isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refer to user-ID and group-ID instead of "user ID" and "group ID"

Browse Source
This commit is contained in:
Todd C. Miller
2019-10-19 14:26:41 -06:00
parent 40bf4081be
commit c3ce3a84fb
23 changed files with 180 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
doc/UPGRADE
View File

@@ -186,13 +186,13 @@ o Upgrading from a version prior to 1.8.2:
When matching Unix groups in the sudoers file, sudo will now
match based on the name of the group as it appears in sudoers
instead of the group ID. This can substantially reduce the
instead of the group-ID. This can substantially reduce the
number of group lookups for sudoers files that contain a large
number of groups. There are a few side effects of this change.
1) Unix groups with different names but the same group ID are
1) Unix groups with different names but the same group-ID are
can no longer be used interchangeably. Sudo will look up all
of a user's groups by group ID and use the resulting group
of a user's groups by group-ID and use the resulting group
names when matching sudoers entries. If there are multiple
groups with the same ID, the group name returned by the
system getgrgid() library function is the name that will be
@@ -338,7 +338,7 @@ o Upgrading from a version prior to 1.7.0:
Starting with sudo 1.7.0, comments in the sudoers file must not
have a digit or minus sign immediately after the comment character
('#'). Otherwise, the comment may be interpreted as a user or
group ID.
group-ID.
When sudo is build with LDAP support the /etc/nsswitch.conf file is
now used to determine the sudoers sea ch order. sudo will default to

6
doc/sudo.conf.man.in
View File

@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
.TH "SUDO.CONF" "@mansectform@" "July 3, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO.CONF" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -334,12 +334,12 @@ Set disable_coredump false
.RS 10n
.sp
All modern operating systems place restrictions on core dumps
from setuid processes like
from set-user-ID processes like
\fBsudo\fR
so this option can be enabled without compromising security.
To actually get a
\fBsudo\fR
core file you will likely need to enable core dumps for setuid processes.
core file you will likely need to enable core dumps for set-user-ID processes.
On
BSD
and Linux systems this is accomplished in the

6
doc/sudo.conf.mdoc.in
View File

@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
.Dd July 3, 2019
.Dd October 20, 2019
.Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -305,12 +305,12 @@ Set disable_coredump false
.Ed
.Pp
All modern operating systems place restrictions on core dumps
from setuid processes like
from set-user-ID processes like
.Nm sudo
so this option can be enabled without compromising security.
To actually get a
.Nm sudo
core file you will likely need to enable core dumps for setuid processes.
core file you will likely need to enable core dumps for set-user-ID processes.
On
.Bx
and Linux systems this is accomplished in the

34
doc/sudo.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.TH "SUDO" "@mansectsu@" "May 27, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "SUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -98,7 +98,7 @@ as the superuser or another user, as specified by the security
policy.
The invoking user's real
(\fInot\fR effective)
user ID is used to determine the user name with which
user-ID is used to determine the user name with which
to query the security policy.
.PP
\fBsudo\fR
@@ -260,7 +260,7 @@ If
is
\fB-\fR,
the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or
Otherwise, the command must be run as the superuser (user-ID 0), or
\fBsudo\fR
must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional
@@ -361,7 +361,7 @@ instead of the primary group specified by the target
user's password database entry.
The
\fIgroup\fR
may be either a group name or a numeric group ID
may be either a group name or a numeric group-ID
(GID)
prefixed with the
\(oq#\(cq
@@ -504,7 +504,7 @@ By default, the
\fIsudoers\fR
policy will initialize the group vector to the list of groups the
target user is a member of.
The real and effective group IDs, however, are still set to match
The real and effective group-IDs, however, are still set to match
the target user.
.TP 12n
\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR
@@ -629,7 +629,7 @@ Run the command as a user other than the default target user
\fIroot\fR).
The
\fIuser\fR
may be either a user name or a numeric user ID
may be either a user name or a numeric user-ID
(UID)
prefixed with the
\(oq#\(cq
@@ -719,13 +719,13 @@ option was specified).
The following parameters may be specified by security policy:
.TP 3n
\fB\(bu\fR
real and effective user ID
real and effective user-ID
.TP 3n
\fB\(bu\fR
real and effective group ID
real and effective group-ID
.TP 3n
\fB\(bu\fR
supplementary group IDs
supplementary group-IDs
.TP 3n
\fB\(bu\fR
the environment list
@@ -1027,7 +1027,7 @@ To prevent the disclosure of potentially sensitive information,
disables core dumps by default while it is executing (they are
re-enabled for the command that is run).
This historical practice dates from a time when most operating
systems allowed setuid processes to dump core by default.
systems allowed set-user-ID processes to dump core by default.
To aid in debugging
\fBsudo\fR
crashes, you may wish to re-enable core dumps by setting
@@ -1138,7 +1138,7 @@ Default editor to use in
(sudoedit) mode.
.TP 17n
\fRSUDO_GID\fR
Set to the group ID of the user who invoked sudo.
Set to the group-ID of the user who invoked sudo.
.TP 17n
\fRSUDO_PROMPT\fR
Used as the default password prompt unless
@@ -1152,7 +1152,7 @@ If set,
will be set to its value for the program being run.
.TP 17n
\fRSUDO_UID\fR
Set to the user ID of the user who invoked sudo.
Set to the user-ID of the user who invoked sudo.
.TP 17n
\fRSUDO_USER\fR
Set to the login name of the user who invoked sudo.
@@ -1272,7 +1272,7 @@ for more information.
was not run with root privileges.
The
\fBsudo\fR
binary must be owned by the root user and have the Set-user-ID bit set.
binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the
\(oqnosuid\(cq
option or on an NFS file system that maps uid 0 to an unprivileged uid.
@@ -1338,7 +1338,7 @@ was not run with root privileges.
The
\fBsudo\fR
binary does not have the correct owner or permissions.
It must be owned by the root user and have the Set-user-ID bit set.
It must be owned by the root user and have the set-user-ID bit set.
.TP 6n
\fRsudoedit is not supported on this platform\fR
It is only possible to run
@@ -1350,7 +1350,7 @@ The user did not enter a password before the password timeout
(5 minutes by default) expired.
.TP 6n
\fRyou do not exist in the passwd database\fR
Your user ID does not appear in the system passwd database.
Your user-ID does not appear in the system passwd database.
.TP 6n
\fRyou may not specify environment variables in edit mode\fR
It is only possible to specify environment variables when running
@@ -1417,9 +1417,9 @@ section for more information.
.PP
Running shell scripts via
\fBsudo\fR
can expose the same kernel bugs that make setuid shell scripts
can expose the same kernel bugs that make set-user-ID shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe).
set-user-ID shell scripts are generally safe).
.SH "BUGS"
If you feel you have found a bug in
\fBsudo\fR,

