Add a DIAGNOSTICS section with an explanation of the more non-trivial

error messages.
2018-10-12 09:40:37 -06:00
parent b89cf34b53
commit ae7198a247
3 changed files with 290 additions and 0 deletions
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -606,6 +606,84 @@ EEXXAAMMPPLLEESS
           $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
 DDIIAAGGNNOOSSTTIICCSS
     Error messages produced by ssuuddoo include:
     editing files in a writable directory is not permitted
           By default, ssuuddooeeddiitt does not permit editing a file when any of the
           parent directories are writable by the invoking user.  This avoids
           a race condition that could allow the user to overwrite an
           arbitrary file.  See the _s_u_d_o_e_d_i_t___c_h_e_c_k_d_i_r option in sudoers(4) for
           more information.
     editing symbolic links is not permitted
           By default, ssuuddooeeddiitt does not follow symbolic links when opening
           files.  See the _s_u_d_o_e_d_i_t___f_o_l_l_o_w option in sudoers(4) for more
           information.
     effective uid is not 0, is sudo installed setuid root?
           This error indicates that ssuuddoo was not run with root privileges.
           The ssuuddoo binary must be owned by the root user and have the Set-
           user-ID bit set.  Also, it must not be located on a file system
           mounted with the `nosuid' option or on an NFS file system that maps
           uid 0 to an unprivileged uid.
     effective uid is not 0, is sudo on a file system with the 'nosuid' option
           set or an NFS file system without root privileges?
           This error indicates that the ssuuddoo binary has the proper owner and
           permissions but it still did not run with root privileges.  The
           most common reason for this is that the file system the ssuuddoo binary
           is located on is mounted with the `nosuid' option or it is an NFS
           file system that maps uid 0 to an unprivileged uid.
     fatal error, unable to load plugins
           An error occurred while loading or initializing the plugins
           specified in sudo.conf(4).
     invalid environment variable name: foo=bar
           One or more environment variable names specified via the --EE option
           contained an equal sign (`=').  The arguments to the --EE option
           should be environment variable names without an associated value.
     no password was provided
           When ssuuddoo tried to read the password, it did not receive any
           characters.  This may happen if no terminal is available (or the --SS
           option is specified) and the standard input has been redirected
           from _/_d_e_v_/_n_u_l_l.
     no tty present and no askpass program specified
           ssuuddoo needs to read the password but there is no mechanism available
           to do so.  A terminal is not present to read the password from,
           ssuuddoo has not been configured to read from the standard input, and
           no askpass program has been specified either via the --AA option or
           the SUDO_ASKPASS environment variable.
     no writable temporary directory found
           ssuuddooeeddiitt was unable to find a usable temporary directory in which
           to store its intermediate files.
     sudo must be owned by uid 0 and have the setuid bit set
           This error indicates that the ssuuddoo binary does not have the correct
           owner or permissions.  It must be owned by the root user and have
           the Set-user-ID bit set.
     sudoedit is not supported on this platform
           It is only possible to run ssuuddooeeddiitt on systems that support setting
           the effective user-ID.
     timed out reading password
           The user did not enter a password before the password timeout (5
           minutes by default) expired.
     unknown uid UID: who are you?
           ssuuddoo was unable to look up the invoking user's ID in the password
           database.
     you may not specify environment variables in edit mode
           It is only possible to specify environment variables when running a
           command.  When editing a file, the editor is run with the user's
           environment unmodified.
 SSEEEE AALLSSOO
     su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudo_plugin(4),
     sudoers(4), sudoreplay(1m), visudo(1m)
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -1205,6 +1205,118 @@ and file redirection work.
 $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
 .RE
 .fi
 .SH "DIAGNOSTICS"
 Error messages produced by
 \fBsudo\fR
 include:
 .TP 6n
 \fRediting files in a writable directory is not permitted\fR
 By default,
 \fBsudoedit\fR
 does not permit editing a file when any of the parent directories are writable
 by the invoking user.
 This avoids a race condition that could allow the user to overwrite
 an arbitrary file.
 See the
 \fIsudoedit_checkdir\fR
 option in
 sudoers(@mansectform@)
 for more information.
 .TP 6n
 \fRediting symbolic links is not permitted\fR
 By default,
 \fBsudoedit\fR
 does not follow symbolic links when opening files.
 See the
 \fIsudoedit_follow\fR
 option in
 sudoers(@mansectform@)
 for more information.
 .TP 6n
 \fReffective uid is not 0, is sudo installed setuid root?\fR
 This error indicates that
 \fBsudo\fR
 was not run with root privileges.
 The
 \fBsudo\fR
 binary must be owned by the root user and have the Set-user-ID bit set.
 Also, it must not be located on a file system mounted with the
 \(oqnosuid\(cq
 option or on an NFS file system that maps uid 0 to an unprivileged uid.
 .TP 6n
 \fReffective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\fR
 This error indicates that the
 \fBsudo\fR
 binary has the proper owner and permissions but it still did not run
 with root privileges.
 The most common reason for this is that the file system the
 \fBsudo\fR
 binary is located on is mounted with the
 \(oqnosuid\(cq
 option or it is an NFS file system that maps uid 0 to an unprivileged uid.
 .TP 6n
 \fRfatal error, unable to load plugins\fR
 An error occurred while loading or initializing the plugins specified in
 sudo.conf(@mansectform@).
