isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refer to user-ID and group-ID instead of "user ID" and "group ID"

Browse Source
This commit is contained in:
Todd C. Miller
2019-10-19 14:26:41 -06:00
parent 40bf4081be
commit c3ce3a84fb
23 changed files with 180 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
doc/UPGRADE
View File

@@ -186,13 +186,13 @@ o Upgrading from a version prior to 1.8.2:
When matching Unix groups in the sudoers file, sudo will now When matching Unix groups in the sudoers file, sudo will now
match based on the name of the group as it appears in sudoers match based on the name of the group as it appears in sudoers
instead of the group ID. This can substantially reduce the instead of the group-ID. This can substantially reduce the
number of group lookups for sudoers files that contain a large number of group lookups for sudoers files that contain a large
number of groups. There are a few side effects of this change. number of groups. There are a few side effects of this change.
1) Unix groups with different names but the same group ID are 1) Unix groups with different names but the same group-ID are
can no longer be used interchangeably. Sudo will look up all can no longer be used interchangeably. Sudo will look up all
of a user's groups by group ID and use the resulting group of a user's groups by group-ID and use the resulting group
names when matching sudoers entries. If there are multiple names when matching sudoers entries. If there are multiple
groups with the same ID, the group name returned by the groups with the same ID, the group name returned by the
system getgrgid() library function is the name that will be system getgrgid() library function is the name that will be
@@ -338,7 +338,7 @@ o Upgrading from a version prior to 1.7.0:
Starting with sudo 1.7.0, comments in the sudoers file must not Starting with sudo 1.7.0, comments in the sudoers file must not
have a digit or minus sign immediately after the comment character have a digit or minus sign immediately after the comment character
('#'). Otherwise, the comment may be interpreted as a user or ('#'). Otherwise, the comment may be interpreted as a user or
group ID. group-ID.
When sudo is build with LDAP support the /etc/nsswitch.conf file is When sudo is build with LDAP support the /etc/nsswitch.conf file is
now used to determine the sudoers sea ch order. sudo will default to now used to determine the sudoers sea ch order. sudo will default to

6
doc/sudo.conf.man.in
View File

@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.nr SL @SEMAN@ .nr SL @SEMAN@
.TH "SUDO.CONF" "@mansectform@" "July 3, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDO.CONF" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -334,12 +334,12 @@ Set disable_coredump false
.RS 10n .RS 10n
.sp .sp
All modern operating systems place restrictions on core dumps All modern operating systems place restrictions on core dumps
from setuid processes like from set-user-ID processes like
\fBsudo\fR \fBsudo\fR
so this option can be enabled without compromising security. so this option can be enabled without compromising security.
To actually get a To actually get a
\fBsudo\fR \fBsudo\fR
core file you will likely need to enable core dumps for setuid processes. core file you will likely need to enable core dumps for set-user-ID processes.
On On
BSD BSD
and Linux systems this is accomplished in the and Linux systems this is accomplished in the

6
doc/sudo.conf.mdoc.in
View File

@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.nr SL @SEMAN@ .nr SL @SEMAN@
.Dd July 3, 2019 .Dd October 20, 2019
.Dt SUDO.CONF @mansectform@ .Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -305,12 +305,12 @@ Set disable_coredump false
.Ed .Ed
.Pp .Pp
All modern operating systems place restrictions on core dumps All modern operating systems place restrictions on core dumps
from setuid processes like from set-user-ID processes like
.Nm sudo .Nm sudo
so this option can be enabled without compromising security. so this option can be enabled without compromising security.
To actually get a To actually get a
.Nm sudo .Nm sudo
core file you will likely need to enable core dumps for setuid processes. core file you will likely need to enable core dumps for set-user-ID processes.
On On
.Bx .Bx
and Linux systems this is accomplished in the and Linux systems this is accomplished in the

34
doc/sudo.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.TH "SUDO" "@mansectsu@" "May 27, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "SUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -98,7 +98,7 @@ as the superuser or another user, as specified by the security
policy. policy.
The invoking user's real The invoking user's real
(\fInot\fR effective) (\fInot\fR effective)
user ID is used to determine the user name with which user-ID is used to determine the user name with which
to query the security policy. to query the security policy.
.PP .PP
\fBsudo\fR \fBsudo\fR
@@ -260,7 +260,7 @@ If
is is
\fB-\fR, \fB-\fR,
the default login class of the target user will be used. the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or Otherwise, the command must be run as the superuser (user-ID 0), or
\fBsudo\fR \fBsudo\fR
must be run from a shell that is already running as the superuser. must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional If the command is being run as a login shell, additional
@@ -361,7 +361,7 @@ instead of the primary group specified by the target
user's password database entry. user's password database entry.
The The
\fIgroup\fR \fIgroup\fR
may be either a group name or a numeric group ID may be either a group name or a numeric group-ID
(GID) (GID)
prefixed with the prefixed with the
\(oq#\(cq \(oq#\(cq
@@ -504,7 +504,7 @@ By default, the
\fIsudoers\fR \fIsudoers\fR
policy will initialize the group vector to the list of groups the policy will initialize the group vector to the list of groups the
target user is a member of. target user is a member of.
The real and effective group IDs, however, are still set to match The real and effective group-IDs, however, are still set to match
the target user. the target user.
.TP 12n .TP 12n
\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR \fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR
@@ -629,7 +629,7 @@ Run the command as a user other than the default target user
\fIroot\fR). \fIroot\fR).
The The
\fIuser\fR \fIuser\fR
may be either a user name or a numeric user ID may be either a user name or a numeric user-ID
(UID) (UID)
prefixed with the prefixed with the
\(oq#\(cq \(oq#\(cq
@@ -719,13 +719,13 @@ option was specified).
The following parameters may be specified by security policy: The following parameters may be specified by security policy:
.TP 3n .TP 3n
\fB\(bu\fR \fB\(bu\fR
real and effective user ID real and effective user-ID
.TP 3n .TP 3n
\fB\(bu\fR \fB\(bu\fR
real and effective group ID real and effective group-ID
.TP 3n .TP 3n
\fB\(bu\fR \fB\(bu\fR
supplementary group IDs supplementary group-IDs
.TP 3n .TP 3n
\fB\(bu\fR \fB\(bu\fR
the environment list the environment list
@@ -1027,7 +1027,7 @@ To prevent the disclosure of potentially sensitive information,
disables core dumps by default while it is executing (they are disables core dumps by default while it is executing (they are
re-enabled for the command that is run). re-enabled for the command that is run).
This historical practice dates from a time when most operating This historical practice dates from a time when most operating
systems allowed setuid processes to dump core by default. systems allowed set-user-ID processes to dump core by default.
To aid in debugging To aid in debugging
\fBsudo\fR \fBsudo\fR
crashes, you may wish to re-enable core dumps by setting crashes, you may wish to re-enable core dumps by setting
@@ -1138,7 +1138,7 @@ Default editor to use in
(sudoedit) mode. (sudoedit) mode.
.TP 17n .TP 17n
\fRSUDO_GID\fR \fRSUDO_GID\fR
Set to the group ID of the user who invoked sudo. Set to the group-ID of the user who invoked sudo.
.TP 17n .TP 17n
\fRSUDO_PROMPT\fR \fRSUDO_PROMPT\fR
Used as the default password prompt unless Used as the default password prompt unless
@@ -1152,7 +1152,7 @@ If set,
will be set to its value for the program being run. will be set to its value for the program being run.
.TP 17n .TP 17n
\fRSUDO_UID\fR \fRSUDO_UID\fR
Set to the user ID of the user who invoked sudo. Set to the user-ID of the user who invoked sudo.
.TP 17n .TP 17n
\fRSUDO_USER\fR \fRSUDO_USER\fR
Set to the login name of the user who invoked sudo. Set to the login name of the user who invoked sudo.
@@ -1272,7 +1272,7 @@ for more information.
was not run with root privileges. was not run with root privileges.
The The
\fBsudo\fR \fBsudo\fR
binary must be owned by the root user and have the Set-user-ID bit set. binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the Also, it must not be located on a file system mounted with the
\(oqnosuid\(cq \(oqnosuid\(cq
option or on an NFS file system that maps uid 0 to an unprivileged uid. option or on an NFS file system that maps uid 0 to an unprivileged uid.
@@ -1338,7 +1338,7 @@ was not run with root privileges.
The The
\fBsudo\fR \fBsudo\fR
binary does not have the correct owner or permissions. binary does not have the correct owner or permissions.
It must be owned by the root user and have the Set-user-ID bit set. It must be owned by the root user and have the set-user-ID bit set.
.TP 6n .TP 6n
\fRsudoedit is not supported on this platform\fR \fRsudoedit is not supported on this platform\fR
It is only possible to run It is only possible to run
@@ -1350,7 +1350,7 @@ The user did not enter a password before the password timeout
(5 minutes by default) expired. (5 minutes by default) expired.
.TP 6n .TP 6n
\fRyou do not exist in the passwd database\fR \fRyou do not exist in the passwd database\fR
Your user ID does not appear in the system passwd database. Your user-ID does not appear in the system passwd database.
.TP 6n .TP 6n
\fRyou may not specify environment variables in edit mode\fR \fRyou may not specify environment variables in edit mode\fR
It is only possible to specify environment variables when running It is only possible to specify environment variables when running
@@ -1417,9 +1417,9 @@ section for more information.
.PP .PP
Running shell scripts via Running shell scripts via
\fBsudo\fR \fBsudo\fR
can expose the same kernel bugs that make setuid shell scripts can expose the same kernel bugs that make set-user-ID shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory, unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe). set-user-ID shell scripts are generally safe).
.SH "BUGS" .SH "BUGS"
If you feel you have found a bug in If you feel you have found a bug in
\fBsudo\fR, \fBsudo\fR,

