isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Regen .man.in files with hacked mandoc to avoid issues with historic

Browse Source 
nroff.
This commit is contained in:
Todd C. Miller
2012-07-20 14:28:41 -04:00
parent 05e7cac89b
commit a06f7540f7
6 changed files with 304 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

250
doc/sudo.man.in
View File

@@ -22,6 +22,8 @@
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDO" "@mansectsu@" "July 10, 2012" "1.8.6" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo\fR,
\fBsudoedit\fR
@@ -29,53 +31,54 @@
.SH "SYNOPSIS"
.HP 5n
\fBsudo\fR
\fB-h\fR | \fB-K\fR | \fB-k\fR | \fB-V\fR
.sp -1v
\fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
.PD 0
.HP 5n
\fBsudo\fR
\fB-v\fR
[\fB-AknS\fR]
[\fB-a\fR\~\fIauth_type\fR]
[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
[\fB-p\fR\~\fIprompt\fR]
[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
.sp -1v
\fB\-v\fR
[\fB\-AknS\fR]
[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
.br
.HP 5n
\fBsudo\fR
\fB-l\fR[\fIl\fR]
[\fB-AknS\fR]
[\fB-a\fR\~\fIauth_type\fR]
[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
[\fB-p\fR\~\fIprompt\fR]
[\fB-U\fR\~\fIuser\~name\fR]
[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
\fB\-l\fR[\fIl\fR]
[\fB\-AknS\fR]
[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-p\fR\ \fIprompt\fR]
[\fB\-U\fR\ \fIuser\ name\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
[\fIcommand\fR]
.sp -1v
.br
.HP 5n
\fBsudo\fR
[\fB-AbEHnPS\fR]
[\fB-a\fR\~\fIauth_type\fR]
[\fB-C\fR\~\fIfd\fR]
[\fB-c\fR\~\fIclass\fR\~|\~\fI-\fR]
[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
[\fB-p\fR\~\fIprompt\fR]
[\fB-r\fR\~\fIrole\fR]
[\fB-t\fR\~\fItype\fR]
[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
[\fB\-AbEHnPS\fR]
[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-p\fR\ \fIprompt\fR]
[\fB\-r\fR\ \fIrole\fR]
[\fB\-t\fR\ \fItype\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
[\fBVAR\fR=\fIvalue\fR]
\fB-i\fR\~|\~\fB-s\fR
\fB\-i\fR\ |\ \fB\-s\fR
[\fIcommand\fR]
.sp -1v
.br
.HP 9n
\fBsudoedit\fR
[\fB-AnS\fR]
[\fB-a\fR\~\fIauth_type\fR]
[\fB-C\fR\~\fIfd\fR]
[\fB-c\fR\~\fIclass\fR\~|\~\fI-\fR]
[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
[\fB-p\fR\~\fIprompt\fR]
[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
[\fB\-AnS\fR]
[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
[\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
file ...
.PD
.SH "DESCRIPTION"
\fBsudo\fR
allows a permitted user to execute a
@@ -85,7 +88,7 @@ policy.
The real and effective uid and gid are set to match those of the
target user, as specified in the password database, and the group
vector is initialized based on the group database (unless the
\fB-P\fR
\fB\-P\fR
option was specified).
.PP
\fBsudo\fR
@@ -133,14 +136,14 @@ sudoers(@mansectform@).
By running
\fBsudo\fR
with the
\fB-v\fR
\fB\-v\fR
option, a user can update the cached credentials without running a
\fIcommand\fR.
.PP
When invoked as
\fBsudoedit\fR,
the
\fB-e\fR
\fB\-e\fR
option (described below), is implied.
.PP
Security policies may log successful and failed attempts to use
@@ -151,12 +154,12 @@ output may be logged as well.
\fBsudo\fR
accepts the following command line options:
.TP 12n
\fB-A\fR
\fB\-A\fR
Normally, if
\fBsudo\fR
requires a password, it will read it from the user's terminal.
If the
\fB-A\fR (\fIaskpass\fR)
\fB\-A\fR (\fIaskpass\fR)
option is specified, a (possibly graphical) helper program is
executed to read the user's password and output the password to the
standard output.
@@ -183,11 +186,11 @@ If no askpass program is available,
will exit with an error.
.PP
.RE
.sp -1v
.PD 0
.TP 12n
\fB-a\fR \fItype\fR
\fB\-a\fR \fItype\fR
The
\fB-a\fR (\fIauthentication type\fR)
\fB\-a\fR (\fIauthentication type\fR)
option causes
\fBsudo\fR
to use the specified authentication type when validating the user,
@@ -199,43 +202,44 @@ authentication methods by adding an
entry in
\fI/etc/login.conf\fR.
This option is only available on systems that support BSD authentication.
.PD
.TP 12n
\fB-b\fR
\fB\-b\fR
The
\fB-b\fR (\fIbackground\fR)
\fB\-b\fR (\fIbackground\fR)
option tells
\fBsudo\fR
to run the given command in the background.
Note that if you use the
\fB-b\fR
\fB\-b\fR
option you cannot use shell job control to manipulate the process.
Most interactive commands will fail to work properly in background
mode.
.TP 12n
\fB-C\fR \fIfd\fR
\fB\-C\fR \fIfd\fR
Normally,
\fBsudo\fR
will close all open file descriptors other than standard input,
standard output and standard error.
The
\fB-C\fR (\fIclose from\fR)
\fB\-C\fR (\fIclose from\fR)
option allows the user to specify a starting point above the standard
error (file descriptor three).
Values less than three are not permitted.
The security policy may restrict the user's ability to use the
\fB-C\fR
\fB\-C\fR
option.
The
\fIsudoers\fR
policy only permits use of the
\fB-C\fR
\fB\-C\fR
option when the administrator has enabled the
\fIclosefrom_override\fR
option.