34
doc/sudo.mdoc.in
View File

@@ -24,7 +24,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.Dd May 27, 2019
.Dd October 20, 2019
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -100,7 +100,7 @@ as the superuser or another user, as specified by the security
policy.
The invoking user's real
.Pq Em not No effective
user ID is used to determine the user name with which
user-ID is used to determine the user name with which
to query the security policy.
.Pp
.Nm
@@ -252,7 +252,7 @@ If
is
.Cm - ,
the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or
Otherwise, the command must be run as the superuser (user-ID 0), or
.Nm
must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional
@@ -341,7 +341,7 @@ instead of the primary group specified by the target
user's password database entry.
The
.Ar group
may be either a group name or a numeric group ID
may be either a group name or a numeric group-ID
.Pq GID
prefixed with the
.Ql #
@@ -475,7 +475,7 @@ By default, the
.Em sudoers
policy will initialize the group vector to the list of groups the
target user is a member of.
The real and effective group IDs, however, are still set to match
The real and effective group-IDs, however, are still set to match
the target user.
.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt
Use a custom password prompt with optional escape sequences.
@@ -583,7 +583,7 @@ Run the command as a user other than the default target user
.Em root ) .
The
.Ar user
may be either a user name or a numeric user ID
may be either a user name or a numeric user-ID
.Pq UID
prefixed with the
.Ql #
@@ -671,11 +671,11 @@ option was specified).
The following parameters may be specified by security policy:
.Bl -bullet -width 1n
.It
real and effective user ID
real and effective user-ID
.It
real and effective group ID
real and effective group-ID
.It
supplementary group IDs
supplementary group-IDs
.It
the environment list
.It
@@ -968,7 +968,7 @@ To prevent the disclosure of potentially sensitive information,
disables core dumps by default while it is executing (they are
re-enabled for the command that is run).
This historical practice dates from a time when most operating
systems allowed setuid processes to dump core by default.
systems allowed set-user-ID processes to dump core by default.
To aid in debugging
.Nm
crashes, you may wish to re-enable core dumps by setting
@@ -1067,7 +1067,7 @@ Default editor to use in
.Fl e
(sudoedit) mode.
.It Ev SUDO_GID
Set to the group ID of the user who invoked sudo.
Set to the group-ID of the user who invoked sudo.
.It Ev SUDO_PROMPT
Used as the default password prompt unless
the
@@ -1078,7 +1078,7 @@ If set,
.Ev PS1
will be set to its value for the program being run.
.It Ev SUDO_UID
Set to the user ID of the user who invoked sudo.
Set to the user-ID of the user who invoked sudo.
.It Ev SUDO_USER
Set to the login name of the user who invoked sudo.
.It Ev USER
@@ -1174,7 +1174,7 @@ for more information.
was not run with root privileges.
The
.Nm
binary must be owned by the root user and have the Set-user-ID bit set.
binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the
.Sq nosuid
option or on an NFS file system that maps uid 0 to an unprivileged uid.
@@ -1233,7 +1233,7 @@ was not run with root privileges.
The
.Nm
binary does not have the correct owner or permissions.
It must be owned by the root user and have the Set-user-ID bit set.
It must be owned by the root user and have the set-user-ID bit set.
.It Li sudoedit is not supported on this platform
It is only possible to run
.Nm sudoedit
@@ -1242,7 +1242,7 @@ on systems that support setting the effective user-ID.
The user did not enter a password before the password timeout
(5 minutes by default) expired.
.It Li you do not exist in the passwd database
Your user ID does not appear in the system passwd database.
Your user-ID does not appear in the system passwd database.
.It Li you may not specify environment variables in edit mode
It is only possible to specify environment variables when running
a command.
@@ -1305,9 +1305,9 @@ section for more information.
.Pp
Running shell scripts via
.Nm
can expose the same kernel bugs that make setuid shell scripts
can expose the same kernel bugs that make set-user-ID shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe).
set-user-ID shell scripts are generally safe).
.Sh BUGS
If you feel you have found a bug in
.Nm ,

