isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add iolog_flush option.

Browse Source
This commit is contained in:
Todd C. Miller
2017-03-20 10:25:58 -06:00
parent 8c8d078f66
commit c4e703696a
7 changed files with 144 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
doc/sudoers.cat
View File

@@ -1615,6 +1615,16 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
will be truncated and overwritten unless _i_o_l_o_g___f_i_l_e
ends in six or more Xs.
iolog_flush If set, ssuuddoo will flush I/O log data to disk after each
write instead of buffering it. This makes it possible
to view the logs in real-time as the program is
executing but may significantly reduce the
effectiveness of I/O log compression. This flag is _o_f_f
by default.
This setting is only supported by version 1.8.20 or
higher.
iolog_group The group name to look up when setting the group ID on
new I/O log files and directories. By default, I/O log
files and directories inherit the group ID of the
@@ -2241,12 +2251,14 @@ II//OO LLOOGG FFIILLEESS
_s_t_d_e_r_r standard error to a pipe or redirected to a file
All files other than _l_o_g are compressed in gzip format unless the
_c_o_m_p_r_e_s_s___i_o option has been disabled. Due to buffering, it is not
possible to display the I/O logs in real-time as the program is
executing. The I/O log data will not be complete until the program run
by ssuuddoo has exited or has been terminated by a signal. The output
portion of an I/O log file can be viewed with the sudoreplay(1m) utility,
which can also be used to list or search the available logs.
_c_o_m_p_r_e_s_s___i_o flag has been disabled. Due to buffering, it is not normally
possible to display the I/O logs in real-time as the program is executing
The I/O log data will not be complete until the program run by ssuuddoo has
exited or has been terminated by a signal. The _i_o_l_o_g___f_l_u_s_h flag can be
used to disable buffering, in which case I/O log data is written to disk
as soon as it is available. The output portion of an I/O log file can be
viewed with the sudoreplay(1m) utility, which can also be used to list or
search the available logs.
Note that user input may contain sensitive information such as passwords
(even if they are not echoed to the screen), which will be stored in the
@@ -2748,4 +2760,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details.
Sudo 1.8.20 March 17, 2017 Sudo 1.8.20
Sudo 1.8.20 March 20, 2017 Sudo 1.8.20

25
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDOERS" "5" "March 17, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS" "5" "March 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -3315,6 +3315,19 @@ ends in six or
more
\fRX\fRs.
.TP 18n
iolog_flush
If set,
\fBsudo\fR
will flush I/O log data to disk after each write instead of buffering it.
This makes it possible to view the logs in real-time as the program
is executing but may significantly reduce the effectiveness of I/O
log compression.
This flag is
\fIoff\fR
by default.
.sp
This setting is only supported by version 1.8.20 or higher.
.TP 18n
iolog_group
The group name to look up when setting the group ID on new I/O log
files and directories.
@@ -4467,12 +4480,16 @@ All files other than
\fIlog\fR
are compressed in gzip format unless the
\fIcompress_io\fR
option has been disabled.
Due to buffering, it is not possible to display the I/O logs in
real-time as the program is executing.
flag has been disabled.
Due to buffering, it is not normally possible to display the I/O logs in
real-time as the program is executing
The I/O log data will not be complete until the program run by
\fBsudo\fR
has exited or has been terminated by a signal.
The
\fIiolog_flush\fR
flag can be used to disable buffering, in which case I/O log data
is written to disk as soon as it is available.
The output portion of an I/O log file can be viewed with the
sudoreplay(@mansectsu@)
utility, which can also be used to list or search the available logs.

24
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd March 17, 2017
.Dd March 20, 2017
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -3109,6 +3109,18 @@ overwritten unless
ends in six or
more
.Li X Ns s .
.It iolog_flush
If set,
.Nm sudo
will flush I/O log data to disk after each write instead of buffering it.
This makes it possible to view the logs in real-time as the program
is executing but may significantly reduce the effectiveness of I/O
log compression.
This flag is
.Em off
by default.
.Pp
This setting is only supported by version 1.8.20 or higher.
.It iolog_group
The group name to look up when setting the group ID on new I/O log
files and directories.
@@ -4148,12 +4160,16 @@ All files other than
.Pa log
are compressed in gzip format unless the
.Em compress_io
option has been disabled.
Due to buffering, it is not possible to display the I/O logs in
real-time as the program is executing.
flag has been disabled.
Due to buffering, it is not normally possible to display the I/O logs in
real-time as the program is executing
The I/O log data will not be complete until the program run by
.Nm sudo
has exited or has been terminated by a signal.
The
.Em iolog_flush
flag can be used to disable buffering, in which case I/O log data
is written to disk as soon as it is available.
The output portion of an I/O log file can be viewed with the
.Xr sudoreplay @mansectsu@
utility, which can also be used to list or search the available logs.