.TP 12n
\fB-c\fR \fIclass\fR
\fB\-c\fR \fIclass\fR
The
\fB-c\fR (\fIclass\fR)
\fB\-c\fR (\fIclass\fR)
option causes
\fBsudo\fR
to run the specified command with resources limited by the specified
@@ -261,19 +265,19 @@ as root, or the
command must be run from a shell that is already root.
This option is only available on systems with BSD login classes.
.TP 12n
\fB-E\fR
\fB\-E\fR
The
\fB-E\fR (\fIpreserve environment\fR)
\fB\-E\fR (\fIpreserve environment\fR)
option indicates to the security policy that the user wishes to
preserve their existing environment variables.
The security policy may return an error if the
\fB-E\fR
\fB\-E\fR
option is specified and the user does not have permission to preserve
the environment.
.TP 12n
\fB-e\fR
\fB\-e\fR
The
\fB-e\fR (\fIedit\fR)
\fB\-e\fR (\fIedit\fR)
option indicates that, instead of running a command, the user wishes
to edit one or more files.
In lieu of a command, the string "sudoedit" is used when consulting
@@ -324,16 +328,16 @@ receive a warning and the edited copy will remain in a temporary
file.
.PP
.RE
.sp -1v
.PD 0
.TP 12n
\fB-g\fR \fIgroup\fR
\fB\-g\fR \fIgroup\fR
Normally,
\fBsudo\fR
runs a command with the primary group set to the one specified by
the password database for the user the command is being run as (by
default, root).
The
\fB-g\fR (\fIgroup\fR)
\fB\-g\fR (\fIgroup\fR)
option causes
\fBsudo\fR
to run the command with the primary group set to
@@ -352,31 +356,32 @@ many shells require that the
be escaped with a backslash
(`\e').
If no
\fB-u\fR
\fB\-u\fR
option is specified, the command will be run as the invoking user
(not root).
In either case, the primary group will be set to
\fIgroup\fR.
.PD
.TP 12n
\fB-H\fR
\fB\-H\fR
The
\fB-H\fR (\fIHOME\fR)
\fB\-H\fR (\fIHOME\fR)
option requests that the security policy set the
\fRHOME\fR
environment variable to the home directory of the target user (root
by default) as specified by the password database.
Depending on the policy, this may be the default behavior.
.TP 12n
\fB-h\fR
\fB\-h\fR
The
\fB-h\fR (\fIhelp\fR)
\fB\-h\fR (\fIhelp\fR)
option causes
\fBsudo\fR
to print a short help message to the standard output and exit.
.TP 12n
\fB-i\fR [\fIcommand\fR]
\fB\-i\fR [\fIcommand\fR]
The
\fB-i\fR (\fIsimulate initial login\fR)
\fB\-i\fR (\fIsimulate initial login\fR)
option runs the shell specified by the password database entry of
the target user as a login shell.
This means that login-specific resource files such as
@@ -386,7 +391,7 @@ or
will be read by the shell.
If a command is specified, it is passed to the shell for execution
via the shell's
\fB-c\fR
\fB\-c\fR
option.
If no command is specified, an interactive shell is executed.
\fBsudo\fR
@@ -399,24 +404,24 @@ The
section in the
sudoers(@mansectform@)
manual documents how the
\fB-i\fR
\fB\-i\fR
option affects the environment in which a command is run when the
\fIsudoers\fR
policy is in use.
.TP 12n
\fB-K\fR
\fB\-K\fR
The
\fB-K\fR (sure \fIkill\fR)
\fB\-K\fR (sure \fIkill\fR)
option is like
\fB-k\fR
\fB\-k\fR
except that it removes the user's cached credentials entirely and
may not be used in conjunction with a command or other option.
This option does not require a password.
Not all security policies support credential caching.
.TP 12n
\fB-k\fR [\fIcommand\fR]
\fB\-k\fR [\fIcommand\fR]
When used alone, the
\fB-k\fR (\fIkill\fR)
\fB\-k\fR (\fIkill\fR)
option to
\fBsudo\fR
invalidates the user's cached credentials.
@@ -433,7 +438,7 @@ Not all security policies support credential caching.
.sp
When used in conjunction with a command or an option that may require
a password, the
\fB-k\fR
\fB\-k\fR
option will cause
\fBsudo\fR
to ignore the user's cached credentials.
@@ -442,14 +447,14 @@ As a result,
will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials.
.TP 12n
\fB-l\fR[\fBl\fR] [\fIcommand\fR]
\fB\-l\fR[\fBl\fR] [\fIcommand\fR]
If no
\fIcommand\fR
is specified, the
\fB-l\fR (\fIlist\fR)
\fB\-l\fR (\fIlist\fR)
option will list the allowed (and forbidden) commands for the
invoking user (or the user specified by the
\fB-U\fR
\fB\-U\fR
option) on the current host.
If a
\fIcommand\fR
@@ -462,18 +467,18 @@ is specified but not allowed,
\fBsudo\fR
will exit with a status value of 1.
If the
\fB-l\fR
\fB\-l\fR
option is specified with an
\fIl\fR
argument
(i.e.\& \fB-ll\fR),
(i.e.\& \fB\-ll\fR),
or if
\fB-l\fR
\fB\-l\fR
is specified multiple times, a longer list format is used.
.TP 12n
\fB-n\fR
\fB\-n\fR
The
\fB-n\fR (\fInon-interactive\fR)
\fB\-n\fR (\fInon-interactive\fR)
option prevents
\fBsudo\fR
from prompting the user for a password.
@@ -481,9 +486,9 @@ If a password is required for the command to run,
\fBsudo\fR
will display an error message and exit.