22
doc/sudo_plugin.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_PLUGIN" "5" "October 18, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_PLUGIN" "5" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -459,20 +459,20 @@ cwd=string
The user's current working directory.
.TP 6n
egid=gid_t
The effective group ID of the user invoking
The effective group-ID of the user invoking
\fBsudo\fR.
.TP 6n
euid=uid_t
The effective user ID of the user invoking
The effective user-ID of the user invoking
\fBsudo\fR.
.TP 6n
gid=gid_t
The real group ID of the user invoking
The real group-ID of the user invoking
\fBsudo\fR.
.TP 6n
groups=list
The user's supplementary group list formatted as a string of
comma-separated group IDs.
comma-separated group-IDs.
.TP 6n
host=string
The local machine's hostname as returned by the
@@ -552,7 +552,7 @@ the value will be empty, as in
\(lq\fRtty=\fR\(rq.
.TP 6n
uid=uid_t
The real user ID of the user invoking
The real user-ID of the user invoking
\fBsudo\fR.
.TP 6n
umask=octal
@@ -991,29 +991,29 @@ initializing the group vector based on
\fRrunas_user\fR.
.TP 6n
runas_egid=gid
Effective group ID to run the command as.
Effective group-ID to run the command as.
If not specified, the value of
\fIrunas_gid\fR
is used.
.TP 6n
runas_euid=uid
Effective user ID to run the command as.
Effective user-ID to run the command as.
If not specified, the value of
\fIrunas_uid\fR
is used.
.TP 6n
runas_gid=gid
Group ID to run the command as.
Group-ID to run the command as.
.TP 6n
runas_groups=list
The supplementary group vector to use for the command in the form
of a comma-separated list of group IDs.
of a comma-separated list of group-IDs.
If
\fIpreserve_groups\fR
is set, this option is ignored.
.TP 6n
runas_uid=uid
User ID to run the command as.
User-ID to run the command as.
.TP 6n
selinux_role=string
SELinux role to use when executing the command.

22
doc/sudo_plugin.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd October 18, 2019
.Dd October 20, 2019
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -411,17 +411,17 @@ If there is no terminal device available, a default value of 80 is used.
.It cwd=string
The user's current working directory.
.It egid=gid_t
The effective group ID of the user invoking
The effective group-ID of the user invoking
.Nm sudo .
.It euid=uid_t
The effective user ID of the user invoking
The effective user-ID of the user invoking
.Nm sudo .
.It gid=gid_t
The real group ID of the user invoking
The real group-ID of the user invoking
.Nm sudo .
.It groups=list
The user's supplementary group list formatted as a string of
comma-separated group IDs.
comma-separated group-IDs.
.It host=string
The local machine's hostname as returned by the
.Xr gethostname 2
@@ -491,7 +491,7 @@ If the user has no terminal device associated with the session,
the value will be empty, as in
.Dq Li tty= .
.It uid=uid_t
The real user ID of the user invoking
The real user-ID of the user invoking
.Nm sudo .
.It umask=octal
The invoking user's file creation mask.
@@ -877,25 +877,25 @@ will preserve the user's group vector instead of
initializing the group vector based on
.Li runas_user .
.It runas_egid=gid
Effective group ID to run the command as.
Effective group-ID to run the command as.
If not specified, the value of
.Em runas_gid
is used.
.It runas_euid=uid
Effective user ID to run the command as.
Effective user-ID to run the command as.
If not specified, the value of
.Em runas_uid
is used.
.It runas_gid=gid
Group ID to run the command as.
Group-ID to run the command as.
.It runas_groups=list
The supplementary group vector to use for the command in the form
of a comma-separated list of group IDs.
of a comma-separated list of group-IDs.
If
.Em preserve_groups
is set, this option is ignored.
.It runas_uid=uid
User ID to run the command as.
User-ID to run the command as.
.It selinux_role=string
SELinux role to use when executing the command.
.It selinux_type=string

4
doc/sudoers.ldap.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDOERS.LDAP" "@mansectform@" "February 26, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS.LDAP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -112,7 +112,7 @@ The equivalent of a sudoer in LDAP is a
It consists of the following attributes:
.TP 6n
\fBsudoUser\fR
A user name, user ID (prefixed with
A user name, user-ID (prefixed with
\(oq#\(cq),
Unix group name or ID (prefixed with
\(oq%\(cq

