Use the Oxford comma consistently, it is helpful in technical documents.

INSTALL.md

@@ -11,9 +11,9 @@ about the `configure` script itself.
 ## System requirements
 
 To build sudo from the source distribution you need a POSIX-compliant
-operating system (any modern version of BSD, Linux or Unix should work),
+operating system (any modern version of BSD, Linux, or Unix should work),
 an ANSI/ISO C compiler that supports the "long long" type, variadic
-macros (a C99 feature) as well as the ar, make and ranlib utilities.
+macros (a C99 feature) as well as the ar, make, and ranlib utilities.
 
 If you wish to modify the parser then you will need flex version
 2.5.2 or later and either bison or byacc (sudo comes with a
@@ -97,10 +97,10 @@ Defaults are listed in brackets after the description.
         This includes the executables and plugins.  [same as PREFIX]
 
     --bindir=DIR
-        Install cvtsudoers, sudo, sudoedit and sudoreplay in DIR.  [EPREFIX/bin]
+        Install cvtsudoers, sudo, sudoedit, and sudoreplay in DIR. [EPREFIX/bin]
 
     --sbindir=DIR
-        Install sudo_logsrvd, sudo_sendlog and visudo in DIR. [EPREFIX/sbin]
+        Install sudo_logsrvd, sudo_sendlog, and visudo in DIR. [EPREFIX/sbin]
 
     --libexecdir=DIR
         Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo]
@@ -245,8 +245,8 @@ Defaults are listed in brackets after the description.
         Use select() instead of poll() in the event loop.  By default,
         sudo will use poll() on systems that support it.  Some systems
         have a broken poll() implementation and need to use select instead.
-        On Mac OS X, select() is always used since its poll() doesn't
+        On macOS, select() is always used since its poll() doesn't
-        support devices.
+        support character devices.
 
     --disable-rpath
         By default, configure will use -Rpath in addition to -Lpath
@@ -291,7 +291,7 @@ Defaults are listed in brackets after the description.
         Enable the use of the zlib compress library when storing
         I/O log files.  If specified, location is the base directory
         containing the zlib include and lib directories.  The special
-        values "system", "builtin", "shared" and "static" can be
+        values "system", "builtin", "shared", and "static" can be
         used to indicate that the system version of zlib should be
         used or that the version of zlib shipped with sudo should
         be used instead.  If "static" is specified, sudo will
@@ -372,7 +372,7 @@ Defaults are listed in brackets after the description.
 
     --with-logincap
         This adds support for login classes specified in `/etc/login.conf`.
-        It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
+        It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD, and
         NetBSD (where available).  By default, a login class is not applied
         unless the "use_loginclass" option is defined in sudoers or the user
         specifies a class on the command line.
@@ -472,7 +472,7 @@ Defaults are listed in brackets after the description.
 
     --with-bsm-audit
         Enable support for sudo BSM audit logs on systems that support it.
-        This includes recent versions of FreeBSD, Mac OS X and Solaris.
+        This includes recent versions of FreeBSD, macOS and Solaris.
 
     --with-linux-audit
         Enable audit support for Linux systems.  Audits attempts
@@ -531,7 +531,7 @@ Defaults are listed in brackets after the description.
         Enable DCE support for systems without PAM.  Known to work on
         HP-UX 9.X, 10.X, and 11.0; other systems may require source
         code and/or `configure` changes.  On systems with PAM support
-        (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the
+        (such as HP-UX 11.0 and higher, Solaris, FreeBSD, and Linux), the
         DCE PAM module (usually libpam_dce) should be used instead.
 
     --with-fwtk[=DIR]
@@ -567,7 +567,7 @@ Defaults are listed in brackets after the description.
 
     --with-pam
         Enable PAM support.  This is on by default for Darwin, FreeBSD,
-        Linux, Solaris and HP-UX (version 11 and higher).
+        Linux, Solaris, and HP-UX (version 11 and higher).
 
         NOTE: on RedHat Linux and Fedora you **must** have an `/etc/pam.d/sudo`
         file installed.  You may either use the example pam.conf file included
@@ -775,13 +775,13 @@ Defaults are listed in brackets after the description.
         Sudoers option: editor
 
     --with-env-editor=no, --without-env-editor
-        By default, visudo will consult the SUDO_EDITOR, VISUAL and EDITOR
+        By default, visudo will consult the SUDO_EDITOR, VISUAL, and EDITOR
         environment variables before falling back on the default editor list
         (as specified by --with-editor).  visudo is typically run as root so
         this option may allow a user with visudo privileges to run arbitrary
         commands as root without logging.  Some sites may with to disable this
         and use a colon-separated list of "safe" editors with the --with-editor
-        option.  visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR
+        option.  visudo will then only use the SUDO_EDITOR, VISUAL, or EDITOR
         variables if they match a value specified via --with-editor.  
         Sudoers option: env_editor
 
@@ -915,7 +915,7 @@ Defaults are listed in brackets after the description.
     --with-passprompt="PASSWORD PROMPT"
         Default prompt to use when asking for a password; can be overridden
         via the -p option and the SUDO_PROMPT environment variable. Supports
-        the "%H", "%h", "%U" and "%u" escapes as documented in the sudo
+        the "%H", "%h", "%U", and "%u" escapes as documented in the sudo
         manual page.  The default value is "Password:".  
         Sudoers option: passprompt
 
@@ -1013,8 +1013,8 @@ also need the "openldap-devel" (rpm) or "libldap2-dev" (deb) package.
 
 #### macOS
 
-The pseudo-tty support in the Mac OS X kernel has bugs related to
+The pseudo-tty support in the Darwin kernel has bugs related to
-its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.  It does
+its handling of the SIGTSTP, SIGTTIN, and SIGTTOU signals.  It does
 not restart reads and writes when those signals are delivered.  This
 may cause problems for some commands when I/O logging is enabled.
 The issue has been reported to Apple and is bug id #7952709.