34
doc/sudo.mdoc.in
View File

@@ -24,7 +24,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.Dd May 27, 2019 .Dd October 20, 2019
.Dt SUDO @mansectsu@ .Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -100,7 +100,7 @@ as the superuser or another user, as specified by the security
policy. policy.
The invoking user's real The invoking user's real
.Pq Em not No effective .Pq Em not No effective
user ID is used to determine the user name with which user-ID is used to determine the user name with which
to query the security policy. to query the security policy.
.Pp .Pp
.Nm .Nm
@@ -252,7 +252,7 @@ If
is is
.Cm - , .Cm - ,
the default login class of the target user will be used. the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or Otherwise, the command must be run as the superuser (user-ID 0), or
.Nm .Nm
must be run from a shell that is already running as the superuser. must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional If the command is being run as a login shell, additional
@@ -341,7 +341,7 @@ instead of the primary group specified by the target
user's password database entry. user's password database entry.
The The
.Ar group .Ar group
may be either a group name or a numeric group ID may be either a group name or a numeric group-ID
.Pq GID .Pq GID
prefixed with the prefixed with the
.Ql # .Ql #
@@ -475,7 +475,7 @@ By default, the
.Em sudoers .Em sudoers
policy will initialize the group vector to the list of groups the policy will initialize the group vector to the list of groups the
target user is a member of. target user is a member of.
The real and effective group IDs, however, are still set to match The real and effective group-IDs, however, are still set to match
the target user. the target user.
.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt .It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt
Use a custom password prompt with optional escape sequences. Use a custom password prompt with optional escape sequences.
@@ -583,7 +583,7 @@ Run the command as a user other than the default target user
.Em root ) . .Em root ) .
The The
.Ar user .Ar user
may be either a user name or a numeric user ID may be either a user name or a numeric user-ID
.Pq UID .Pq UID
prefixed with the prefixed with the
.Ql # .Ql #
@@ -671,11 +671,11 @@ option was specified).
The following parameters may be specified by security policy: The following parameters may be specified by security policy:
.Bl -bullet -width 1n .Bl -bullet -width 1n
.It .It
real and effective user ID real and effective user-ID
.It .It
real and effective group ID real and effective group-ID
.It .It
supplementary group IDs supplementary group-IDs
.It .It
the environment list the environment list
.It .It
@@ -968,7 +968,7 @@ To prevent the disclosure of potentially sensitive information,
disables core dumps by default while it is executing (they are disables core dumps by default while it is executing (they are
re-enabled for the command that is run). re-enabled for the command that is run).
This historical practice dates from a time when most operating This historical practice dates from a time when most operating
systems allowed setuid processes to dump core by default. systems allowed set-user-ID processes to dump core by default.
To aid in debugging To aid in debugging
.Nm .Nm
crashes, you may wish to re-enable core dumps by setting crashes, you may wish to re-enable core dumps by setting
@@ -1067,7 +1067,7 @@ Default editor to use in
.Fl e .Fl e
(sudoedit) mode. (sudoedit) mode.
.It Ev SUDO_GID .It Ev SUDO_GID
Set to the group ID of the user who invoked sudo. Set to the group-ID of the user who invoked sudo.
.It Ev SUDO_PROMPT .It Ev SUDO_PROMPT
Used as the default password prompt unless Used as the default password prompt unless
the the
@@ -1078,7 +1078,7 @@ If set,
.Ev PS1 .Ev PS1
will be set to its value for the program being run. will be set to its value for the program being run.
.It Ev SUDO_UID .It Ev SUDO_UID
Set to the user ID of the user who invoked sudo. Set to the user-ID of the user who invoked sudo.
.It Ev SUDO_USER .It Ev SUDO_USER
Set to the login name of the user who invoked sudo. Set to the login name of the user who invoked sudo.
.It Ev USER .It Ev USER
@@ -1174,7 +1174,7 @@ for more information.
was not run with root privileges. was not run with root privileges.
The The
.Nm .Nm
binary must be owned by the root user and have the Set-user-ID bit set. binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the Also, it must not be located on a file system mounted with the
.Sq nosuid .Sq nosuid
option or on an NFS file system that maps uid 0 to an unprivileged uid. option or on an NFS file system that maps uid 0 to an unprivileged uid.
@@ -1233,7 +1233,7 @@ was not run with root privileges.
The The
.Nm .Nm
binary does not have the correct owner or permissions. binary does not have the correct owner or permissions.
It must be owned by the root user and have the Set-user-ID bit set. It must be owned by the root user and have the set-user-ID bit set.
.It Li sudoedit is not supported on this platform .It Li sudoedit is not supported on this platform
It is only possible to run It is only possible to run
.Nm sudoedit .Nm sudoedit
@@ -1242,7 +1242,7 @@ on systems that support setting the effective user-ID.
The user did not enter a password before the password timeout The user did not enter a password before the password timeout
(5 minutes by default) expired. (5 minutes by default) expired.
.It Li you do not exist in the passwd database .It Li you do not exist in the passwd database
Your user ID does not appear in the system passwd database. Your user-ID does not appear in the system passwd database.
.It Li you may not specify environment variables in edit mode .It Li you may not specify environment variables in edit mode
It is only possible to specify environment variables when running It is only possible to specify environment variables when running
a command. a command.
@@ -1305,9 +1305,9 @@ section for more information.
.Pp .Pp
Running shell scripts via Running shell scripts via
.Nm .Nm
can expose the same kernel bugs that make setuid shell scripts can expose the same kernel bugs that make set-user-ID shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory, unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe). set-user-ID shell scripts are generally safe).
.Sh BUGS .Sh BUGS
If you feel you have found a bug in If you feel you have found a bug in
.Nm , .Nm ,