.TP 12n
\fB-P\fR
\fB\-P\fR
The
\fB-P\fR (\fIpreserve group vector\fR)
\fB\-P\fR (\fIpreserve group vector\fR)
option causes
\fBsudo\fR
to preserve the invoking user's group vector unaltered.
@@ -494,9 +499,9 @@ target user is in.
The real and effective group IDs, however, are still set to match
the target user.
.TP 12n
\fB-p\fR \fIprompt\fR
\fB\-p\fR \fIprompt\fR
The
\fB-p\fR (\fIprompt\fR)
\fB\-p\fR (\fIprompt\fR)
option allows you to override the default password prompt and use
a custom one.
The following percent
@@ -526,10 +531,10 @@ and
flags in
sudoers(@mansectform@))
.TP 4n
\fR%U\fR
\fR\&%U\fR
expanded to the login name of the user the command will be run as
(defaults to root unless the
\fB-u\fR
\fB\-u\fR
option is also specified)
.TP 4n
\fR%u\fR
@@ -545,7 +550,7 @@ character
.RS
.PP
The prompt specified by the
\fB-p\fR
\fB\-p\fR
option will override the system password prompt on systems that
support PAM unless the
\fIpassprompt_override\fR
@@ -553,51 +558,52 @@ flag is disabled in
\fIsudoers\fR.
.PP
.RE
.sp -1v
.PD 0
.TP 12n
\fB-r\fR \fIrole\fR
\fB\-r\fR \fIrole\fR
The
\fB-r\fR (\fIrole\fR)
\fB\-r\fR (\fIrole\fR)
option causes the new (SELinux) security context to have the role
specified by
\fIrole\fR.
.PD
.TP 12n
\fB-S\fR
\fB\-S\fR
The
\fB-S\fR (\fIstdin\fR)
\fB\-S\fR (\fIstdin\fR)
option causes
\fBsudo\fR
to read the password from the standard input instead of the terminal
device.
The password must be followed by a newline character.
.TP 12n
\fB-s\fR [\fIcommand\fR]
\fB\-s\fR [\fIcommand\fR]
The
\fB-s\fR (\fIshell\fR)
\fB\-s\fR (\fIshell\fR)
option runs the shell specified by the
\fRSHELL\fR
environment variable if it is set or the shell as specified in the
password database.
If a command is specified, it is passed to the shell for execution
via the shell's
\fB-c\fR
\fB\-c\fR
option.
If no command is specified, an interactive shell is executed.
.TP 12n
\fB-t\fR \fItype\fR
\fB\-t\fR \fItype\fR
The
\fB-t\fR (\fItype\fR)
\fB\-t\fR (\fItype\fR)
option causes the new (SELinux) security context to have the type
specified by
\fItype\fR.
If no type is specified, the default type is derived from the
specified role.
.TP 12n
\fB-U\fR \fIuser\fR
\fB\-U\fR \fIuser\fR
The
\fB-U\fR (\fIother user\fR)
\fB\-U\fR (\fIother user\fR)
option is used in conjunction with the
\fB-l\fR
\fB\-l\fR
option to specify the user whose privileges should be listed.
The security policy may restrict listing other users' privileges.
The
@@ -606,9 +612,9 @@ policy only allows root or a user with the
\fRALL\fR
privilege on the current host to use this option.
.TP 12n
\fB-u\fR \fIuser\fR
\fB\-u\fR \fIuser\fR
The
\fB-u\fR (\fIuser\fR)
\fB\-u\fR (\fIuser\fR)
option causes
\fBsudo\fR
to run the specified command as a user other than
@@ -636,23 +642,23 @@ that are not in the password database as long as the
option is not set.
Other security policies may not support this.
.TP 12n
\fB-V\fR
\fB\-V\fR
The
\fB-V\fR (\fIversion\fR)
\fB\-V\fR (\fIversion\fR)
option causes
\fBsudo\fR
to print its version string and the version string of the security
policy plugin and any I/O plugins.
If the invoking user is already root the
\fB-V\fR
\fB\-V\fR
option will display the arguments passed to configure when
\fBsudo\fR
was built and plugins may display more verbose information such as
default options.
.TP 12n
\fB-v\fR
\fB\-v\fR
When given the
\fB-v\fR (\fIvalidate\fR)
\fB\-v\fR (\fIvalidate\fR)
option,
\fBsudo\fR
will update the user's cached credentials, authenticating the user's
@@ -667,9 +673,9 @@ minutes (or whatever the timeout is set to by the security policy)
but does not run a command.
Not all security policies support cached credentials.
.TP 12n
\fB--\fR
\fB\--\fR
The
\fB--\fR
\fB\--\fR
option indicates that
\fBsudo\fR
should stop processing command line arguments.
@@ -1037,7 +1043,7 @@ environment.
.TP 17n
\fREDITOR\fR
Default editor to use in
\fB-e\fR
\fB\-e\fR
(sudoedit) mode if neither
\fRSUDO_EDITOR\fR
nor
@@ -1046,7 +1052,7 @@ is set.
.TP 17n
\fRMAIL\fR
In
\fB-i\fR
\fB\-i\fR
mode or when
\fIenv_reset\fR
is enabled in
@@ -1055,9 +1061,9 @@ set to the mail spool of the target user.
.TP 17n
\fRHOME\fR
Set to the home directory of the target user if
\fB-i\fR
\fB\-i\fR
or
\fB-H\fR
\fB\-H\fR
are specified,
\fIenv_reset\fR
or
@@ -1065,7 +1071,7 @@ or
are set in
\fIsudoers\fR,
or when the
\fB-s\fR
\fB\-s\fR
option is specified and
\fIset_home\fR
is set in
@@ -1076,13 +1082,13 @@ May be overridden by the security policy.
.TP 17n
\fRSHELL\fR
Used to determine shell to run with
\fB-s\fR
\fB\-s\fR
option.
