@ authors now work elsewhere). As of version 1.6, Sudo no longer contains any of the original "Root Group" code and is available under an ISC-style license. -In 2001, the sudo web site, ftp site and mailing lists were moved from +In 2001, the sudo web site, ftp site, and mailing lists were moved from courtesan.com to the sudo.ws domain (sudo.org was already taken). ## LDAP Integration diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md index 9c9c5add2..2bc06bf6e 100644 --- a/docs/TROUBLESHOOTING.md +++ b/docs/TROUBLESHOOTING.md @@ -306,7 +306,7 @@ It just says "Sorry, try again." three times and exits. > `make`. If that fixes the problem then your operating system > does not properly support position independent executables. > Please send a message to sudo@sudo.ws with system details such -> as the Linux distro, kernel version and CPU architecture. +> as the Linux distro, kernel version, and CPU architecture. #### When I run configure I get the following error: diff --git a/docs/UPGRADE.md b/docs/UPGRADE.md index 64cec0f2d..7a9cd6300 100644 --- a/docs/UPGRADE.md +++ b/docs/UPGRADE.md @@ -68,7 +68,7 @@ Notes on upgrading from an older release Starting with version 1.8.29, if the umask is explicitly set in sudoers, that value is used regardless of the umask specified by PAM or login.conf. However, if the umask is not explicitly - set in sudoers, PAM or login.conf may now override the default + set in sudoers, PAM, or login.conf may now override the default sudoers umask. Previously, the sudoers umask always overrode the umask set by PAM, which was not the documented behavior. @@ -89,14 +89,14 @@ Notes on upgrading from an older release Starting with version 1.8.26, sudo no long sets the USERNAME environment variable when running commands. This is a non-standard environment variable that was set on some older Linux systems. - Sudo still sets the LOGNAME, USER and, on AIX systems, LOGIN + Sudo still sets the LOGNAME, USER, and, on AIX systems, LOGIN environment variables. Handling of the LOGNAME, USER (and on AIX, LOGIN) environment variables has changed slightly in version 1.8.26. Sudo now treats those variables as a single unit. This means that if one variable is preserved or removed from the environment using - env_keep, env_check or env_delete, the others are too. + env_keep, env_check, or env_delete, the others are too. * Upgrading from a version prior to 1.8.23: @@ -122,18 +122,18 @@ Notes on upgrading from an older release * Upgrading from a version prior to 1.8.20: - Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER + Due to the addition of the TIMEOUT, NOTBEFORE, and NOTAFTTER options, it is no longer possible to declare an alias with one of those names. If a sudoers file has an alias with one of - those names, sudo and visudo will report a syntax error with a + those names, sudo, and visudo will report a syntax error with a message like "syntax error: unexpected TIMEOUT, expecting ALIAS". Starting with version 1.9.3, sudoers rules must end in either - Prior to version 1.8.20, when log_input, log_output or use_pty - were enabled, if any of the standard input, output or error + Prior to version 1.8.20, when log_input, log_output, or use_pty + were enabled, if any of the standard input, output, or error were not connected to a terminal, sudo would use a pipe. The pipe allows sudo to interpose itself between the old standard - input, output or error and log the contents. Beginning with + input, output, or error and log the contents. Beginning with version 1.8.20, a pipe is only used when I/O logging is enabled. If use_pty is set without log_input or log_output, no pipe will be used. Additionally, if log_input is set without log_output, @@ -365,7 +365,7 @@ Notes on upgrading from an older release * Upgrading from a version prior to 1.7.5: Sudo 1.7.5 includes an updated LDAP schema with support for - the sudoNotBefore, sudoNotAfter and sudoOrder attributes. + the sudoNotBefore, sudoNotAfter, and sudoOrder attributes. The sudoNotBefore and sudoNotAfter attribute support is only used when the SUDOERS_TIMED setting is enabled in ldap.conf. @@ -387,7 +387,7 @@ Notes on upgrading from an older release * Upgrading from a version prior to 1.7.4: Starting with sudo 1.7.4, the time stamp files have moved from - `/var/run/sudo` to either `/var/db/sudo`, `/var/lib/sudo` or + `/var/run/sudo` to either `/var/db/sudo`, `/var/lib/sudo`, or `/var/adm/sudo`. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the