22
doc/sudo_plugin.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.TH "SUDO_PLUGIN" "5" "October 18, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDO_PLUGIN" "5" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -459,20 +459,20 @@ cwd=string
The user's current working directory. The user's current working directory.
.TP 6n .TP 6n
egid=gid_t egid=gid_t
The effective group ID of the user invoking The effective group-ID of the user invoking
\fBsudo\fR. \fBsudo\fR.
.TP 6n .TP 6n
euid=uid_t euid=uid_t
The effective user ID of the user invoking The effective user-ID of the user invoking
\fBsudo\fR. \fBsudo\fR.
.TP 6n .TP 6n
gid=gid_t gid=gid_t
The real group ID of the user invoking The real group-ID of the user invoking
\fBsudo\fR. \fBsudo\fR.
.TP 6n .TP 6n
groups=list groups=list
The user's supplementary group list formatted as a string of The user's supplementary group list formatted as a string of
comma-separated group IDs. comma-separated group-IDs.
.TP 6n .TP 6n
host=string host=string
The local machine's hostname as returned by the The local machine's hostname as returned by the
@@ -552,7 +552,7 @@ the value will be empty, as in
\(lq\fRtty=\fR\(rq. \(lq\fRtty=\fR\(rq.
.TP 6n .TP 6n
uid=uid_t uid=uid_t
The real user ID of the user invoking The real user-ID of the user invoking
\fBsudo\fR. \fBsudo\fR.
.TP 6n .TP 6n
umask=octal umask=octal
@@ -991,29 +991,29 @@ initializing the group vector based on
\fRrunas_user\fR. \fRrunas_user\fR.
.TP 6n .TP 6n
runas_egid=gid runas_egid=gid
Effective group ID to run the command as. Effective group-ID to run the command as.
If not specified, the value of If not specified, the value of
\fIrunas_gid\fR \fIrunas_gid\fR
is used. is used.
.TP 6n .TP 6n
runas_euid=uid runas_euid=uid
Effective user ID to run the command as. Effective user-ID to run the command as.
If not specified, the value of If not specified, the value of
\fIrunas_uid\fR \fIrunas_uid\fR
is used. is used.
.TP 6n .TP 6n
runas_gid=gid runas_gid=gid
Group ID to run the command as. Group-ID to run the command as.
.TP 6n .TP 6n
runas_groups=list runas_groups=list
The supplementary group vector to use for the command in the form The supplementary group vector to use for the command in the form
of a comma-separated list of group IDs. of a comma-separated list of group-IDs.
If If
\fIpreserve_groups\fR \fIpreserve_groups\fR
is set, this option is ignored. is set, this option is ignored.
.TP 6n .TP 6n
runas_uid=uid runas_uid=uid
User ID to run the command as. User-ID to run the command as.
.TP 6n .TP 6n
selinux_role=string selinux_role=string
SELinux role to use when executing the command. SELinux role to use when executing the command.

22
doc/sudo_plugin.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd October 18, 2019 .Dd October 20, 2019
.Dt SUDO_PLUGIN @mansectform@ .Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -411,17 +411,17 @@ If there is no terminal device available, a default value of 80 is used.
.It cwd=string .It cwd=string
The user's current working directory. The user's current working directory.
.It egid=gid_t .It egid=gid_t
The effective group ID of the user invoking The effective group-ID of the user invoking
.Nm sudo . .Nm sudo .
.It euid=uid_t .It euid=uid_t
The effective user ID of the user invoking The effective user-ID of the user invoking
.Nm sudo . .Nm sudo .
.It gid=gid_t .It gid=gid_t
The real group ID of the user invoking The real group-ID of the user invoking
.Nm sudo . .Nm sudo .
.It groups=list .It groups=list
The user's supplementary group list formatted as a string of The user's supplementary group list formatted as a string of
comma-separated group IDs. comma-separated group-IDs.
.It host=string .It host=string
The local machine's hostname as returned by the The local machine's hostname as returned by the
.Xr gethostname 2 .Xr gethostname 2
@@ -491,7 +491,7 @@ If the user has no terminal device associated with the session,
the value will be empty, as in the value will be empty, as in
.Dq Li tty= . .Dq Li tty= .
.It uid=uid_t .It uid=uid_t
The real user ID of the user invoking The real user-ID of the user invoking
.Nm sudo . .Nm sudo .
.It umask=octal .It umask=octal
The invoking user's file creation mask. The invoking user's file creation mask.
@@ -877,25 +877,25 @@ will preserve the user's group vector instead of
initializing the group vector based on initializing the group vector based on
.Li runas_user . .Li runas_user .
.It runas_egid=gid .It runas_egid=gid
Effective group ID to run the command as. Effective group-ID to run the command as.
If not specified, the value of If not specified, the value of
.Em runas_gid .Em runas_gid
is used. is used.
.It runas_euid=uid .It runas_euid=uid
Effective user ID to run the command as. Effective user-ID to run the command as.
If not specified, the value of If not specified, the value of
.Em runas_uid .Em runas_uid
is used. is used.
.It runas_gid=gid .It runas_gid=gid
Group ID to run the command as. Group-ID to run the command as.
.It runas_groups=list .It runas_groups=list
The supplementary group vector to use for the command in the form The supplementary group vector to use for the command in the form
of a comma-separated list of group IDs. of a comma-separated list of group-IDs.
If If
.Em preserve_groups .Em preserve_groups
is set, this option is ignored. is set, this option is ignored.
.It runas_uid=uid .It runas_uid=uid
User ID to run the command as. User-ID to run the command as.
.It selinux_role=string .It selinux_role=string
SELinux role to use when executing the command. SELinux role to use when executing the command.
.It selinux_type=string .It selinux_type=string

