isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2009-06-11 20:29:12 +00:00
parent 54c599d714
commit e939739aae
8 changed files with 116 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
sudo.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.7.1 March 11, 2009 1
1.7.2 June 11, 2009 1
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.7.1 March 11, 2009 2
1.7.2 June 11, 2009 2
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.7.1 March 11, 2009 3
1.7.2 June 11, 2009 3
@@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.7.1 March 11, 2009 4
1.7.2 June 11, 2009 4
@@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.7.1 March 11, 2009 5
1.7.2 June 11, 2009 5
@@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.7.1 March 11, 2009 6
1.7.2 June 11, 2009 6
@@ -457,7 +457,7 @@ EENNVVIIRROONNMMEENNTT
1.7.1 March 11, 2009 7
1.7.2 June 11, 2009 7
@@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS
1.7.1 March 11, 2009 8
1.7.2 June 11, 2009 8
@@ -589,7 +589,7 @@ SSUUPPPPOORRTT
1.7.1 March 11, 2009 9
1.7.2 June 11, 2009 9
@@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR
1.7.1 March 11, 2009 10
1.7.2 June 11, 2009 10

4
sudo.man.in
View File

@@ -1,4 +1,4 @@
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2008
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -153,7 +153,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "March 11, 2009" "1.7.1" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l

66
sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.7.1 April 18, 2009 1
1.7.2 June 11, 2009 1
@@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 2
1.7.2 June 11, 2009 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 3
1.7.2 June 11, 2009 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 4
1.7.2 June 11, 2009 4
@@ -276,7 +276,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
what user) on specified hosts. By default, commands are run as rroooott,
but this can be changed on a per-command basis.
Let's break that down into its constituent parts:
The basic structure of a user specification is `who = where (as_whom)
what'. Let's break that down into its constituent parts:
RRuunnaass__SSppeecc
@@ -324,8 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 5
1.7.2 June 11, 2009 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 6
1.7.2 June 11, 2009 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 7
1.7.2 June 11, 2009 7
@@ -486,7 +486,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The filename may include the %h escape, signifying the short form of
the hostname. I.e., if the machine's hostname is "xerxes", then
#include /etc/sudoers.%h
#include /etc/sudoers.%h
will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s.
@@ -494,13 +494,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
the system package manager can drop _s_u_d_o_e_r_s rules into as part of
package installation. For example, given:
#includedir /etc/sudoers.d
#includedir /etc/sudoers.d
ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping files that contain
a . character to avoid causing problems with package manager, vviissuuddoo or
editor temporary files. Files are parsed in sorted lexical order.
That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed before
_/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Be aware that because the sorting is
ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping file names that
end in ~ or contain a . character to avoid causing problems with
package manager or editor temporary/backup files. Files are parsed in
sorted lexical order. That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed
before _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Be aware that because the sorting is
lexical, not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded aafftteerr
_/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Using a consistent number of leading zeroes
in the file names can be used to avoid such problems.
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 8
1.7.2 June 11, 2009 8
@@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.7.1 April 18, 2009 9
1.7.2 June 11, 2009 9
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 10
1.7.2 June 11, 2009 10
@@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 11
1.7.2 June 11, 2009 11
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 12
1.7.2 June 11, 2009 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 13
1.7.2 June 11, 2009 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 14
1.7.2 June 11, 2009 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 15
1.7.2 June 11, 2009 15
@@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 16
1.7.2 June 11, 2009 16
@@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 17
1.7.2 June 11, 2009 17
@@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 18
1.7.2 June 11, 2009 18
@@ -1249,7 +1249,7 @@ EEXXAAMMPPLLEESS
1.7.1 April 18, 2009 19
1.7.2 June 11, 2009 19
@@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 20
1.7.2 June 11, 2009 20
@@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 21
1.7.2 June 11, 2009 21
@@ -1447,7 +1447,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
1.7.1 April 18, 2009 22
1.7.2 June 11, 2009 22
@@ -1513,7 +1513,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.7.1 April 18, 2009 23
1.7.2 June 11, 2009 23
@@ -1579,6 +1579,6 @@ DDIISSCCLLAAIIMMEERR
1.7.1 April 18, 2009 24
1.7.2 June 11, 2009 24