4
doc/sudoers.ldap.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd February 26, 2018
.Dd October 20, 2019
.Dt SUDOERS.LDAP @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -106,7 +106,7 @@ The equivalent of a sudoer in LDAP is a
It consists of the following attributes:
.Bl -tag -width 4n
.It Sy sudoUser
A user name, user ID (prefixed with
A user name, user-ID (prefixed with
.Ql # ) ,
Unix group name or ID (prefixed with
.Ql %

69
doc/sudoers.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "October 17, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -123,13 +123,13 @@ sudoers_uid=uid
The
\fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID.
It should be specified as a numeric user-ID.
.TP 10n
sudoers_gid=gid
The
\fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name).
It must be specified as a numeric group-ID (not a group name).
.TP 10n
sudoers_mode=mode
The
@@ -220,7 +220,7 @@ file lookup is still done for root, not the user specified by
\fBsudoers\fR
uses per-user time stamp files for credential caching.
Once a user has been authenticated, a record is written
containing the user ID that was used to authenticate, the
containing the user-ID that was used to authenticate, the
terminal session ID, the start time of the session leader
(or parent process) and a time stamp
(using a monotonic clock if one is available).
@@ -477,7 +477,7 @@ list.
.PP
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
setuid executables, including
set-user-ID executables, including
\fBsudo\fR.
Depending on the operating
system this may include
@@ -712,7 +712,7 @@ User ::= '!'* user name |
.PP
A
\fRUser_List\fR
is made up of one or more user names, user IDs
is made up of one or more user names, user-IDs
(prefixed with
\(oq#\(cq),
system group names and IDs (prefixed with
@@ -811,10 +811,13 @@ it can contain
\fRRunas_Alias\fRes.
Note that
user names and groups are matched as strings.
In other words, two
users (groups) with the same uid (gid) are considered to be distinct.
If you wish to match all user names with the same uid (e.g.,
root and toor), you can use a uid instead (#0 in the example given).
In other words, two users (groups) with the same user (group) ID
are considered to be distinct.
If you wish to match all user names with the same user-ID (e.g., root and
toor), you can use a user-ID instead of a name (#0 in the example given).
Note that the user-ID or group-ID specified in a
\fRRunas_Member\fR
need not be listed in the password or group database.
.nf
.sp
.RS 0n
@@ -1969,7 +1972,7 @@ The pound sign
is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a
uid).
user-ID).
Both the comment character and any text after it, up to the end of
the line, are ignored.
.PP
@@ -2683,7 +2686,7 @@ by default.
match_group_by_gid
By default,
\fBsudoers\fR
will look up each group the user is a member of by group ID to
will look up each group the user is a member of by group-ID to
determine the group name (this is only done once).
The resulting list of the user's group names is used when matching
groups listed in the
@@ -2702,21 +2705,21 @@ running commands via
may take longer than normal.
On such systems it may be faster to use the
\fImatch_group_by_gid\fR
flag to avoid resolving the user's group IDs to group names.
flag to avoid resolving the user's group-IDs to group names.
In this case,
\fBsudoers\fR
must look up any group name listed in the
\fIsudoers\fR
file and use the group ID instead of the group name when determining
file and use the group-ID instead of the group name when determining
whether the user is a member of the group.
.sp
Note that if
\fImatch_group_by_gid\fR
is enabled, group database lookups performed by
\fBsudoers\fR
will be keyed by group name as opposed to group ID.
will be keyed by group name as opposed to group-ID.
On systems where there are multiple sources for the group database,
it is possible to have conflicting group names or group IDs in the local
it is possible to have conflicting group names or group-IDs in the local
\fI/etc/group\fR
file and the remote group database.
On such systems, enabling or disabling
@@ -2872,7 +2875,7 @@ will initialize the group vector to the list of groups the target user is in.