4
doc/sudoers.ldap.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.TH "SUDOERS.LDAP" "@mansectform@" "February 26, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS.LDAP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -112,7 +112,7 @@ The equivalent of a sudoer in LDAP is a
It consists of the following attributes: It consists of the following attributes:
.TP 6n .TP 6n
\fBsudoUser\fR \fBsudoUser\fR
A user name, user ID (prefixed with A user name, user-ID (prefixed with
\(oq#\(cq), \(oq#\(cq),
Unix group name or ID (prefixed with Unix group name or ID (prefixed with
\(oq%\(cq \(oq%\(cq

4
doc/sudoers.ldap.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd February 26, 2018 .Dd October 20, 2019
.Dt SUDOERS.LDAP @mansectform@ .Dt SUDOERS.LDAP @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -106,7 +106,7 @@ The equivalent of a sudoer in LDAP is a
It consists of the following attributes: It consists of the following attributes:
.Bl -tag -width 4n .Bl -tag -width 4n
.It Sy sudoUser .It Sy sudoUser
A user name, user ID (prefixed with A user name, user-ID (prefixed with
.Ql # ) , .Ql # ) ,
Unix group name or ID (prefixed with Unix group name or ID (prefixed with
.Ql % .Ql %

69
doc/sudoers.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "October 17, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -123,13 +123,13 @@ sudoers_uid=uid
The The
\fIsudoers_uid\fR \fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file. argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID. It should be specified as a numeric user-ID.
.TP 10n .TP 10n
sudoers_gid=gid sudoers_gid=gid
The The
\fIsudoers_gid\fR \fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file. argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name). It must be specified as a numeric group-ID (not a group name).
.TP 10n .TP 10n
sudoers_mode=mode sudoers_mode=mode
The The
@@ -220,7 +220,7 @@ file lookup is still done for root, not the user specified by
\fBsudoers\fR \fBsudoers\fR
uses per-user time stamp files for credential caching. uses per-user time stamp files for credential caching.
Once a user has been authenticated, a record is written Once a user has been authenticated, a record is written
containing the user ID that was used to authenticate, the containing the user-ID that was used to authenticate, the
terminal session ID, the start time of the session leader terminal session ID, the start time of the session leader
(or parent process) and a time stamp (or parent process) and a time stamp
(using a monotonic clock if one is available). (using a monotonic clock if one is available).
@@ -477,7 +477,7 @@ list.
.PP .PP
Note that the dynamic linker on most operating systems will remove Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of variables that can control dynamic linking from the environment of
setuid executables, including set-user-ID executables, including
\fBsudo\fR. \fBsudo\fR.
Depending on the operating Depending on the operating
system this may include system this may include
@@ -712,7 +712,7 @@ User ::= '!'* user name |
.PP .PP
A A
\fRUser_List\fR \fRUser_List\fR
is made up of one or more user names, user IDs is made up of one or more user names, user-IDs
(prefixed with (prefixed with
\(oq#\(cq), \(oq#\(cq),
system group names and IDs (prefixed with system group names and IDs (prefixed with
@@ -811,10 +811,13 @@ it can contain
\fRRunas_Alias\fRes. \fRRunas_Alias\fRes.
Note that Note that
user names and groups are matched as strings. user names and groups are matched as strings.
In other words, two In other words, two users (groups) with the same user (group) ID
users (groups) with the same uid (gid) are considered to be distinct. are considered to be distinct.
If you wish to match all user names with the same uid (e.g., If you wish to match all user names with the same user-ID (e.g., root and
root and toor), you can use a uid instead (#0 in the example given). toor), you can use a user-ID instead of a name (#0 in the example given).
Note that the user-ID or group-ID specified in a
\fRRunas_Member\fR
need not be listed in the password or group database.
.nf .nf
.sp .sp
.RS 0n .RS 0n
@@ -1969,7 +1972,7 @@ The pound sign
is used to indicate a comment (unless it is part of a #include is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a followed by one or more digits, in which case it is treated as a
uid). user-ID).
Both the comment character and any text after it, up to the end of Both the comment character and any text after it, up to the end of
the line, are ignored. the line, are ignored.
.PP .PP
@@ -2683,7 +2686,7 @@ by default.
match_group_by_gid match_group_by_gid
By default, By default,
\fBsudoers\fR \fBsudoers\fR
will look up each group the user is a member of by group ID to will look up each group the user is a member of by group-ID to
determine the group name (this is only done once). determine the group name (this is only done once).
The resulting list of the user's group names is used when matching The resulting list of the user's group names is used when matching
groups listed in the groups listed in the
@@ -2702,21 +2705,21 @@ running commands via
may take longer than normal. may take longer than normal.
On such systems it may be faster to use the On such systems it may be faster to use the
\fImatch_group_by_gid\fR \fImatch_group_by_gid\fR
flag to avoid resolving the user's group IDs to group names. flag to avoid resolving the user's group-IDs to group names.
In this case, In this case,
\fBsudoers\fR \fBsudoers\fR
must look up any group name listed in the must look up any group name listed in the
\fIsudoers\fR \fIsudoers\fR
file and use the group ID instead of the group name when determining file and use the group-ID instead of the group name when determining
whether the user is a member of the group. whether the user is a member of the group.
.sp .sp
Note that if Note that if
\fImatch_group_by_gid\fR \fImatch_group_by_gid\fR
is enabled, group database lookups performed by is enabled, group database lookups performed by
\fBsudoers\fR \fBsudoers\fR
will be keyed by group name as opposed to group ID. will be keyed by group name as opposed to group-ID.
On systems where there are multiple sources for the group database, On systems where there are multiple sources for the group database,