70
sudoers.ldap.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.7.1 March 11, 2009 1
1.7.2 June 11, 2009 1
@@ -127,7 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 2
1.7.2 June 11, 2009 2
@@ -193,7 +193,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 3
1.7.2 June 11, 2009 3
@@ -259,7 +259,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 4
1.7.2 June 11, 2009 4
@@ -325,7 +325,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 5
1.7.2 June 11, 2009 5
@@ -391,7 +391,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 6
1.7.2 June 11, 2009 6
@@ -457,7 +457,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 7
1.7.2 June 11, 2009 7
@@ -523,7 +523,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
1.7.1 March 11, 2009 8
1.7.2 June 11, 2009 8
@@ -589,7 +589,7 @@ EEXXAAMMPPLLEESS
1.7.1 March 11, 2009 9
1.7.2 June 11, 2009 9
@@ -645,17 +645,17 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
#tls_cert /etc/certs/client_cert.pem
#tls_key /etc/certs/client_key.pem
#
# For SunONE or iPlanet LDAP, the file specified by tls_cert may
# contain CA certs and/or the client's cert. If the client's
# cert is included, tls_key should be specified as well.
# For backward compatibility, sslpath may be used in place of tls_cert.
#tls_cert /var/ldap/cert7.db
#tls_key /var/ldap/key3.db
#
# For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either
# a directory, in which case the files in the directory must have the
# default names (e.g. cert8.db and key4.db), or the path to the cert
# and key files themselves. However, a bug in version 5.0 of the LDAP
# SDK will prevent specific file names from working. For this reason
# it is suggested that tls_cert and tls_key be set to a directory,
# not a file name.
1.7.1 March 11, 2009 10
1.7.2 June 11, 2009 10
@@ -664,6 +664,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
#
# The certificate database specified by tls_cert may contain CA certs
# and/or the client's cert. If the client's cert is included, tls_key
# should be specified as well.
# For backward compatibility, "sslpath" may be used in place of tls_cert.
#tls_cert /var/ldap
#tls_key /var/ldap
#
# If using SASL authentication for LDAP (OpenSSL)
# use_sasl yes
# sasl_auth_id <SASL username>
@@ -710,18 +718,10 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.6
NAME 'sudoRunAsUser'
DESC 'User(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.7
NAME 'sudoRunAsGroup'
1.7.1 March 11, 2009 11
1.7.2 June 11, 2009 11
@@ -730,6 +730,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4)
attributetype ( 1.3.6.1.4.1.15953.9.1.6
NAME 'sudoRunAsUser'
DESC 'User(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.7
NAME 'sudoRunAsGroup'
DESC 'Group(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -779,14 +787,6 @@ DDIISSCCLLAAIIMMEERR
1.7.1 March 11, 2009 12
1.7.2 June 11, 2009 12

24
sudoers.ldap.man.in
View File

@@ -1,4 +1,4 @@
.\" Copyright (c) 2003-2008
.\" Copyright (c) 2003-2009
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS.LDAP @mansectform@"
.TH SUDOERS.LDAP @mansectform@ "March 11, 2009" "1.7.1" "MAINTENANCE COMMANDS"
.TH SUDOERS.LDAP @mansectform@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -716,12 +716,20 @@ determines sudoers source order on \s-1AIX\s0
\& #tls_cert /etc/certs/client_cert.pem
\& #tls_key /etc/certs/client_key.pem
\& #
\& # For SunONE or iPlanet LDAP, the file specified by tls_cert may
\& # contain CA certs and/or the client\*(Aqs cert. If the client\*(Aqs
\& # cert is included, tls_key should be specified as well.
\& # For backward compatibility, sslpath may be used in place of tls_cert.
\& #tls_cert /var/ldap/cert7.db
\& #tls_key /var/ldap/key3.db
\& # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either
\& # a directory, in which case the files in the directory must have the
\& # default names (e.g. cert8.db and key4.db), or the path to the cert
\& # and key files themselves. However, a bug in version 5.0 of the LDAP
\& # SDK will prevent specific file names from working. For this reason
\& # it is suggested that tls_cert and tls_key be set to a directory,
\& # not a file name.
\& #
\& # The certificate database specified by tls_cert may contain CA certs
\& # and/or the client\*(Aqs cert. If the client\*(Aqs cert is included, tls_key
\& # should be specified as well.
\& # For backward compatibility, "sslpath" may be used in place of tls_cert.
\& #tls_cert /var/ldap
\& #tls_key /var/ldap
\& #
\& # If using SASL authentication for LDAP (OpenSSL)
\& # use_sasl yes