When
\fIpreserve_groups\fR
is set, the user's existing group vector is left unaltered.
The real and effective group IDs, however, are still set to match the
The real and effective group-IDs, however, are still set to match the
target user.
This flag is
\fIoff\fR
@@ -3063,9 +3066,9 @@ This option changes that behavior such that the real UID is left
as the invoking user's UID.
In other words, this makes
\fBsudo\fR
act as a setuid wrapper.
act as a set-user-ID wrapper.
This can be useful on systems that disable some potentially
dangerous functionality when a program is run setuid.
dangerous functionality when a program is run set-user-ID.
This option is only effective on systems that support either the
setreuid(2)
or
@@ -3140,7 +3143,7 @@ option (defaults to
\fRroot\fR)
instead of the password of the invoking user
when running a command or editing a file.
Note that this flag precludes the use of a uid not listed in the passwd
Note that this flag precludes the use of a user-ID not listed in the passwd
database as an argument to the
\fB\-u\fR
option.
@@ -3529,7 +3532,7 @@ where every two digits are used to form a new directory, e.g.,
expanded to the invoking user's login name
.TP 6n
\fR%{group}\fR
expanded to the name of the invoking user's real group ID
expanded to the name of the invoking user's real group-ID
.TP 6n
\fR%{runas_user}\fR
expanded to the login name of the user the command will
@@ -3614,19 +3617,19 @@ by default.
This setting is only supported by version 1.8.20 or higher.
.TP 18n
iolog_group
The group name to look up when setting the group ID on new I/O log
The group name to look up when setting the group-ID on new I/O log
files and directories.
If
\fIiolog_group\fR
is not set,
the primary group ID of the user specified by
the primary group-ID of the user specified by
\fIiolog_user\fR
is used.
If neither
\fIiolog_group\fR
nor
\fIiolog_user\fR
are set, I/O log files and directories are created with group ID 0.
are set, I/O log files and directories are created with group-ID 0.
.sp
This setting is only supported by version 1.8.19 or higher.
.TP 18n
@@ -3644,19 +3647,19 @@ Defaults to 0600 (read and write by user only).
This setting is only supported by version 1.8.19 or higher.
.TP 18n
iolog_user
The user name to look up when setting the user and group IDs on new
The user name to look up when setting the user and group-IDs on new
I/O log files and directories.
If
\fIiolog_group\fR
is set, it will be used instead of the user's primary group ID.
is set, it will be used instead of the user's primary group-ID.
By default, I/O log files and directories are created with user and
group ID 0.
group-ID 0.
.sp
This setting can be useful when the I/O logs are stored on a Network
File System (NFS) share.
Having a dedicated user own the I/O log files means that
\fBsudoers\fR
does not write to the log files as user ID 0, which is usually
does not write to the log files as user-ID 0, which is usually
not permitted by NFS.
.sp
This setting is only supported by version 1.8.19 or higher.
@@ -4402,7 +4405,7 @@ is run by root with the
\fB\-V\fR
option.
Note that many operating systems will remove potentially dangerous
variables from the environment of any setuid process (such as
variables from the environment of any set-user-ID process (such as
\fBsudo\fR).
.TP 18n
env_keep
@@ -4672,7 +4675,7 @@ The
file could not be opened for reading.
This can happen when the
\fIsudoers\fR
file is located on a remote file system that maps user ID 0 to
file is located on a remote file system that maps user-ID 0 to
a different value.
Normally,
\fBsudoers\fR
@@ -4685,7 +4688,7 @@ or adding an argument like
\(lqsudoers_uid=N\(rq
(where
\(oqN\(cq
is the user ID that owns the
is the user-ID that owns the
\fIsudoers\fR
file) to the end of the
\fBsudoers\fR
@@ -4714,7 +4717,7 @@ file owner, please add
\(lqsudoers_uid=N\(rq
(where
\(oqN\(cq
is the user ID that owns the
is the user-ID that owns the
\fIsudoers\fR
file) to the
\fBsudoers\fR
@@ -4750,7 +4753,7 @@ file group ownership, please add
\(lqsudoers_gid=N\(rq
(where
\(oqN\(cq
is the group ID that owns the
is the group-ID that owns the
\fIsudoers\fR
file) to the
\fBsudoers\fR