it is possible to have conflicting group names or group IDs in the local it is possible to have conflicting group names or group-IDs in the local
\fI/etc/group\fR \fI/etc/group\fR
file and the remote group database. file and the remote group database.
On such systems, enabling or disabling On such systems, enabling or disabling
@@ -2872,7 +2875,7 @@ will initialize the group vector to the list of groups the target user is in.
When When
\fIpreserve_groups\fR \fIpreserve_groups\fR
is set, the user's existing group vector is left unaltered. is set, the user's existing group vector is left unaltered.
The real and effective group IDs, however, are still set to match the The real and effective group-IDs, however, are still set to match the
target user. target user.
This flag is This flag is
\fIoff\fR \fIoff\fR
@@ -3063,9 +3066,9 @@ This option changes that behavior such that the real UID is left
as the invoking user's UID. as the invoking user's UID.
In other words, this makes In other words, this makes
\fBsudo\fR \fBsudo\fR
act as a setuid wrapper. act as a set-user-ID wrapper.
This can be useful on systems that disable some potentially This can be useful on systems that disable some potentially
dangerous functionality when a program is run setuid. dangerous functionality when a program is run set-user-ID.
This option is only effective on systems that support either the This option is only effective on systems that support either the
setreuid(2) setreuid(2)
or or
@@ -3140,7 +3143,7 @@ option (defaults to
\fRroot\fR) \fRroot\fR)
instead of the password of the invoking user instead of the password of the invoking user
when running a command or editing a file. when running a command or editing a file.
Note that this flag precludes the use of a uid not listed in the passwd Note that this flag precludes the use of a user-ID not listed in the passwd
database as an argument to the database as an argument to the
\fB\-u\fR \fB\-u\fR
option. option.
@@ -3529,7 +3532,7 @@ where every two digits are used to form a new directory, e.g.,
expanded to the invoking user's login name expanded to the invoking user's login name
.TP 6n .TP 6n
\fR%{group}\fR \fR%{group}\fR
expanded to the name of the invoking user's real group ID expanded to the name of the invoking user's real group-ID
.TP 6n .TP 6n
\fR%{runas_user}\fR \fR%{runas_user}\fR
expanded to the login name of the user the command will expanded to the login name of the user the command will
@@ -3614,19 +3617,19 @@ by default.
This setting is only supported by version 1.8.20 or higher. This setting is only supported by version 1.8.20 or higher.
.TP 18n .TP 18n
iolog_group iolog_group
The group name to look up when setting the group ID on new I/O log The group name to look up when setting the group-ID on new I/O log
files and directories. files and directories.
If If
\fIiolog_group\fR \fIiolog_group\fR
is not set, is not set,
the primary group ID of the user specified by the primary group-ID of the user specified by
\fIiolog_user\fR \fIiolog_user\fR
is used. is used.
If neither If neither
\fIiolog_group\fR \fIiolog_group\fR
nor nor
\fIiolog_user\fR \fIiolog_user\fR
are set, I/O log files and directories are created with group ID 0. are set, I/O log files and directories are created with group-ID 0.
.sp .sp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.TP 18n .TP 18n
@@ -3644,19 +3647,19 @@ Defaults to 0600 (read and write by user only).
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.TP 18n .TP 18n
iolog_user iolog_user
The user name to look up when setting the user and group IDs on new The user name to look up when setting the user and group-IDs on new
I/O log files and directories. I/O log files and directories.
If If
\fIiolog_group\fR \fIiolog_group\fR
is set, it will be used instead of the user's primary group ID. is set, it will be used instead of the user's primary group-ID.
By default, I/O log files and directories are created with user and By default, I/O log files and directories are created with user and
group ID 0. group-ID 0.
.sp .sp
This setting can be useful when the I/O logs are stored on a Network This setting can be useful when the I/O logs are stored on a Network
File System (NFS) share. File System (NFS) share.
Having a dedicated user own the I/O log files means that Having a dedicated user own the I/O log files means that
\fBsudoers\fR \fBsudoers\fR
does not write to the log files as user ID 0, which is usually does not write to the log files as user-ID 0, which is usually
not permitted by NFS. not permitted by NFS.
.sp .sp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
@@ -4402,7 +4405,7 @@ is run by root with the
\fB\-V\fR \fB\-V\fR
option. option.
Note that many operating systems will remove potentially dangerous Note that many operating systems will remove potentially dangerous
variables from the environment of any setuid process (such as variables from the environment of any set-user-ID process (such as
\fBsudo\fR). \fBsudo\fR).
.TP 18n .TP 18n
env_keep env_keep
@@ -4672,7 +4675,7 @@ The
file could not be opened for reading. file could not be opened for reading.
This can happen when the This can happen when the
\fIsudoers\fR \fIsudoers\fR
file is located on a remote file system that maps user ID 0 to file is located on a remote file system that maps user-ID 0 to
a different value. a different value.
Normally, Normally,
\fBsudoers\fR \fBsudoers\fR
@@ -4685,7 +4688,7 @@ or adding an argument like
\(lqsudoers_uid=N\(rq \(lqsudoers_uid=N\(rq
(where (where
\(oqN\(cq \(oqN\(cq
is the user ID that owns the is the user-ID that owns the
\fIsudoers\fR \fIsudoers\fR
file) to the end of the file) to the end of the
\fBsudoers\fR \fBsudoers\fR
@@ -4714,7 +4717,7 @@ file owner, please add
\(lqsudoers_uid=N\(rq \(lqsudoers_uid=N\(rq
(where (where
\(oqN\(cq \(oqN\(cq
is the user ID that owns the is the user-ID that owns the
\fIsudoers\fR \fIsudoers\fR
file) to the file) to the
\fBsudoers\fR \fBsudoers\fR
@@ -4750,7 +4753,7 @@ file group ownership, please add
\(lqsudoers_gid=N\(rq \(lqsudoers_gid=N\(rq
(where (where
\(oqN\(cq \(oqN\(cq
is the group ID that owns the is the group-ID that owns the
\fIsudoers\fR \fIsudoers\fR
file) to the file) to the
\fBsudoers\fR \fBsudoers\fR