34
sudoers.man.in
View File

@@ -1,4 +1,4 @@
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2008
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -153,7 +153,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "April 18, 2009" "1.7.1" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -406,7 +406,8 @@ A \fBuser specification\fR determines which commands a user may run
(and as what user) on specified hosts. By default, commands are
run as \fBroot\fR, but this can be changed on a per-command basis.
.PP
Let's break that down into its constituent parts:
The basic structure of a user specification is `who = where (as_whom)
what'. Let's break that down into its constituent parts:
.Sh "Runas_Spec"
.IX Subsection "Runas_Spec"
A \f(CW\*(C`Runas_Spec\*(C'\fR determines the user and/or the group that a command
@@ -622,9 +623,7 @@ files is enforced to prevent include file loops.
The filename may include the \f(CW%h\fR escape, signifying the short form
of the hostname. I.e., if the machine's hostname is \*(L"xerxes\*(R", then
.PP
.Vb 1
\& #include /etc/sudoers.%h
.Ve
\&\f(CW\*(C`#include /etc/sudoers.%h\*(C'\fR
.PP
will cause \fBsudo\fR to include the file \fI/etc/sudoers.xerxes\fR.
.PP
@@ -632,19 +631,18 @@ The \f(CW\*(C`#includedir\*(C'\fR directive can be used to create a \fIsudo.d\fR
directory that the system package manager can drop \fIsudoers\fR rules
into as part of package installation. For example, given:
.PP
.Vb 1
\& #includedir /etc/sudoers.d
.Ve
\&\f(CW\*(C`#includedir /etc/sudoers.d\*(C'\fR
.PP
\&\fBsudo\fR will read each file in \fI/etc/sudoers.d\fR, skipping files
that contain a \f(CW\*(C`.\*(C'\fR character to avoid causing problems with package
manager, \fBvisudo\fR or editor temporary files. Files are parsed in
sorted lexical order. That is, \fI/etc/sudoers.d/01_first\fR will be
parsed before \fI/etc/sudoers.d/10_second\fR. Be aware that because
the sorting is lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR
would be loaded \fBafter\fR \fI/etc/sudoers.d/10_second\fR. Using a
consistent number of leading zeroes in the file names can be used
to avoid such problems.
\&\fBsudo\fR will read each file in \fI/etc/sudoers.d\fR, skipping file
names that end in \f(CW\*(C`~\*(C'\fR or contain a \f(CW\*(C`.\*(C'\fR character to avoid causing
problems with package manager or editor temporary/backup files.
Files are parsed in sorted lexical order. That is,
\&\fI/etc/sudoers.d/01_first\fR will be parsed before
\&\fI/etc/sudoers.d/10_second\fR. Be aware that because the sorting is
lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR would be loaded
\&\fBafter\fR \fI/etc/sudoers.d/10_second\fR. Using a consistent number
of leading zeroes in the file names can be used to avoid such
problems.
.PP
Note that unlike files included via \f(CW\*(C`#include\*(C'\fR, \fBvisudo\fR will not
edit the files in a \f(CW\*(C`#includedir\*(C'\fR directory unless one of them

6
visudo.cat
View File

@@ -61,7 +61,7 @@ OOPPTTIIOONNSS
1.7.1 March 11, 2009 1
1.7.2 June 11, 2009 1
@@ -127,7 +127,7 @@ AAUUTTHHOORR
1.7.1 March 11, 2009 2
1.7.2 June 11, 2009 2
@@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR
1.7.1 March 11, 2009 3
1.7.2 June 11, 2009 3

2
visudo.man.in
View File

@@ -153,7 +153,7 @@
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
.TH VISUDO @mansectsu@ "March 11, 2009" "1.7.1" "MAINTENANCE COMMANDS"
.TH VISUDO @mansectsu@ "June 11, 2009" "1.7.2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l