69
doc/sudoers.mdoc.in
View File

@@ -24,7 +24,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.Dd October 17, 2019
.Dd October 20, 2019
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -113,12 +113,12 @@ file.
The
.Em sudoers_uid
argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID.
It should be specified as a numeric user-ID.
.It sudoers_gid=gid
The
.Em sudoers_gid
argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name).
It must be specified as a numeric group-ID (not a group name).
.It sudoers_mode=mode
The
.Em sudoers_mode
@@ -209,7 +209,7 @@ file lookup is still done for root, not the user specified by
.Nm
uses per-user time stamp files for credential caching.
Once a user has been authenticated, a record is written
containing the user ID that was used to authenticate, the
containing the user-ID that was used to authenticate, the
terminal session ID, the start time of the session leader
(or parent process) and a time stamp
(using a monotonic clock if one is available).
@@ -464,7 +464,7 @@ list.
.Pp
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
setuid executables, including
set-user-ID executables, including
.Nm sudo .
Depending on the operating
system this may include
@@ -686,7 +686,7 @@ User ::= '!'* user name |
.Pp
A
.Li User_List
is made up of one or more user names, user IDs
is made up of one or more user names, user-IDs
(prefixed with
.Ql # ) ,
system group names and IDs (prefixed with
@@ -781,10 +781,13 @@ it can contain
.Li Runas_Alias Ns es .
Note that
user names and groups are matched as strings.
In other words, two
users (groups) with the same uid (gid) are considered to be distinct.
If you wish to match all user names with the same uid (e.g.,
root and toor), you can use a uid instead (#0 in the example given).
In other words, two users (groups) with the same user (group) ID
are considered to be distinct.
If you wish to match all user names with the same user-ID (e.g., root and
toor), you can use a user-ID instead of a name (#0 in the example given).
Note that the user-ID or group-ID specified in a
.Li Runas_Member
need not be listed in the password or group database.
.Bd -literal
Host_List ::= Host |
Host ',' Host_List
@@ -1846,7 +1849,7 @@ The pound sign
is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a
uid).
user-ID).
Both the comment character and any text after it, up to the end of
the line, are ignored.
.Pp
@@ -2522,7 +2525,7 @@ by default.
.It match_group_by_gid
By default,
.Nm
will look up each group the user is a member of by group ID to
will look up each group the user is a member of by group-ID to
determine the group name (this is only done once).
The resulting list of the user's group names is used when matching
groups listed in the
@@ -2541,21 +2544,21 @@ running commands via
may take longer than normal.
On such systems it may be faster to use the
.Em match_group_by_gid
flag to avoid resolving the user's group IDs to group names.
flag to avoid resolving the user's group-IDs to group names.
In this case,
.Nm
must look up any group name listed in the
.Em sudoers
file and use the group ID instead of the group name when determining
file and use the group-ID instead of the group name when determining
whether the user is a member of the group.
.Pp
Note that if
.Em match_group_by_gid
is enabled, group database lookups performed by
.Nm
will be keyed by group name as opposed to group ID.
will be keyed by group name as opposed to group-ID.
On systems where there are multiple sources for the group database,
it is possible to have conflicting group names or group IDs in the local
it is possible to have conflicting group names or group-IDs in the local
.Pa /etc/group
file and the remote group database.
On such systems, enabling or disabling
@@ -2703,7 +2706,7 @@ will initialize the group vector to the list of groups the target user is in.
When
.Em preserve_groups
is set, the user's existing group vector is left unaltered.
The real and effective group IDs, however, are still set to match the
The real and effective group-IDs, however, are still set to match the
target user.
This flag is
.Em off
@@ -2883,9 +2886,9 @@ This option changes that behavior such that the real UID is left
as the invoking user's UID.
In other words, this makes
.Nm sudo
act as a setuid wrapper.
act as a set-user-ID wrapper.
This can be useful on systems that disable some potentially
dangerous functionality when a program is run setuid.
dangerous functionality when a program is run set-user-ID.
This option is only effective on systems that support either the
.Xr setreuid 2
or
@@ -2955,7 +2958,7 @@ option (defaults to
.Li root )
instead of the password of the invoking user
when running a command or editing a file.
Note that this flag precludes the use of a uid not listed in the passwd
Note that this flag precludes the use of a user-ID not listed in the passwd
database as an argument to the
.Fl u
option.
@@ -3322,7 +3325,7 @@ where every two digits are used to form a new directory, e.g.,
.It Li %{user}
expanded to the invoking user's login name
.It Li %{group}
expanded to the name of the invoking user's real group ID
expanded to the name of the invoking user's real group-ID
.It Li %{runas_user}
expanded to the login name of the user the command will
be run as (e.g., root)
@@ -3400,19 +3403,19 @@ by default.
.Pp
This setting is only supported by version 1.8.20 or higher.
.It iolog_group
The group name to look up when setting the group ID on new I/O log
The group name to look up when setting the group-ID on new I/O log
files and directories.
If
.Em iolog_group
is not set,
the primary group ID of the user specified by
the primary group-ID of the user specified by
.Em iolog_user
is used.
If neither
.Em iolog_group
nor
.Em iolog_user
are set, I/O log files and directories are created with group ID 0.
are set, I/O log files and directories are created with group-ID 0.
.Pp
This setting is only supported by version 1.8.19 or higher.
.It iolog_mode
@@ -3428,19 +3431,19 @@ Defaults to 0600 (read and write by user only).
.Pp
This setting is only supported by version 1.8.19 or higher.
.It iolog_user
The user name to look up when setting the user and group IDs on new
The user name to look up when setting the user and group-IDs on new
I/O log files and directories.
If
.Em iolog_group
is set, it will be used instead of the user's primary group ID.
is set, it will be used instead of the user's primary group-ID.
By default, I/O log files and directories are created with user and
group ID 0.
group-ID 0.
.Pp
This setting can be useful when the I/O logs are stored on a Network
File System (NFS) share.
Having a dedicated user own the I/O log files means that
.Nm
does not write to the log files as user ID 0, which is usually
does not write to the log files as user-ID 0, which is usually
not permitted by NFS.
.Pp
This setting is only supported by version 1.8.19 or higher.
@@ -4106,7 +4109,7 @@ is run by root with the
.Fl V
option.
Note that many operating systems will remove potentially dangerous
variables from the environment of any setuid process (such as
variables from the environment of any set-user-ID process (such as
.Nm sudo ) .
.It env_keep
Environment variables to be preserved in the user's environment when the
@@ -4351,7 +4354,7 @@ The
file could not be opened for reading.
This can happen when the
.Em sudoers
file is located on a remote file system that maps user ID 0 to
file is located on a remote file system that maps user-ID 0 to
a different value.
Normally,
.Nm
@@ -4364,7 +4367,7 @@ or adding an argument like
.Dq sudoers_uid=N
(where
.Sq N
is the user ID that owns the
is the user-ID that owns the
.Em sudoers
file) to the end of the
.Nm
@@ -4390,7 +4393,7 @@ file owner, please add
.Dq sudoers_uid=N
(where
.Sq N
is the user ID that owns the
is the user-ID that owns the
.Em sudoers
file) to the
.Nm
@@ -4424,7 +4427,7 @@ file group ownership, please add
.Dq sudoers_gid=N
(where
.Sq N
is the group ID that owns the
is the group-ID that owns the
.Em sudoers
file) to the
.Nm