.TP 17n
\fRSUDO_ASKPASS\fR
Specifies the path to a helper program used to read the password
if no terminal is available or if the
\fB-A\fR
\fB\-A\fR
option is specified.
.TP 17n
\fRSUDO_COMMAND\fR
@@ -1090,7 +1096,7 @@ Set to the command run by sudo.
.TP 17n
\fRSUDO_EDITOR\fR
Default editor to use in
\fB-e\fR
\fB\-e\fR
(sudoedit) mode.
.TP 17n
\fRSUDO_GID\fR
@@ -1112,12 +1118,12 @@ Set to the login name of the user who invoked sudo.
.TP 17n
\fRUSER\fR
Set to the target user (root unless the
\fB-u\fR
\fB\-u\fR
option is specified).
.TP 17n
\fRVISUAL\fR
Default editor to use in
\fB-e\fR
\fB\-e\fR
(sudoedit) mode if
\fRSUDO_EDITOR\fR
is not set.

122
doc/sudo_plugin.man.in
View File

@@ -17,6 +17,8 @@
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDO_PLUGIN" "5" "July 16, 2012" "1.8.6" "OpenBSD Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo_plugin\fR
\- Sudo Plugin API
@@ -204,7 +206,7 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
version
The version passed in by
@@ -212,6 +214,7 @@ The version passed in by
allows the plugin to determine the
major and minor version number of the plugin API supported by
\fBsudo\fR.
.PD
.TP 6n
conversation
A pointer to the
@@ -330,24 +333,24 @@ This setting has been deprecated in favor of
.TP 6n
runas_user=string
The user name or uid to to run the command as, if specified via the
\fB-u\fR
\fB\-u\fR
flag.
.TP 6n
runas_group=string
The group name or gid to to run the command as, if specified via
the
\fB-g\fR
\fB\-g\fR
flag.
.TP 6n
prompt=string
The prompt to use when requesting a password, if specified via
the
\fB-p\fR
\fB\-p\fR
flag.
.TP 6n
set_home=bool
Set to true if the user specified the
\fB-H\fR
\fB\-H\fR
flag.
If true, set the
\fRHOME\fR
@@ -355,19 +358,19 @@ environment variable to the target user's home directory.
.TP 6n
preserve_environment=bool
Set to true if the user specified the
\fB-E\fR
\fB\-E\fR
flag, indicating that
the user wishes to preserve the environment.
.TP 6n
run_shell=bool
Set to true if the user specified the
\fB-s\fR
\fB\-s\fR
flag, indicating that
the user wishes to run a shell.
.TP 6n
login_shell=bool
Set to true if the user specified the
\fB-i\fR
\fB\-i\fR
flag, indicating that
the user wishes to run a login shell.
.TP 6n
@@ -392,21 +395,21 @@ exit.
.TP 6n
preserve_groups=bool
Set to true if the user specified the
\fB-P\fR
\fB\-P\fR
flag, indicating that
the user wishes to preserve the group vector instead of setting it
based on the runas user.
.TP 6n
ignore_ticket=bool
Set to true if the user specified the
\fB-k\fR
\fB\-k\fR
flag along with a
command, indicating that the user wishes to ignore any cached
authentication credentials.
.TP 6n
noninteractive=bool
Set to true if the user specified the
\fB-n\fR
\fB\-n\fR
flag, indicating that
\fBsudo\fR
should operate in non-interactive mode.
@@ -416,24 +419,24 @@ interaction is required.
login_class=string
BSD login class to use when setting resource limits and nice value,
if specified by the
\fB-c\fR
\fB\-c\fR
flag.
.TP 6n
selinux_role=string
SELinux role to use when executing the command, if specified by
the
\fB-r\fR
\fB\-r\fR
flag.
.TP 6n
selinux_type=string
SELinux type to use when executing the command, if specified by
the
\fB-t\fR
\fB\-t\fR
flag.
.TP 6n
bsdauth_type=string
Authentication type, if specified by the
\fB-a\fR
\fB\-a\fR
flag, to use on
systems where BSD authentication is supported.
.TP 6n
@@ -457,7 +460,7 @@ or
.TP 6n
sudoedit=bool
Set to true when the
\fB-e\fR
\fB\-e\fR
flag is is specified or if invoked as
\fBsudoedit\fR.
The plugin shall substitute an editor into
@@ -473,7 +476,7 @@ section.
.TP 6n
closefrom=number
If specified, the user has requested via the
\fB-C\fR
\fB\-C\fR
flag that
\fBsudo\fR
close all files descriptors with a value of
@@ -489,7 +492,7 @@ Additional settings may be added in the future so the plugin should
silently ignore settings that it does not recognize.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
user_info
A vector of information about the user running the command in the form of
@@ -512,6 +515,7 @@ itself but the
\fIvalue\fR
might.
.RS
.PD
.TP 6n
pid=int
The process ID of the running
@@ -663,7 +667,7 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
exit_status
The command's exit status, as returned by the
@@ -674,6 +678,7 @@ The value of
is undefined if
\fRerror\fR
is non-zero.
.PD
.TP 6n
error
.br
@@ -706,7 +711,7 @@ function is called by
\fBsudo\fR
when the user specifies
the
\fB-V\fR
\fB\-V\fR
option.
The plugin may display its version information to the user via the
\fBconversation\fR()
@@ -717,7 +722,7 @@ function using
If the user requests detailed version information, the verbose flag will be set.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
check_policy
.nf
@@ -804,9 +809,10 @@ to present additional error information to the user.
.sp
The function arguments are as follows:
.RS
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
argc
The number of elements in
@@ -814,6 +820,7 @@ The number of elements in
not counting the final
\fRNULL\fR
pointer.
.PD
.TP 6n
argv
The argument vector describing the command the user wishes to run,
@@ -1022,7 +1029,7 @@ the invoking user's existing entry.
