document that ALL implies SETENV
This commit is contained in:
Todd C. Miller
6
sudo.pod
6
sudo.pod
@@ -321,9 +321,9 @@ on the command line in the form of B<VAR>=I<value>, e.g.
|
|||||||
B<LD_LIBRARY_PATH>=I</usr/local/pkg/lib>. Variables passed on the
|
B<LD_LIBRARY_PATH>=I</usr/local/pkg/lib>. Variables passed on the
|
||||||
command line are subject to the same restrictions as normal environment
|
command line are subject to the same restrictions as normal environment
|
||||||
variables with one important exception. If the I<setenv> option
|
variables with one important exception. If the I<setenv> option
|
||||||
is set in I<sudoers> or the command to be run has the C<SETENV> tag
|
is set in I<sudoers>, the command to be run has the C<SETENV> tag
|
||||||
set the user may set variables that would overwise be forbidden.
|
set or the command matched is C<ALL>, the user may set variables
|
||||||
See L<sudoers(5)> for more information.
|
that would overwise be forbidden. See L<sudoers(5)> for more information.
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
|
|||||||
@@ -340,7 +340,9 @@ basis. Note that if C<SETENV> has been set for a command, any
|
|||||||
environment variables set on the command line way are not subject
|
environment variables set on the command line way are not subject
|
||||||
to the restrictions imposed by I<env_check>, I<env_delete>, or
|
to the restrictions imposed by I<env_check>, I<env_delete>, or
|
||||||
I<env_keep>. As such, only trusted users should be allowed to set
|
I<env_keep>. As such, only trusted users should be allowed to set
|
||||||
variables in this manner.
|
variables in this manner. If the command matched is B<ALL>, the
|
||||||
|
C<SETENV> tag is implied for that command; this default may
|
||||||
|
be overridden by use of the C<UNSETENV> tag.
|
||||||
|
|
||||||
=head2 Wildcards
|
=head2 Wildcards
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user