6
doc/sudoers_timestamp.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -117,13 +117,13 @@ and
which is used only when matching records.
.TP 6n
auth_uid
The user ID that was used for authentication.
The user-ID that was used for authentication.
Depending on the value of the
\fIrootpw\fR,
\fIrunaspw\fR
and
\fItargetpw\fR
options, the user ID may be that of the invoking user, the root user,
options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user.
.TP 6n
sid

6
doc/sudoers_timestamp.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd October 7, 2018
.Dd October 20, 2019
.Dt SUDOERS_TIMESTAMP @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -109,13 +109,13 @@ and
.Li TS_ANYUID ,
which is used only when matching records.
.It auth_uid
The user ID that was used for authentication.
The user-ID that was used for authentication.
Depending on the value of the
.Em rootpw ,
.Em runaspw
and
.Em targetpw
options, the user ID may be that of the invoking user, the root user,
options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user.
.It sid
The ID of the user's terminal session, if present.

8
doc/visudo.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "VISUDO" "@mansectsu@" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "VISUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -305,13 +305,13 @@ sudoers_uid=uid
The
\fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID.
It should be specified as a numeric user-ID.
.TP 10n
sudoers_gid=gid
The
\fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name).
It must be specified as a numeric group-ID (not a group name).
.TP 10n
sudoers_mode=mode
The
@@ -379,7 +379,7 @@ You didn't run
as root.
.TP 6n
\fRyou do not exist in the passwd database\fR
Your user ID does not appear in the system passwd database.
Your user-ID does not appear in the system passwd database.
.TP 6n
\fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias

8
doc/visudo.mdoc.in
View File

@@ -20,7 +20,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd June 20, 2019
.Dd October 20, 2019
.Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -295,12 +295,12 @@ file.
The
.Em sudoers_uid
argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID.
It should be specified as a numeric user-ID.
.It sudoers_gid=gid
The
.Em sudoers_gid
argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name).
It must be specified as a numeric group-ID (not a group name).
.It sudoers_mode=mode
The
.Em sudoers_mode
@@ -364,7 +364,7 @@ You didn't run
.Nm
as root.
.It Li you do not exist in the passwd database
Your user ID does not appear in the system passwd database.
Your user-ID does not appear in the system passwd database.
.It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of

6
plugins/sudoers/cvtsudoers_json.c
View File

@@ -374,7 +374,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
if (*value.u.string == '#') {
id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) {
sudo_warnx("internal error: non-Unix group ID %s: \"%s\"",
sudo_warnx("internal error: non-Unix group-ID %s: \"%s\"",
errstr, value.u.string + 1);
} else {
value.type = JSON_ID;
@@ -387,7 +387,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
if (*value.u.string == '#') {
id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) {
sudo_warnx("internal error: group ID %s: \"%s\"",
sudo_warnx("internal error: group-ID %s: \"%s\"",
errstr, value.u.string + 1);
} else {
value.type = JSON_ID;
@@ -426,7 +426,7 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
if (*value.u.string == '#') {
id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) {
sudo_warnx("internal error: user ID %s: \"%s\"",
sudo_warnx("internal error: user-ID %s: \"%s\"",
errstr, name);
} else {
value.type = JSON_ID;

6
plugins/sudoers/iolog.c
View File

@@ -234,7 +234,7 @@ cb_maxseq(const union sudo_defs_val *sd_un)
}
/*
* Look up I/O log user ID from user name. Sets iolog_uid.
* Look up I/O log user-ID from user name. Sets iolog_uid.
* Also sets iolog_gid if iolog_group not specified.
*/
static bool
@@ -274,7 +274,7 @@ cb_iolog_user(const union sudo_defs_val *sd_un)
}
/*
* Look up I/O log group ID from group name.
* Look up I/O log group-ID from group name.
* Sets iolog_gid.
*/
static bool
@@ -303,7 +303,7 @@ iolog_set_group(const char *name)
}
/*
* Look up I/O log group ID from group name.
* Look up I/O log group-ID from group name.
*/
bool
cb_iolog_group(const union sudo_defs_val *sd_un)

6
plugins/sudoers/ldap.c
View File

@@ -984,13 +984,13 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
CHECK_STRLCAT(buf, ")", sz);
/* Append user ID */
/* Append user-ID */
(void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid);
CHECK_STRLCAT(buf, "(sudoUser=#", sz);
CHECK_STRLCAT(buf, idbuf, sz);
CHECK_STRLCAT(buf, ")", sz);
/* Append primary group and group ID */
/* Append primary group and group-ID */
if (grp != NULL) {
CHECK_STRLCAT(buf, "(sudoUser=%", sz);
CHECK_LDAP_VCAT(buf, grp->gr_name, sz);
@@ -1001,7 +1001,7 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
CHECK_STRLCAT(buf, idbuf, sz);
CHECK_STRLCAT(buf, ")", sz);
/* Append supplementary groups and group IDs */
/* Append supplementary groups and group-IDs */
if (grlist != NULL) {
for (i = 0; i < grlist->ngroups; i++) {
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)

