isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2012-03-28 14:10:18 -04:00
parent 8cc1507bbf
commit bab4f2ce71
4 changed files with 42 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/sudo_plugin.cat
View File

@@ -1325,4 +1325,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5b2 March 16, 2012 SUDO_PLUGIN(1m) 1.8.5 March 28, 2012 SUDO_PLUGIN(1m)

2
doc/sudo_plugin.man.in
View File

@@ -139,7 +139,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO_PLUGIN @mansectsu@" .IX Title "SUDO_PLUGIN @mansectsu@"
.TH SUDO_PLUGIN @mansectsu@ "March 16, 2012" "1.8.5b2" "MAINTENANCE COMMANDS" .TH SUDO_PLUGIN @mansectsu@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l

32
doc/sudoers.cat
View File

@@ -65,11 +65,15 @@ DDEESSCCRRIIPPTTIIOONN
distinct ways _s_u_d_o_e_r_s can deal with environment variables. distinct ways _s_u_d_o_e_r_s can deal with environment variables.
By default, the _e_n_v___r_e_s_e_t option is enabled. This causes commands to By default, the _e_n_v___r_e_s_e_t option is enabled. This causes commands to
be executed with a minimal environment containing the TERM, PATH, HOME, be executed with a new, minimal environment. On AIX (and Linux systems
MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in addition without PAM), the environment is initialized with the contents of the
to variables from the invoking process permitted by the _e_n_v___c_h_e_c_k and _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t file. On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is
_e_n_v___k_e_e_p options. This is effectively a whitelist for environment enabled, the environment is initialized based on the _p_a_t_h and _s_e_t_e_n_v
variables. settings in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The new environment contains the TERM,
PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables
in addition to variables from the invoking process permitted by the
_e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This is effectively a whitelist for
environment variables.
If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not
explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited
@@ -95,11 +99,15 @@ DDEESSCCRRIIPPTTIIOONN
_s_u_d_o_e_r_s will initialize the environment regardless of the value of _s_u_d_o_e_r_s will initialize the environment regardless of the value of
_e_n_v___r_e_s_e_t. The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged; _e_n_v___r_e_s_e_t. The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged;
_H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user. _H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user.
On Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also On AIX (and Linux systems without PAM), the contents of
included. All other environment variables are removed. _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also included. On BSD systems, if the
_u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the _p_a_t_h and _s_e_t_e_n_v variables in
_/_e_t_c_/_l_o_g_i_n_._c_o_n_f are also applied. All other environment variables are
removed.
Lastly, if the _e_n_v___f_i_l_e option is defined, any variables present in Finally, if the _e_n_v___f_i_l_e option is defined, any variables present in
that file will be set to their specified values. that file will be set to their specified values as long as they would
not conflict with an existing environment variable.
SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
The _s_u_d_o_e_r_s file is composed of two types of entries: aliases The _s_u_d_o_e_r_s file is composed of two types of entries: aliases
@@ -1458,8 +1466,8 @@ FFIILLEESS
_/_v_a_r_/_a_d_m_/_s_u_d_o Directory containing time stamps for the _/_v_a_r_/_a_d_m_/_s_u_d_o Directory containing time stamps for the
_s_u_d_o_e_r_s security policy _s_u_d_o_e_r_s security policy
_/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on Linux and _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on AIX and
AIX Linux systems
EEXXAAMMPPLLEESS EEXXAAMMPPLLEESS
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit
@@ -1806,4 +1814,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 March 15, 2012 SUDOERS(4) 1.8.5 March 28, 2012 SUDOERS(4)

32
doc/sudoers.man.in
View File

@@ -148,7 +148,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS @mansectform@" .IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "March 15, 2012" "1.8.5" "MAINTENANCE COMMANDS" .TH SUDOERS @mansectform@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -218,11 +218,16 @@ environment are inherited by the command to be run. There are two
distinct ways \fIsudoers\fR can deal with environment variables. distinct ways \fIsudoers\fR can deal with environment variables.
.PP .PP
By default, the \fIenv_reset\fR option is enabled. This causes commands By default, the \fIenv_reset\fR option is enabled. This causes commands
to be executed with a minimal environment containing the \f(CW\*(C`TERM\*(C'\fR, to be executed with a new, minimal environment. On \s-1AIX\s0 (and Linux
\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, \f(CW\*(C`USERNAME\*(C'\fR systems without \s-1PAM\s0), the environment is initialized with the
and \f(CW\*(C`SUDO_*\*(C'\fR variables in addition to variables from the contents of the \fI/etc/environment\fR file. On \s-1BSD\s0 systems, if the
invoking process permitted by the \fIenv_check\fR and \fIenv_keep\fR \&\fIuse_loginclass\fR option is enabled, the environment is initialized
options. This is effectively a whitelist for environment variables. based on the \fIpath\fR and \fIsetenv\fR settings in \fI/etc/login.conf\fR.
The new environment contains the \f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR,
\&\f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, \f(CW\*(C`USERNAME\*(C'\fR and \f(CW\*(C`SUDO_*\*(C'\fR variables
in addition to variables from the invoking process permitted by the
\&\fIenv_check\fR and \fIenv_keep\fR options. This is effectively a whitelist
for environment variables.
.PP .PP
If, however, the \fIenv_reset\fR option is disabled, any variables not If, however, the \fIenv_reset\fR option is disabled, any variables not
explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR options are explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR options are
@@ -248,12 +253,15 @@ As a special case, if \fBsudo\fR's \fB\-i\fR option (initial login) is
specified, \fIsudoers\fR will initialize the environment regardless specified, \fIsudoers\fR will initialize the environment regardless
of the value of \fIenv_reset\fR. The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR of the value of \fIenv_reset\fR. The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR
variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR,
and \fI\s-1LOGNAME\s0\fR are set based on the target user. On Linux and \s-1AIX\s0 and \fI\s-1LOGNAME\s0\fR are set based on the target user. On \s-1AIX\s0 (and Linux
systems the contents of \fI/etc/environment\fR are also included. All systems without \s-1PAM\s0), the contents of \fI/etc/environment\fR are also
other environment variables are removed. included. On \s-1BSD\s0 systems, if the \fIuse_loginclass\fR option is
enabled, the \fIpath\fR and \fIsetenv\fR variables in \fI/etc/login.conf\fR
are also applied. All other environment variables are removed.
.PP .PP
Lastly, if the \fIenv_file\fR option is defined, any variables present Finally, if the \fIenv_file\fR option is defined, any variables present
in that file will be set to their specified values. in that file will be set to their specified values as long as they
would not conflict with an existing environment variable.
.SH "SUDOERS FILE FORMAT" .SH "SUDOERS FILE FORMAT"
.IX Header "SUDOERS FILE FORMAT" .IX Header "SUDOERS FILE FORMAT"
The \fIsudoers\fR file is composed of two types of entries: aliases The \fIsudoers\fR file is composed of two types of entries: aliases
@@ -1781,7 +1789,7 @@ I/O log files
Directory containing time stamps for the \fIsudoers\fR security policy Directory containing time stamps for the \fIsudoers\fR security policy
.IP "\fI/etc/environment\fR" 24 .IP "\fI/etc/environment\fR" 24
.IX Item "/etc/environment" .IX Item "/etc/environment"
Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0 Initial environment for \fB\-i\fR mode on \s-1AIX\s0 and Linux systems
.SH "EXAMPLES" .SH "EXAMPLES"
.IX Header "EXAMPLES" .IX Header "EXAMPLES"
Below are example \fIsudoers\fR entries. Admittedly, some of Below are example \fIsudoers\fR entries. Admittedly, some of