69
doc/sudoers.mdoc.in
View File

@@ -24,7 +24,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.Dd October 17, 2019 .Dd October 20, 2019
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -113,12 +113,12 @@ file.
The The
.Em sudoers_uid .Em sudoers_uid
argument can be used to override the default owner of the sudoers file. argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID. It should be specified as a numeric user-ID.
.It sudoers_gid=gid .It sudoers_gid=gid
The The
.Em sudoers_gid .Em sudoers_gid
argument can be used to override the default group of the sudoers file. argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name). It must be specified as a numeric group-ID (not a group name).
.It sudoers_mode=mode .It sudoers_mode=mode
The The
.Em sudoers_mode .Em sudoers_mode
@@ -209,7 +209,7 @@ file lookup is still done for root, not the user specified by
.Nm .Nm
uses per-user time stamp files for credential caching. uses per-user time stamp files for credential caching.
Once a user has been authenticated, a record is written Once a user has been authenticated, a record is written
containing the user ID that was used to authenticate, the containing the user-ID that was used to authenticate, the
terminal session ID, the start time of the session leader terminal session ID, the start time of the session leader
(or parent process) and a time stamp (or parent process) and a time stamp
(using a monotonic clock if one is available). (using a monotonic clock if one is available).
@@ -464,7 +464,7 @@ list.
.Pp .Pp
Note that the dynamic linker on most operating systems will remove Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of variables that can control dynamic linking from the environment of
setuid executables, including set-user-ID executables, including
.Nm sudo . .Nm sudo .
Depending on the operating Depending on the operating
system this may include system this may include
@@ -686,7 +686,7 @@ User ::= '!'* user name |
.Pp .Pp
A A
.Li User_List .Li User_List
is made up of one or more user names, user IDs is made up of one or more user names, user-IDs
(prefixed with (prefixed with
.Ql # ) , .Ql # ) ,
system group names and IDs (prefixed with system group names and IDs (prefixed with
@@ -781,10 +781,13 @@ it can contain
.Li Runas_Alias Ns es . .Li Runas_Alias Ns es .
Note that Note that
user names and groups are matched as strings. user names and groups are matched as strings.
In other words, two In other words, two users (groups) with the same user (group) ID
users (groups) with the same uid (gid) are considered to be distinct. are considered to be distinct.
If you wish to match all user names with the same uid (e.g., If you wish to match all user names with the same user-ID (e.g., root and
root and toor), you can use a uid instead (#0 in the example given). toor), you can use a user-ID instead of a name (#0 in the example given).
Note that the user-ID or group-ID specified in a
.Li Runas_Member
need not be listed in the password or group database.
.Bd -literal .Bd -literal
Host_List ::= Host | Host_List ::= Host |
Host ',' Host_List Host ',' Host_List
@@ -1846,7 +1849,7 @@ The pound sign
is used to indicate a comment (unless it is part of a #include is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a followed by one or more digits, in which case it is treated as a
uid). user-ID).
Both the comment character and any text after it, up to the end of Both the comment character and any text after it, up to the end of
the line, are ignored. the line, are ignored.
.Pp .Pp
@@ -2522,7 +2525,7 @@ by default.
.It match_group_by_gid .It match_group_by_gid
By default, By default,
.Nm .Nm
will look up each group the user is a member of by group ID to will look up each group the user is a member of by group-ID to
determine the group name (this is only done once). determine the group name (this is only done once).
The resulting list of the user's group names is used when matching The resulting list of the user's group names is used when matching
groups listed in the groups listed in the
@@ -2541,21 +2544,21 @@ running commands via
may take longer than normal. may take longer than normal.
On such systems it may be faster to use the On such systems it may be faster to use the
.Em match_group_by_gid .Em match_group_by_gid
flag to avoid resolving the user's group IDs to group names. flag to avoid resolving the user's group-IDs to group names.
In this case, In this case,
.Nm .Nm
must look up any group name listed in the must look up any group name listed in the
.Em sudoers .Em sudoers
file and use the group ID instead of the group name when determining file and use the group-ID instead of the group name when determining
whether the user is a member of the group. whether the user is a member of the group.
.Pp .Pp
Note that if Note that if
.Em match_group_by_gid .Em match_group_by_gid
is enabled, group database lookups performed by is enabled, group database lookups performed by
.Nm .Nm
will be keyed by group name as opposed to group ID. will be keyed by group name as opposed to group-ID.
On systems where there are multiple sources for the group database, On systems where there are multiple sources for the group database,
it is possible to have conflicting group names or group IDs in the local it is possible to have conflicting group names or group-IDs in the local
.Pa /etc/group .Pa /etc/group
file and the remote group database. file and the remote group database.
On such systems, enabling or disabling On such systems, enabling or disabling
@@ -2703,7 +2706,7 @@ will initialize the group vector to the list of groups the target user is in.
When When
.Em preserve_groups .Em preserve_groups
is set, the user's existing group vector is left unaltered. is set, the user's existing group vector is left unaltered.
The real and effective group IDs, however, are still set to match the The real and effective group-IDs, however, are still set to match the
target user. target user.
This flag is This flag is
.Em off .Em off
@@ -2883,9 +2886,9 @@ This option changes that behavior such that the real UID is left
as the invoking user's UID. as the invoking user's UID.
In other words, this makes In other words, this makes
.Nm sudo .Nm sudo
act as a setuid wrapper. act as a set-user-ID wrapper.
This can be useful on systems that disable some potentially This can be useful on systems that disable some potentially
dangerous functionality when a program is run setuid. dangerous functionality when a program is run set-user-ID.
This option is only effective on systems that support either the This option is only effective on systems that support either the
.Xr setreuid 2 .Xr setreuid 2
or or
@@ -2955,7 +2958,7 @@ option (defaults to
.Li root ) .Li root )
instead of the password of the invoking user instead of the password of the invoking user
when running a command or editing a file. when running a command or editing a file.
Note that this flag precludes the use of a uid not listed in the passwd Note that this flag precludes the use of a user-ID not listed in the passwd
database as an argument to the database as an argument to the
.Fl u .Fl u
option. option.
@@ -3322,7 +3325,7 @@ where every two digits are used to form a new directory, e.g.,
.It Li %{user} .It Li %{user}
expanded to the invoking user's login name expanded to the invoking user's login name
.It Li %{group} .It Li %{group}
expanded to the name of the invoking user's real group ID expanded to the name of the invoking user's real group-ID
.It Li %{runas_user} .It Li %{runas_user}
expanded to the login name of the user the command will expanded to the login name of the user the command will
be run as (e.g., root) be run as (e.g., root)
@@ -3400,19 +3403,19 @@ by default.
.Pp .Pp
This setting is only supported by version 1.8.20 or higher. This setting is only supported by version 1.8.20 or higher.
.It iolog_group .It iolog_group
The group name to look up when setting the group ID on new I/O log The group name to look up when setting the group-ID on new I/O log
files and directories. files and directories.
If If
.Em iolog_group .Em iolog_group
is not set, is not set,
the primary group ID of the user specified by the primary group-ID of the user specified by
.Em iolog_user .Em iolog_user
is used. is used.
If neither If neither
.Em iolog_group .Em iolog_group
nor nor
.Em iolog_user .Em iolog_user
are set, I/O log files and directories are created with group ID 0. are set, I/O log files and directories are created with group-ID 0.
.Pp .Pp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.It iolog_mode .It iolog_mode
@@ -3428,19 +3431,19 @@ Defaults to 0600 (read and write by user only).
.Pp .Pp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.It iolog_user .It iolog_user
The user name to look up when setting the user and group IDs on new The user name to look up when setting the user and group-IDs on new
I/O log files and directories. I/O log files and directories.
If If
.Em iolog_group .Em iolog_group
is set, it will be used instead of the user's primary group ID. is set, it will be used instead of the user's primary group-ID.
By default, I/O log files and directories are created with user and By default, I/O log files and directories are created with user and
group ID 0. group-ID 0.
.Pp .Pp
This setting can be useful when the I/O logs are stored on a Network This setting can be useful when the I/O logs are stored on a Network
File System (NFS) share. File System (NFS) share.
Having a dedicated user own the I/O log files means that Having a dedicated user own the I/O log files means that
.Nm .Nm
does not write to the log files as user ID 0, which is usually does not write to the log files as user-ID 0, which is usually
not permitted by NFS. not permitted by NFS.
.Pp .Pp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
@@ -4106,7 +4109,7 @@ is run by root with the
.Fl V .Fl V
option. option.
Note that many operating systems will remove potentially dangerous Note that many operating systems will remove potentially dangerous
variables from the environment of any setuid process (such as variables from the environment of any set-user-ID process (such as
.Nm sudo ) . .Nm sudo ) .
.It env_keep .It env_keep
Environment variables to be preserved in the user's environment when the Environment variables to be preserved in the user's environment when the
@@ -4351,7 +4354,7 @@ The
file could not be opened for reading. file could not be opened for reading.
This can happen when the This can happen when the
.Em sudoers .Em sudoers
file is located on a remote file system that maps user ID 0 to file is located on a remote file system that maps user-ID 0 to
a different value. a different value.
Normally, Normally,
.Nm .Nm
@@ -4364,7 +4367,7 @@ or adding an argument like
.Dq sudoers_uid=N .Dq sudoers_uid=N
(where (where
.Sq N .Sq N
is the user ID that owns the is the user-ID that owns the
.Em sudoers .Em sudoers
file) to the end of the file) to the end of the
.Nm .Nm
@@ -4390,7 +4393,7 @@ file owner, please add
.Dq sudoers_uid=N .Dq sudoers_uid=N
(where (where
.Sq N .Sq N
is the user ID that owns the is the user-ID that owns the
.Em sudoers .Em sudoers
file) to the file) to the
.Nm .Nm
@@ -4424,7 +4427,7 @@ file group ownership, please add
.Dq sudoers_gid=N .Dq sudoers_gid=N
(where (where
.Sq N .Sq N
is the group ID that owns the is the group-ID that owns the
.Em sudoers .Em sudoers
file) to the file) to the
.Nm .Nm