Unsupported values will be ignored.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
argv_out
The
@@ -1031,6 +1038,7 @@ argument vector to pass to the
execve(2)
system call when executing the command.
The plugin is responsible for allocating and populating the vector.
.PD
.TP 6n
user_env_out
The
@@ -1068,10 +1076,11 @@ function using
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
verbose
Flag indicating whether to list in verbose mode or not.
.PD
.TP 6n
list_user
The name of a different user to list privileges for if the policy
@@ -1112,7 +1121,7 @@ The
function is called when
\fBsudo\fR
is run with the
\fB-v\fR
\fB\-v\fR
flag.
For policy plugins such as
\fIsudoers\fR
@@ -1137,7 +1146,7 @@ to present additional
error information to the user.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
invalidate
.nf
@@ -1153,9 +1162,9 @@ function is called when
\fBsudo\fR
is called with
the
\fB-k\fR
\fB\-k\fR
or
\fB-K\fR
\fB\-K\fR
flag.
For policy plugins such as
\fIsudoers\fR
@@ -1172,9 +1181,10 @@ The
function should be
\fRNULL\fR
if the plugin does not support credential caching.
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
init_session
.nf
@@ -1251,9 +1261,10 @@ function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
error information to the user.
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
register_hooks
.nf
@@ -1305,9 +1316,10 @@ front end doesn't support API
version 1.2 or higher,
\fRregister_hooks\fR
will not be called.
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
deregister_hooks
.nf
@@ -1361,6 +1373,7 @@ version 1.2 or higher,
\fRderegister_hooks\fR
will not be called.
.RE
.PD
.PP
\fIPolicy Plugin Version Macros\fR
.nf
@@ -1500,7 +1513,7 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
version
The version passed in by
@@ -1508,6 +1521,7 @@ The version passed in by
allows the plugin to determine the
major and minor version number of the plugin API supported by
\fBsudo\fR.
.PD
.TP 6n
conversation
A pointer to the
@@ -1675,7 +1689,7 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
exit_status
The command's exit status, as returned by the
@@ -1686,6 +1700,7 @@ The value of
is undefined if
\fRerror\fR
is non-zero.
.PD
.TP 6n
error
.br
@@ -1713,7 +1728,7 @@ function is called by
\fBsudo\fR
when the user specifies
the
\fB-V\fR
\fB\-V\fR
option.
The plugin may display its version information to the user via the
\fBconversation\fR()
@@ -1724,7 +1739,7 @@ function using
If the user requests detailed version information, the verbose flag will be set.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
log_ttyin
.nf
@@ -1745,12 +1760,14 @@ is rejected (which will terminate the command) or \-1 if an error occurred.
.sp
The function arguments are as follows:
.RS
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
buf
The buffer containing user input.
.PD
.TP 6n
len
The length of
@@ -1779,10 +1796,11 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
buf
The buffer containing command output.
.PD
.TP 6n
len
The length of
@@ -1813,10 +1831,11 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
buf
The buffer containing user input.
.PD
.TP 6n
len
The length of
@@ -1847,10 +1866,11 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
buf
The buffer containing command output.
.PD
.TP 6n
len
The length of
@@ -1881,10 +1901,11 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
buf
The buffer containing command output.
.PD
.TP 6n
len
The length of
@@ -1980,7 +2001,7 @@ If the registered hook does not match the typedef the results are
unspecified.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
\fRSUDO_HOOK_UNSETENV\fR
The C library
@@ -1999,9 +2020,10 @@ typedef int (*sudo_hook_fn_unsetenv_t)(const char *name,
.RE
.fi
.RS
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
\fRSUDO_HOOK_GETENV\fR
The C library
@@ -2023,9 +2045,10 @@ typedef int (*sudo_hook_fn_getenv_t)(const char *name,
.sp
If the registered hook does not match the typedef the results are
unspecified.
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
\fRSUDO_HOOK_PUTENV\fR
The C library
@@ -2048,9 +2071,10 @@ typedef int (*sudo_hook_fn_putenv_t)(char *string,
If the registered hook does not match the typedef the results are
unspecified.
.RE
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
hook_fn
sudo_hook_fn_t hook_fn;
@@ -2072,6 +2096,7 @@ This can be used to pass arbitrary data to the plugin's hook implementation.
.sp
The function return value may be one of the following:
.RS
.PD
.TP 6n
\fRSUDO_HOOK_RET_ERROR\fR
The hook function encountered an error.
@@ -2329,7 +2354,7 @@ The function arguments are as follows:
.RS
.PP
.RE
.sp -1v
.PD 0
.TP 6n
version
The version passed in by
@@ -2337,6 +2362,7 @@ The version passed in by
allows the plugin to determine the
major and minor version number of the group plugin API supported by
\fIsudoers\fR.
.PD
.TP 6n
plugin_printf
A pointer to a
@@ -2374,7 +2400,7 @@ group checks.
The plugin should free any memory it has allocated and close open file handles.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
query
.br
@@ -2395,12 +2421,14 @@ is a member of
.sp
The function arguments are as follows:
.RS
.PD
.PP
.RE
.sp -1v
.PD 0
.TP 6n
user
The name of the user being looked up in the external group database.
.PD
.TP 6n
group
.br

11
doc/sudoers.ldap.man.in
View File

@@ -17,6 +17,8 @@
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDOERS.LDAP" "8" "July 12, 2012" "1.8.6" "OpenBSD System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudoers.ldap\fR
\- sudo LDAP configuration
@@ -727,14 +729,15 @@ Netscape-derived:
Tivoli Directory Server:
\fRtls_cert /usr/ldap/ldapkey.kdb\fR
.RE
.sp -1v
.RS
.PD 0
.PP
.PD
When using Tivoli LDAP libraries, this file may also contain
Certificate Authority and client certificates and may be encrypted.