 .TP 6n
 \fRinvalid environment variable name: foo=bar\fR
 One or more environment variable names specified via the
 \fB\-E\fR
 option contained an equal sign
 (\(oq=\(cq).
 The arguments to the
 \fB\-E\fR
 option should be environment variable names without an associated value.
 .TP 6n
 \fRno password was provided\fR
 When
 \fBsudo\fR
 tried to read the password, it did not receive any characters.
 This may happen if no terminal is available (or the
 \fB\-S\fR
 option is specified) and the standard input has been redirected from
 \fI/dev/null\fR.
 .TP 6n
 \fRno tty present and no askpass program specified\fR
 \fBsudo\fR
 needs to read the password but there is no mechanism available to do so.
 A terminal is not present to read the password from,
 \fBsudo\fR
 has not been configured to read from the standard input,
 and no askpass program has been specified either via the
 \fB\-A\fR
 option or the
 \fRSUDO_ASKPASS\fR
 environment variable.
 .TP 6n
 \fRno writable temporary directory found\fR
 \fBsudoedit\fR
 was unable to find a usable temporary directory in which to store its
 intermediate files.
 .TP 6n
 \fRsudo must be owned by uid 0 and have the setuid bit set\fR
 This error indicates that the
 \fBsudo\fR
 binary does not have the correct owner or permissions.
 It must be owned by the root user and have the Set-user-ID bit set.
 .TP 6n
 \fRsudoedit is not supported on this platform\fR
 It is only possible to run
 \fBsudoedit\fR
 on systems that support setting the effective user-ID.
 .TP 6n
 \fRtimed out reading password\fR
 The user did not enter a password before the password timeout
 (5 minutes by default) expired.
 .TP 6n
 \fRunknown uid UID: who are you?\fR
 \fBsudo\fR
 was unable to look up the invoking user's ID in the password database.
 .TP 6n
 \fRyou may not specify environment variables in edit mode\fR
 It is only possible to specify environment variables when running
 a command.
 When editing a file, the editor is run with the user's environment unmodified.
 .SH "SEE ALSO"
 su(1),
 stat(2),
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -1098,6 +1098,106 @@ and file redirection work.
 .Bd -literal -offset indent
 $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
 .Ed
 .Sh DIAGNOSTICS
 Error messages produced by
 .Nm
 include:
 .Bl -tag -width 4n
 .It Li editing files in a writable directory is not permitted
 By default,
 .Nm sudoedit
 does not permit editing a file when any of the parent directories are writable
 by the invoking user.
 This avoids a race condition that could allow the user to overwrite
 an arbitrary file.
 See the
 .Em sudoedit_checkdir
 option in
 .Xr sudoers @mansectform@
 for more information.
 .It Li editing symbolic links is not permitted
 By default,
 .Nm sudoedit
 does not follow symbolic links when opening files.
 See the
 .Em sudoedit_follow
 option in
 .Xr sudoers @mansectform@
 for more information.
 .It Li effective uid is not 0, is sudo installed setuid root?
 This error indicates that
 .Nm
 was not run with root privileges.
 The
 .Nm
 binary must be owned by the root user and have the Set-user-ID bit set.
 Also, it must not be located on a file system mounted with the
 .Sq nosuid
 option or on an NFS file system that maps uid 0 to an unprivileged uid.
 .It Li effective uid is not 0, is sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
 This error indicates that the
 .Nm
 binary has the proper owner and permissions but it still did not run
 with root privileges.
 The most common reason for this is that the file system the
 .Nm
 binary is located on is mounted with the
 .Sq nosuid
 option or it is an NFS file system that maps uid 0 to an unprivileged uid.
 .It Li fatal error, unable to load plugins
 An error occurred while loading or initializing the plugins specified in
 .Xr sudo.conf @mansectform@ .
 .It Li invalid environment variable name: foo=bar
 One or more environment variable names specified via the
 .Fl E
 option contained an equal sign
 .Pq Ql = .
 The arguments to the
 .Fl E
 option should be environment variable names without an associated value.
 .It Li no password was provided
 When
 .Nm
 tried to read the password, it did not receive any characters.
 This may happen if no terminal is available (or the
 .Fl S
 option is specified) and the standard input has been redirected from
 .Pa /dev/null .
 .It Li no tty present and no askpass program specified
 .Nm
 needs to read the password but there is no mechanism available to do so.
 A terminal is not present to read the password from,
 .Nm
 has not been configured to read from the standard input,
 and no askpass program has been specified either via the
 .Fl A
 option or the
 .Ev SUDO_ASKPASS
 environment variable.
 .It Li no writable temporary directory found
 .Nm sudoedit
 was unable to find a usable temporary directory in which to store its
 intermediate files.
 .It Li sudo must be owned by uid 0 and have the setuid bit set
 This error indicates that the
 .Nm
 binary does not have the correct owner or permissions.
 It must be owned by the root user and have the Set-user-ID bit set.
 .It Li sudoedit is not supported on this platform
 It is only possible to run
 .Nm sudoedit
 on systems that support setting the effective user-ID.
 .It Li timed out reading password
 The user did not enter a password before the password timeout
 (5 minutes by default) expired.
 .It Li unknown uid UID: who are you?
 .Nm
 was unable to look up the invoking user's ID in the password database.
 .It Li you may not specify environment variables in edit mode
 It is only possible to specify environment variables when running
 a command.
 When editing a file, the editor is run with the user's environment unmodified.
 .El
 .Sh SEE ALSO
 .Xr su 1 ,
 .Xr stat 2 ,