6
doc/sudoers_timestamp.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -117,13 +117,13 @@ and
which is used only when matching records. which is used only when matching records.
.TP 6n .TP 6n
auth_uid auth_uid
The user ID that was used for authentication. The user-ID that was used for authentication.
Depending on the value of the Depending on the value of the
\fIrootpw\fR, \fIrootpw\fR,
\fIrunaspw\fR \fIrunaspw\fR
and and
\fItargetpw\fR \fItargetpw\fR
options, the user ID may be that of the invoking user, the root user, options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user. the default runas user or the target user.
.TP 6n .TP 6n
sid sid

6
doc/sudoers_timestamp.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd October 7, 2018 .Dd October 20, 2019
.Dt SUDOERS_TIMESTAMP @mansectform@ .Dt SUDOERS_TIMESTAMP @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -109,13 +109,13 @@ and
.Li TS_ANYUID , .Li TS_ANYUID ,
which is used only when matching records. which is used only when matching records.
.It auth_uid .It auth_uid
The user ID that was used for authentication. The user-ID that was used for authentication.
Depending on the value of the Depending on the value of the
.Em rootpw , .Em rootpw ,
.Em runaspw .Em runaspw
and and
.Em targetpw .Em targetpw
options, the user ID may be that of the invoking user, the root user, options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user. the default runas user or the target user.
.It sid .It sid
The ID of the user's terminal session, if present. The ID of the user's terminal session, if present.

8
doc/visudo.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "VISUDO" "@mansectsu@" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "VISUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -305,13 +305,13 @@ sudoers_uid=uid
The The
\fIsudoers_uid\fR \fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file. argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID. It should be specified as a numeric user-ID.
.TP 10n .TP 10n
sudoers_gid=gid sudoers_gid=gid
The The
\fIsudoers_gid\fR \fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file. argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name). It must be specified as a numeric group-ID (not a group name).
.TP 10n .TP 10n
sudoers_mode=mode sudoers_mode=mode
The The
@@ -379,7 +379,7 @@ You didn't run
as root. as root.
.TP 6n .TP 6n
\fRyou do not exist in the passwd database\fR \fRyou do not exist in the passwd database\fR
Your user ID does not appear in the system passwd database. Your user-ID does not appear in the system passwd database.
.TP 6n .TP 6n
\fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR \fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias

8
doc/visudo.mdoc.in
View File

@@ -20,7 +20,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd June 20, 2019 .Dd October 20, 2019
.Dt VISUDO @mansectsu@ .Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -295,12 +295,12 @@ file.
The The
.Em sudoers_uid .Em sudoers_uid
argument can be used to override the default owner of the sudoers file. argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID. It should be specified as a numeric user-ID.
.It sudoers_gid=gid .It sudoers_gid=gid
The The
.Em sudoers_gid .Em sudoers_gid
argument can be used to override the default group of the sudoers file. argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name). It must be specified as a numeric group-ID (not a group name).
.It sudoers_mode=mode .It sudoers_mode=mode
The The
.Em sudoers_mode .Em sudoers_mode
@@ -364,7 +364,7 @@ You didn't run
.Nm .Nm
as root. as root.
.It Li you do not exist in the passwd database .It Li you do not exist in the passwd database
Your user ID does not appear in the system passwd database. Your user-ID does not appear in the system passwd database.
.It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined .It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of or you have a user or host name listed that consists solely of

6
plugins/sudoers/cvtsudoers_json.c
View File

@@ -374,7 +374,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
if (*value.u.string == '#') { if (*value.u.string == '#') {
id = sudo_strtoid(value.u.string + 1, &errstr); id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
sudo_warnx("internal error: non-Unix group ID %s: \"%s\"", sudo_warnx("internal error: non-Unix group-ID %s: \"%s\"",
errstr, value.u.string + 1); errstr, value.u.string + 1);
} else { } else {
value.type = JSON_ID; value.type = JSON_ID;
@@ -387,7 +387,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
if (*value.u.string == '#') { if (*value.u.string == '#') {
id = sudo_strtoid(value.u.string + 1, &errstr); id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
sudo_warnx("internal error: group ID %s: \"%s\"", sudo_warnx("internal error: group-ID %s: \"%s\"",
errstr, value.u.string + 1); errstr, value.u.string + 1);
} else { } else {
value.type = JSON_ID; value.type = JSON_ID;
@@ -426,7 +426,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
if (*value.u.string == '#') { if (*value.u.string == '#') {
id = sudo_strtoid(value.u.string + 1, &errstr); id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) { if (errstr != NULL) {
sudo_warnx("internal error: user ID %s: \"%s\"", sudo_warnx("internal error: user-ID %s: \"%s\"",
errstr, name); errstr, name);
} else { } else {
value.type = JSON_ID; value.type = JSON_ID;

6
plugins/sudoers/iolog.c
View File

@@ -234,7 +234,7 @@ cb_maxseq(const union sudo_defs_val *sd_un)
} }
/* /*
* Look up I/O log user ID from user name. Sets iolog_uid. * Look up I/O log user-ID from user name. Sets iolog_uid.
* Also sets iolog_gid if iolog_group not specified. * Also sets iolog_gid if iolog_group not specified.
*/ */
static bool static bool
@@ -274,7 +274,7 @@ cb_iolog_user(const union sudo_defs_val *sd_un)
} }
/* /*
* Look up I/O log group ID from group name. * Look up I/O log group-ID from group name.
* Sets iolog_gid. * Sets iolog_gid.
*/ */
static bool static bool
@@ -303,7 +303,7 @@ iolog_set_group(const char *name)
} }
/* /*
* Look up I/O log group ID from group name. * Look up I/O log group-ID from group name.
*/ */
bool bool
cb_iolog_group(const union sudo_defs_val *sd_un) cb_iolog_group(const union sudo_defs_val *sd_un)

6
plugins/sudoers/ldap.c
View File

@@ -984,13 +984,13 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
CHECK_LDAP_VCAT(buf, pw->pw_name, sz); CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
CHECK_STRLCAT(buf, ")", sz); CHECK_STRLCAT(buf, ")", sz);
/* Append user ID */ /* Append user-ID */
(void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid); (void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid);
CHECK_STRLCAT(buf, "(sudoUser=#", sz); CHECK_STRLCAT(buf, "(sudoUser=#", sz);
CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, idbuf, sz);
CHECK_STRLCAT(buf, ")", sz); CHECK_STRLCAT(buf, ")", sz);
/* Append primary group and group ID */ /* Append primary group and group-ID */
if (grp != NULL) { if (grp != NULL) {
CHECK_STRLCAT(buf, "(sudoUser=%", sz); CHECK_STRLCAT(buf, "(sudoUser=%", sz);
CHECK_LDAP_VCAT(buf, grp->gr_name, sz); CHECK_LDAP_VCAT(buf, grp->gr_name, sz);
@@ -1001,7 +1001,7 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
CHECK_STRLCAT(buf, idbuf, sz); CHECK_STRLCAT(buf, idbuf, sz);
CHECK_STRLCAT(buf, ")", sz); CHECK_STRLCAT(buf, ")", sz);
/* Append supplementary groups and group IDs */ /* Append supplementary groups and group-IDs */
if (grlist != NULL) { if (grlist != NULL) {
for (i = 0; i < grlist->ngroups; i++) { for (i = 0; i < grlist->ngroups; i++) {
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)