.PP
.RE
.sp -1v
.PD 0
.TP 6n
\fBTLS_KEYPW\fR \fIsecret\fR
The
@@ -761,6 +764,7 @@ The default
that ships with Tivoli Directory Server is encrypted with the password
\fRssl_password\fR.
This option is only supported by the Tivoli LDAP libraries.
.PD
.TP 6n
\fBTLS_RANDFILE\fR \fIfile name\fR
The
@@ -847,10 +851,11 @@ The following sources are recognized:
files
read sudoers from
\fI@sysconfdir@/sudoers\fR
.sp -1v
.PD 0
.TP 10n
ldap
read sudoers from LDAP
.PD
.PP
In addition, the entry
\fR[NOTFOUND=return]\fR

95
doc/sudoers.man.in
View File

@@ -22,6 +22,8 @@
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDOERS" "@mansectsu@" "July 16, 2012" "1.8.6" "Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudoers\fR
\- default sudo security policy module
@@ -86,9 +88,9 @@ Note that mail will not be sent if an unauthorized user tries to
run
\fBsudo\fR
with the
\fB-l\fR
\fB\-l\fR
or
\fB-v\fR
\fB\-v\fR
option.
This allows users to
determine for themselves whether or not they are allowed to use
@@ -107,7 +109,7 @@ This can be used by a user to log commands
through sudo even when a root shell has been invoked.
It also
allows the
\fB-e\fR
\fB\-e\fR
option to remain useful even when invoked via a
sudo-run script or program.
Note, however, that the
@@ -266,7 +268,7 @@ to preserve them.
.PP
As a special case, if
\fBsudo\fR's
\fB-i\fR
\fB\-i\fR
option (initial login) is
specified,
\fIsudoers\fR
@@ -658,7 +660,7 @@ The special command
is used to permit a user to run
\fBsudo\fR
with the
\fB-e\fR
\fB\-e\fR
option (or as
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
@@ -781,11 +783,11 @@ The first
indicates
which users the command may be run as via
\fBsudo\fR's
\fB-u\fR
\fB\-u\fR
option.
The second defines a list of groups that can be specified via
\fBsudo\fR's
\fB-g\fR
\fB\-g\fR
option.
If both
\fRRunas_List\fRs
@@ -794,7 +796,7 @@ and groups listed in their respective
\fRRunas_List\fRs.
If only the first is specified, the command may be run as any user
in the list but no
\fB-g\fR
\fB\-g\fR
option
may be specified.
If the first
@@ -921,9 +923,9 @@ $ sudo -g dialer /usr/bin/cu
Multiple users and groups may be present in a
\fRRunas_Spec\fR,
in which case the user may select any combination of users and groups via the
\fB-u\fR
\fB\-u\fR
and
\fB-g\fR
\fB\-g\fR
options.
In this example:
.nf
@@ -1089,7 +1091,7 @@ Note that if
has been set for a command, the user may disable the
\fIenv_reset\fR
option from the command line via the
\fB-E\fR
\fB\-E\fR
option.
Additionally, environment variables set on the command
line are not subject to the restrictions imposed by
@@ -1357,7 +1359,7 @@ directory unless one of them contains a syntax error.
It is still possible to run
\fBvisudo\fR
with the
\fB-f\fR
\fB\-f\fR
flag to edit the files directly.
.SS "Other special characters and reserved words"
The pound sign
@@ -1449,10 +1451,10 @@ will set the
\fRHOME\fR
environment variable to the home directory of the target user
(which is root unless the
\fB-u\fR
\fB\-u\fR
option is used).
This effectively means that the
\fB-H\fR
\fB\-H\fR
option is always implied.
Note that
\fRHOME\fR
@@ -1486,7 +1488,7 @@ by default.
closefrom_override
If set, the user may use
\fBsudo\fR's
\fB-C\fR
\fB\-C\fR
option which overrides the default starting point at which
\fBsudo\fR
begins closing open file descriptors.
@@ -1565,7 +1567,7 @@ and
lists are displayed when
\fBsudo\fR
is run by root with the
\fB-V\fR
\fB\-V\fR
option.
If the
\fIsecure_path\fR
@@ -1968,17 +1970,17 @@ set_home
If enabled and
\fBsudo\fR
is invoked with the
\fB-s\fR
\fB\-s\fR
option the
\fRHOME\fR
environment variable will be set to the home directory of the target
user (which is root unless the
\fB-u\fR
\fB\-u\fR
option is used).
This effectively makes the
\fB-s\fR
\fB\-s\fR
option imply
\fB-H\fR.
\fB\-H\fR.
Note that
\fRHOME\fR
is already set when the the
@@ -2006,7 +2008,7 @@ will set the
and
\fRUSERNAME\fR
environment variables to the name of the target user (usually root unless the
\fB-u\fR
\fB\-u\fR
option is given).
However, since some programs (including the RCS revision control system) use
\fRLOGNAME\fR
@@ -2046,7 +2048,7 @@ setenv
Allow the user to disable the
\fIenv_reset\fR
option from the command line via the
\fB-E\fR
\fB\-E\fR
option.
Additionally, environment variables set via the command line are
not subject to the restrictions imposed by
@@ -2063,7 +2065,7 @@ shell_noargs
If set and
\fBsudo\fR
is invoked with no arguments it acts as if the
\fB-s\fR
\fB\-s\fR
option had been given.
That is, it runs a shell as root (the shell is determined by the
\fRSHELL\fR
@@ -2099,14 +2101,14 @@ If set,
\fBsudo\fR
will prompt for the password of the user specified
by the
\fB-u\fR
\fB\-u\fR
option (defaults to
\fRroot\fR)
instead of the password of the invoking user.
In addition, the timestamp file name will include the target user's name.
Note that this flag precludes the use of a uid not listed in the passwd
database as an argument to the
\fB-u\fR
\fB\-u\fR
option.