README.LDAP.md

@@ -28,7 +28,7 @@ For information on OpenLDAP, please see http://www.openldap.org/.
 ## Definitions
 
 Many times the word 'Directory' is used in the document to refer to the LDAP
-server, structure and contents.
+server, structure, and contents.
 
 Many times 'options' are used in this document to refer to sudoer 'defaults'.
 They are one and the same.
@@ -90,7 +90,7 @@ suitable LDAP browser.  For example:
 
 There is no need to restart slapd when updating on-line configuration.
 
-For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory,
+For Netscape-derived LDAP servers such as SunONE, iPlanet, or Fedora Directory,
 copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif.
 
 On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/.

docs/HISTORY.md

@@ -6,7 +6,7 @@ A Brief History of Sudo
 Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer
 around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on
 a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel,
-Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to
+Cliff Spencer, Gretchen Phillips, John LoVerso, and Don Gworek, was posted to
 the net.sources Usenet newsgroup in December of 1985.
 
 ## Sudo at CU-Boulder
@@ -44,7 +44,7 @@ authors now work elsewhere). As of version 1.6, Sudo no longer contains any
 of the original "Root Group" code and is available under an ISC-style
 license.
 
-In 2001, the sudo web site, ftp site and mailing lists were moved from
+In 2001, the sudo web site, ftp site, and mailing lists were moved from
 courtesan.com to the sudo.ws domain (sudo.org was already taken).
 
 ## LDAP Integration

docs/TROUBLESHOOTING.md

@@ -306,7 +306,7 @@ It just says "Sorry, try again." three times and exits.
 > `make`.  If that fixes the problem then your operating system
 > does not properly support position independent executables.
 > Please send a message to sudo@sudo.ws with system details such
-> as the Linux distro, kernel version and CPU architecture.
+> as the Linux distro, kernel version, and CPU architecture.
 
 #### When I run configure I get the following error:
 

docs/UPGRADE.md

@@ -68,7 +68,7 @@ Notes on upgrading from an older release
    Starting with version 1.8.29, if the umask is explicitly set
    in sudoers, that value is used regardless of the umask specified
    by PAM or login.conf.  However, if the umask is not explicitly
-   set in sudoers, PAM or login.conf may now override the default
+   set in sudoers, PAM, or login.conf may now override the default
    sudoers umask.  Previously, the sudoers umask always overrode
    the umask set by PAM, which was not the documented behavior.
 
@@ -89,14 +89,14 @@ Notes on upgrading from an older release
    Starting with version 1.8.26, sudo no long sets the USERNAME
    environment variable when running commands. This is a non-standard
    environment variable that was set on some older Linux systems.
-   Sudo still sets the LOGNAME, USER and, on AIX systems, LOGIN
+   Sudo still sets the LOGNAME, USER, and, on AIX systems, LOGIN
    environment variables.
 
    Handling of the LOGNAME, USER (and on AIX, LOGIN) environment
    variables has changed slightly in version 1.8.26.  Sudo now
    treats those variables as a single unit.  This means that if
    one variable is preserved or removed from the environment using
-   env_keep, env_check or env_delete, the others are too.
+   env_keep, env_check, or env_delete, the others are too.
 
  * Upgrading from a version prior to 1.8.23:
 
@@ -122,18 +122,18 @@ Notes on upgrading from an older release
 
  * Upgrading from a version prior to 1.8.20:
 
-   Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER
+   Due to the addition of the TIMEOUT, NOTBEFORE, and NOTAFTTER
    options, it is no longer possible to declare an alias with one
    of those names.  If a sudoers file has an alias with one of
-   those names, sudo and visudo will report a syntax error with a
+   those names, sudo, and visudo will report a syntax error with a
    message like "syntax error: unexpected TIMEOUT, expecting ALIAS".
 
    Starting with version 1.9.3, sudoers rules must end in either
-   Prior to version 1.8.20, when log_input, log_output or use_pty
+   Prior to version 1.8.20, when log_input, log_output, or use_pty
-   were enabled, if any of the standard input, output or error
+   were enabled, if any of the standard input, output, or error
    were not connected to a terminal, sudo would use a pipe.  The
    pipe allows sudo to interpose itself between the old standard
-   input, output or error and log the contents.  Beginning with
+   input, output, or error and log the contents.  Beginning with
    version 1.8.20, a pipe is only used when I/O logging is enabled.
    If use_pty is set without log_input or log_output, no pipe will
    be used.  Additionally, if log_input is set without log_output,
@@ -365,7 +365,7 @@ Notes on upgrading from an older release
  * Upgrading from a version prior to 1.7.5:
 
    Sudo 1.7.5 includes an updated LDAP schema with support for
-   the sudoNotBefore, sudoNotAfter and sudoOrder attributes.
+   the sudoNotBefore, sudoNotAfter, and sudoOrder attributes.
 
    The sudoNotBefore and sudoNotAfter attribute support is only
    used when the SUDOERS_TIMED setting is enabled in ldap.conf.
@@ -387,7 +387,7 @@ Notes on upgrading from an older release
  * Upgrading from a version prior to 1.7.4:
 
    Starting with sudo 1.7.4, the time stamp files have moved from
-   `/var/run/sudo` to either `/var/db/sudo`, `/var/lib/sudo` or
+   `/var/run/sudo` to either `/var/db/sudo`, `/var/lib/sudo`, or
    `/var/adm/sudo`.  The directories are checked for existence in
    that order.  This prevents users from receiving the sudo lecture
    every time the system reboots.  Time stamp files older than the