6
plugins/sudoers/policy.c
View File

@@ -434,17 +434,17 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
} }
} }
/* User name, user ID, group ID and host name must be specified. */ /* User name, user-ID, group-ID and host name must be specified. */
if (user_name == NULL) { if (user_name == NULL) {
sudo_warnx(U_("user name not set by sudo front-end")); sudo_warnx(U_("user name not set by sudo front-end"));
goto bad; goto bad;
} }
if (!uid_set) { if (!uid_set) {
sudo_warnx(U_("user ID not set by sudo front-end")); sudo_warnx(U_("user-ID not set by sudo front-end"));
goto bad; goto bad;
} }
if (!gid_set) { if (!gid_set) {
sudo_warnx(U_("group ID not set by sudo front-end")); sudo_warnx(U_("group-ID not set by sudo front-end"));
goto bad; goto bad;
} }
if (user_host == NULL) { if (user_host == NULL) {

16
plugins/sudoers/pwutil.c
View File

@@ -103,7 +103,7 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
} }
/* /*
* Compare by user ID. * Compare by user-ID.
* v1 is the key to find or data to insert, v2 is in-tree data. * v1 is the key to find or data to insert, v2 is in-tree data.
*/ */
static int static int
@@ -135,7 +135,7 @@ cmp_pwnam(const void *v1, const void *v2)
/* /*
* Compare by user name, taking into account the source type. * Compare by user name, taking into account the source type.
* Need to differentiate between group IDs received from the front-end * Need to differentiate between group-IDs received from the front-end
* (via getgroups()) and groups IDs queried from the group database. * (via getgroups()) and groups IDs queried from the group database.
* v1 is the key to find or data to insert, v2 is in-tree data. * v1 is the key to find or data to insert, v2 is in-tree data.
*/ */
@@ -463,7 +463,7 @@ sudo_freepwcache(void)
} }
/* /*
* Compare by group ID. * Compare by group-ID.
* v1 is the key to find or data to insert, v2 is in-tree data. * v1 is the key to find or data to insert, v2 is in-tree data.
*/ */
static int static int
@@ -908,7 +908,7 @@ sudo_get_gidlist(const struct passwd *pw, unsigned int type)
struct rbnode *node; struct rbnode *node;
debug_decl(sudo_get_gidlist, SUDOERS_DEBUG_NSS) debug_decl(sudo_get_gidlist, SUDOERS_DEBUG_NSS)
sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group IDs for %s", sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group-IDs for %s",
__func__, pw->pw_name); __func__, pw->pw_name);
if (gidlist_cache == NULL) { if (gidlist_cache == NULL) {
@@ -1015,7 +1015,7 @@ user_in_group(const struct passwd *pw, const char *group)
debug_decl(user_in_group, SUDOERS_DEBUG_NSS) debug_decl(user_in_group, SUDOERS_DEBUG_NSS)
/* /*
* If it could be a sudo-style group ID check gids first. * If it could be a sudo-style group-ID check gids first.
*/ */
if (group[0] == '#') { if (group[0] == '#') {
const char *errstr; const char *errstr;
@@ -1041,8 +1041,8 @@ user_in_group(const struct passwd *pw, const char *group)
/* /*
* Next match the group name. By default, sudoers resolves all the user's * Next match the group name. By default, sudoers resolves all the user's
* group IDs to names and matches by name. If match_group_by_gid is * group-IDs to names and matches by name. If match_group_by_gid is
* set, each group is sudoers is resolved and matching is by group ID. * set, each group is sudoers is resolved and matching is by group-ID.
*/ */
if (def_match_group_by_gid) { if (def_match_group_by_gid) {
gid_t gid; gid_t gid;
@@ -1052,7 +1052,7 @@ user_in_group(const struct passwd *pw, const char *group)
goto done; goto done;
gid = grp->gr_gid; gid = grp->gr_gid;
/* Check against user's primary (passwd file) group ID. */ /* Check against user's primary (passwd file) group-ID. */
if (gid == pw->pw_gid) { if (gid == pw->pw_gid) {
matched = true; matched = true;
goto done; goto done;

2
plugins/sudoers/sssd.c
View File

@@ -736,7 +736,7 @@ sudo_sss_getdefs(struct sudo_nss *nss)
sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults"); sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults");
/* NOTE: these are global defaults, user ID and name are not used. */ /* NOTE: these are global defaults, user-ID and name are not used. */
rc = handle->fn_send_recv_defaults(sudo_user.pw->pw_uid, rc = handle->fn_send_recv_defaults(sudo_user.pw->pw_uid,
sudo_user.pw->pw_name, &sss_error, &handle->domainname, &sss_result); sudo_user.pw->pw_name, &sss_error, &handle->domainname, &sss_result);
switch (rc) { switch (rc) {

4
plugins/sudoers/testsudoers.c
View File

@@ -157,7 +157,7 @@ main(int argc, char *argv[])
case 'G': case 'G':
sudoers_gid = (gid_t)sudo_strtoid(optarg, &errstr); sudoers_gid = (gid_t)sudo_strtoid(optarg, &errstr);
if (errstr != NULL) if (errstr != NULL)
sudo_fatalx("group ID %s: %s", optarg, errstr); sudo_fatalx("group-ID %s: %s", optarg, errstr);
break; break;
case 'g': case 'g':
runas_group = optarg; runas_group = optarg;
@@ -188,7 +188,7 @@ main(int argc, char *argv[])
case 'U': case 'U':
sudoers_uid = (uid_t)sudo_strtoid(optarg, &errstr); sudoers_uid = (uid_t)sudo_strtoid(optarg, &errstr);
if (errstr != NULL) if (errstr != NULL)
sudo_fatalx("user ID %s: %s", optarg, errstr); sudo_fatalx("user-ID %s: %s", optarg, errstr);
break; break;
case 'u': case 'u':
runas_user = optarg; runas_user = optarg;

2
src/exec.c
View File

@@ -215,7 +215,7 @@ exec_setup(struct command_details *details)
goto done; goto done;
} }
#else #else
/* Cannot support real user ID that is different from effective user ID. */ /* Cannot support real user-ID that is different from effective user-ID. */
if (setuid(details->euid) != 0) { if (setuid(details->euid) != 0) {
sudo_warn(U_("unable to change to runas uid (%u, %u)"), sudo_warn(U_("unable to change to runas uid (%u, %u)"),
(unsigned int)details->euid, (unsigned int)details->euid); (unsigned int)details->euid, (unsigned int)details->euid);