This flag is
\fIoff\fR
@@ -2362,7 +2364,7 @@ character, the string
should be used.
.PP
.RE
.sp -1v
.PD 0
.TP 18n
iolog_file
The path name, relative to
@@ -2396,6 +2398,7 @@ will have the
replaced with a unique combination of digits and letters, similar to the
mktemp(3)
function.
.PD
.TP 18n
mailsub
Subject of the mail sent to the
@@ -2415,7 +2418,7 @@ file.
.TP 18n
passprompt
The default prompt to use when asking for a password; can be overridden via the
\fB-p\fR
\fB\-p\fR
option or the
\fRSUDO_PROMPT\fR
environment variable.
@@ -2442,7 +2445,7 @@ and
flags in
\fIsudoers\fR)
.TP 6n
\fR%U\fR
\fR\&%U\fR
expanded to the login name of the user the command will
be run as (defaults to root)
.TP 6n
@@ -2462,7 +2465,7 @@ The default value is
``\fR@passprompt@\fR''.
.PP
.RE
.sp -1v
.PD 0
.TP 18n
role
The default SELinux role to use when constructing a new security
@@ -2473,10 +2476,11 @@ or via command line options.
This option is only available whe
\fBsudo\fR
is built with SELinux support.
.PD
.TP 18n
runas_default
The default user to run commands as if the
\fB-u\fR
\fB\-u\fR
option is not specified on the command line.
This defaults to
\fR@runas_default@\fR.
@@ -2591,13 +2595,14 @@ For more information see
sudo_plugin(@mansectform@).
.PP
.RE
.sp -1v
.PD 0
.TP 14n
lecture
This option controls when a short lecture will be printed along with
the password prompt.
It has the following possible values:
.RS
.PD
.TP 8n
always
Always lecture the user.
@@ -2621,7 +2626,7 @@ The default value is
\fI@lecture@\fR.
.PP
.RE
.sp -1v
.PD 0
.TP 14n
lecture_file
Path to a file containing an alternate
@@ -2631,12 +2636,13 @@ file exists.
By default,
\fBsudo\fR
uses a built-in lecture.
.PD
.TP 14n
listpw
This option controls when a password will be required when a user runs
\fBsudo\fR
with the
\fB-l\fR
\fB\-l\fR
option.
It has the following possible values:
.RS
@@ -2651,7 +2657,7 @@ flag set to avoid entering a password.
.TP 10n
always
The user must always enter a password to use the
\fB-l\fR
\fB\-l\fR
option.
.TP 10n
any
@@ -2664,7 +2670,7 @@ flag set to avoid entering a password.
.TP 10n
never
The user need never enter a password to use the
\fB-l\fR
\fB\-l\fR
option.
.RE
.RS
@@ -2679,7 +2685,7 @@ The default value is
\fIany\fR.
.PP
.RE
.sp -1v
.PD 0
.TP 14n
logfile
Path to the
@@ -2690,10 +2696,11 @@ negating this option turns it off.
By default,
\fBsudo\fR
logs via syslog.
.PD
.TP 14n
mailerflags
Flags to use when invoking mailer. Defaults to
\fB-t\fR.
\fB\-t\fR.
.TP 14n
mailerpath
Path to mail program used to send warning mail.
@@ -2771,7 +2778,7 @@ verifypw
This option controls when a password will be required when a user runs
\fBsudo\fR
with the
\fB-v\fR
\fB\-v\fR
option.
It has the following possible values:
.RS
@@ -2785,7 +2792,7 @@ flag set to avoid entering a password.
.TP 8n
always
The user must always enter a password to use the
\fB-v\fR
\fB\-v\fR
option.
.TP 8n
any
@@ -2797,7 +2804,7 @@ flag set to avoid entering a password.
.TP 8n
never
The user need never enter a password to use the
\fB-v\fR
\fB\-v\fR
option.
.RE
.RS
@@ -2842,7 +2849,7 @@ The default list of environment variables to check is displayed when
\fBsudo\fR
is run by root with
the
\fB-V\fR
\fB\-V\fR
option.
.TP 18n
env_delete
@@ -2861,7 +2868,7 @@ operators respectively.
The default list of environment variables to remove is displayed when
\fBsudo\fR
is run by root with the
\fB-V\fR
\fB\-V\fR
option.
Note that many operating systems will remove potentially dangerous
variables from the environment of any setuid process (such as
@@ -2887,7 +2894,7 @@ The default list of variables to keep
is displayed when
\fBsudo\fR
is run by root with the
\fB-V\fR
\fB\-V\fR
option.
.SH "SUDO.CONF"
The
@@ -3100,7 +3107,7 @@ security policy
.TP 26n
\fI/etc/environment\fR
Initial environment for
\fB-i\fR
\fB\-i\fR
mode on AIX and Linux systems
.SH "EXAMPLES"
Below are example

44
doc/sudoreplay.man.in
View File

@@ -17,23 +17,25 @@
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "1.8.6" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudoreplay\fR
\- replay sudo session logs
.SH "SYNOPSIS"
.HP 11n
\fBsudoreplay\fR
[\fB-h\fR]
[\fB-d\fR\~\fIdirectory\fR]
[\fB-f\fR\~\fIfilter\fR]
[\fB-m\fR\~\fImax_wait\fR]
[\fB-s\fR\~\fIspeed_factor\fR]
[\fB\-h\fR]
[\fB\-d\fR\ \fIdirectory\fR]
[\fB\-f\fR\ \fIfilter\fR]
[\fB\-m\fR\ \fImax_wait\fR]
[\fB\-s\fR\ \fIspeed_factor\fR]
ID
.HP 11n
\fBsudoreplay\fR
[\fB-h\fR]
[\fB-d\fR\~\fIdirectory\fR]
\fB-l\fR
[\fB\-h\fR]
[\fB\-d\fR\ \fIdirectory\fR]
\fB\-l\fR
[search expression]
.SH "DESCRIPTION"
\fBsudoreplay\fR
@@ -92,18 +94,19 @@ Double the playback speed.