6
plugins/sudoers/policy.c
View File

@@ -434,17 +434,17 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
}
}
/* User name, user ID, group ID and host name must be specified. */
/* User name, user-ID, group-ID and host name must be specified. */
if (user_name == NULL) {
sudo_warnx(U_("user name not set by sudo front-end"));
goto bad;
}
if (!uid_set) {
sudo_warnx(U_("user ID not set by sudo front-end"));
sudo_warnx(U_("user-ID not set by sudo front-end"));
goto bad;
}
if (!gid_set) {
sudo_warnx(U_("group ID not set by sudo front-end"));
sudo_warnx(U_("group-ID not set by sudo front-end"));
goto bad;
}
if (user_host == NULL) {

16
plugins/sudoers/pwutil.c
View File

@@ -103,7 +103,7 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
}
/*
* Compare by user ID.
* Compare by user-ID.
* v1 is the key to find or data to insert, v2 is in-tree data.
*/
static int
@@ -135,7 +135,7 @@ cmp_pwnam(const void *v1, const void *v2)
/*
* Compare by user name, taking into account the source type.
* Need to differentiate between group IDs received from the front-end
* Need to differentiate between group-IDs received from the front-end
* (via getgroups()) and groups IDs queried from the group database.
* v1 is the key to find or data to insert, v2 is in-tree data.
*/
@@ -463,7 +463,7 @@ sudo_freepwcache(void)
}
/*
* Compare by group ID.
* Compare by group-ID.
* v1 is the key to find or data to insert, v2 is in-tree data.
*/
static int
@@ -908,7 +908,7 @@ sudo_get_gidlist(const struct passwd *pw, unsigned int type)
struct rbnode *node;
debug_decl(sudo_get_gidlist, SUDOERS_DEBUG_NSS)
sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group IDs for %s",
sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s: looking up group-IDs for %s",
__func__, pw->pw_name);
if (gidlist_cache == NULL) {
@@ -1015,7 +1015,7 @@ user_in_group(const struct passwd *pw, const char *group)
debug_decl(user_in_group, SUDOERS_DEBUG_NSS)
/*
* If it could be a sudo-style group ID check gids first.
* If it could be a sudo-style group-ID check gids first.
*/
if (group[0] == '#') {
const char *errstr;
@@ -1041,8 +1041,8 @@ user_in_group(const struct passwd *pw, const char *group)
/*
* Next match the group name. By default, sudoers resolves all the user's
* group IDs to names and matches by name. If match_group_by_gid is
* set, each group is sudoers is resolved and matching is by group ID.
* group-IDs to names and matches by name. If match_group_by_gid is
* set, each group is sudoers is resolved and matching is by group-ID.
*/
if (def_match_group_by_gid) {
gid_t gid;
@@ -1052,7 +1052,7 @@ user_in_group(const struct passwd *pw, const char *group)
goto done;
gid = grp->gr_gid;
/* Check against user's primary (passwd file) group ID. */
/* Check against user's primary (passwd file) group-ID. */
if (gid == pw->pw_gid) {
matched = true;
goto done;

2
plugins/sudoers/sssd.c
View File

@@ -736,7 +736,7 @@ sudo_sss_getdefs(struct sudo_nss *nss)
sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults");
/* NOTE: these are global defaults, user ID and name are not used. */
/* NOTE: these are global defaults, user-ID and name are not used. */
rc = handle->fn_send_recv_defaults(sudo_user.pw->pw_uid,
sudo_user.pw->pw_name, &sss_error, &handle->domainname, &sss_result);
switch (rc) {

4
plugins/sudoers/testsudoers.c
View File

@@ -157,7 +157,7 @@ main(int argc, char *argv[])
case 'G':
sudoers_gid = (gid_t)sudo_strtoid(optarg, &errstr);
if (errstr != NULL)
sudo_fatalx("group ID %s: %s", optarg, errstr);
sudo_fatalx("group-ID %s: %s", optarg, errstr);
break;
case 'g':
runas_group = optarg;
@@ -188,7 +188,7 @@ main(int argc, char *argv[])
case 'U':
sudoers_uid = (uid_t)sudo_strtoid(optarg, &errstr);
if (errstr != NULL)
sudo_fatalx("user ID %s: %s", optarg, errstr);
sudo_fatalx("user-ID %s: %s", optarg, errstr);
break;
case 'u':
runas_user = optarg;

2
src/exec.c
View File

@@ -215,7 +215,7 @@ exec_setup(struct command_details *details)
goto done;
}
#else
/* Cannot support real user ID that is different from effective user ID. */
/* Cannot support real user-ID that is different from effective user-ID. */
if (setuid(details->euid) != 0) {
sudo_warn(U_("unable to change to runas uid (%u, %u)"),
(unsigned int)details->euid, (unsigned int)details->euid);