\fBsudoreplay\fR
accepts the following command line options:
.TP 14n
\fB-d\fR \fIdirectory\fR
\fB\-d\fR \fIdirectory\fR
.br
Use
\fIdirectory\fR
to for the session logs instead of the default,
\fI@iolog_dir@\fR.
.TP 14n
\fB-f\fR \fIfilter\fR
\fB\-f\fR \fIfilter\fR
By default,
\fBsudoreplay\fR
will play back the command's standard output, standard error and tty output.
The
\fB-f\fR
\fB\-f\fR
option can be used to select which of these to output.
The
\fIfilter\fR
@@ -113,14 +116,14 @@ argument is a comma-separated list, consisting of one or more of following:
and
\fIttyout\fR.
.TP 14n
\fB-h\fR
\fB\-h\fR
The
\fB-h\fR (\fIhelp\fR)
\fB\-h\fR (\fIhelp\fR)
option causes
\fBsudoreplay\fR
to print a short help message to the standard output and exit.
.TP 14n
\fB-l\fR [\fIsearch expression\fR]
\fB\-l\fR [\fIsearch expression\fR]
Enable
``list mode''.
In this mode,
@@ -216,16 +219,16 @@ unless separated by an
\fIor\fR.
.PP
.RE
.sp -1v
.PD 0
.TP 14n
\fB-m\fR \fImax_wait\fR
\fB\-m\fR \fImax_wait\fR
Specify an upper bound on how long to wait between key presses or output data.
By default,
\fBsudoreplay\fR
will accurately reproduce the delays between key presses or program output.
However, this can be tedious when the session includes long pauses.
When the
\fB-m\fR
\fB\-m\fR
option is specified,
\fBsudoreplay\fR
will limit these pauses to at most
@@ -233,8 +236,9 @@ will limit these pauses to at most
seconds.
The value may be specified as a floating point number, e.g.\&
\fI2.5\fR.
.PD
.TP 14n
\fB-s\fR \fIspeed_factor\fR
\fB\-s\fR \fIspeed_factor\fR
This option causes
\fBsudoreplay\fR
to adjust the number of seconds it will wait between key presses or
@@ -250,9 +254,9 @@ of
\fI.5\fR
would make the output twice as slow.
.TP 14n
\fB-V\fR
\fB\-V\fR
The
\fB-V\fR (\fIversion\fR)
\fB\-V\fR (\fIversion\fR)
option causes
\fBsudoreplay\fR
to print its version number

33
doc/visudo.man.in
View File

@@ -22,14 +22,16 @@
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "VISUDO" "@mansectsu@" "July 12, 2012" "1.8.6" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBvisudo\fR
\- edit the sudoers file
.SH "SYNOPSIS"
.HP 7n
\fBvisudo\fR
[\fB-chqsV\fR]
[\fB-f\fR\~\fIsudoers\fR]
[\fB\-chqsV\fR]
[\fB\-f\fR\ \fIsudoers\fR]
.SH "DESCRIPTION"
\fBvisudo\fR
edits the
@@ -123,7 +125,7 @@ the line where the error occurred (if the editor supports this feature).
accepts the following command line options:
accepts the following command line options:
.TP 12n
\fB-c\fR
\fB\-c\fR
Enable
\fIcheck-only\fR
mode.
@@ -134,7 +136,7 @@ checked for syntax errors, owner and mode.
A message will be printed to the standard output describing the status of
\fIsudoers\fR
unless the
\fB-q\fR
\fB\-q\fR
option was specified.
If the check completes successfully,
\fBvisudo\fR
@@ -143,7 +145,8 @@ If an error is encountered,
\fBvisudo\fR
will exit with a value of 1.
.TP 12n
\fB-f\fR \fIsudoers\fR
\fB\-f\fR \fIsudoers\fR
.br
Specify and alternate
\fIsudoers\fR
file location.
@@ -162,32 +165,32 @@ appended to it.
In
\fIcheck-only\fR
mode only, the argument to
\fB-f\fR
\fB\-f\fR
may be
`-',
indicating that
\fIsudoers\fR
will be read from the standard input.
.TP 12n
\fB-h\fR
\fB\-h\fR
The
\fB-h\fR (\fIhelp\fR)
\fB\-h\fR (\fIhelp\fR)
option causes
\fBvisudo\fR
to print a short help message
to the standard output and exit.
.TP 12n
\fB-q\fR
\fB\-q\fR
Enable
\fIquiet\fR
mode.
In this mode details about syntax errors are not printed.
This option is only useful when combined with
the
\fB-c\fR
\fB\-c\fR
option.
.TP 12n
\fB-s\fR
\fB\-s\fR
Enable
\fIstrict\fR
checking of the
@@ -202,9 +205,9 @@ letters, digits, and the underscore
(`_')
character.
.TP 12n
\fB-V\fR
\fB\-V\fR
The
\fB-V\fR (\fIversion\fR)
\fB\-V\fR (\fIversion\fR)
option causes
\fBvisudo\fR
to print its version number
@@ -262,7 +265,7 @@ In the latter case, you can ignore the warnings
will not complain)
\&.
In
\fB-s\fR
\fB\-s\fR
(strict) mode these are errors, not warnings.
.TP 6n
\fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR
@@ -270,7 +273,7 @@ The specified {User,Runas,Host,Cmnd}_Alias was defined but never
used.
You may wish to comment out or remove the unused alias.
In
\fB-s\fR
\fB\-s\fR
(strict) mode this is an error, not a warning.
.TP 6n
\fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR