diff --git a/NEWS b/NEWS index 622adac46..05e745390 100644 --- a/NEWS +++ b/NEWS @@ -480,10 +480,10 @@ What's new in Sudo 1.8.25 * Fixed a bug introduced in sudo 1.8.24 where sudoNotAfter in the LDAP back-end was not being properly parsed. Bug #845. - * When sudo runs a command in a pseudo-tty, the slave device is - now closed in the main process immediately after starting the - monitor process. This removes the need for an AIX-specific - workaround that was added in sudo 1.8.24. + * When sudo runs a command in a pseudo-terminal, the follower + device is now closed in the main process immediately after + starting the monitor process. This removes the need for an + AIX-specific workaround that was added in sudo 1.8.24. * Added support for monotonic timers on HP-UX. diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 561501b24..ac493897c 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "May 19, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "June 15, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -379,13 +379,8 @@ explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR -options are +options are allowed and their values are inherited from the invoking process. -In this case, -\fIenv_check\fR -and -\fIenv_delete\fR -behave like a blacklist. Prior to version 1.8.21, environment variables with a value beginning with \fR()\fR were always removed. @@ -395,7 +390,7 @@ is used to match \fBbash\fR shell functions instead. Since it is not possible -to blacklist all potentially dangerous environment variables, use +to block all potentially dangerous environment variables, use of the default \fIenv_reset\fR behavior is encouraged. @@ -5267,7 +5262,7 @@ Defaults env_keep += "DISPLAY HOME" # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl -User_Alias WEBMASTERS = will, wendy, wim +User_Alias WEBADMIN = will, wendy, wim # Runas alias specification Runas_Alias OP = root, operator @@ -5281,7 +5276,7 @@ Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification @@ -5605,7 +5600,7 @@ The user may run any command on any machine except for those in the \fISERVERS\fR \fRHost_Alias\fR -(master, mail, www and ns). +(primary, mail, www and ns). .nf .sp .RS 0n @@ -5658,12 +5653,12 @@ needs to be able to kill hung processes. .nf .sp .RS 0n -WEBMASTERS www = (www) ALL, (root) /usr/bin/su www +WEBADMIN www = (www) ALL, (root) /usr/bin/su www .RE .fi .PP On the host www, any user in the -\fIWEBMASTERS\fR +\fIWEBADMIN\fR \fRUser_Alias\fR (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 130687186..97e3c5aae 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd May 19, 2020 +.Dd June 15, 2020 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -369,13 +369,8 @@ explicitly denied by the .Em env_check and .Em env_delete -options are +options are allowed and their values are inherited from the invoking process. -In this case, -.Em env_check -and -.Em env_delete -behave like a blacklist. Prior to version 1.8.21, environment variables with a value beginning with .Li () were always removed. @@ -385,7 +380,7 @@ is used to match .Sy bash shell functions instead. Since it is not possible -to blacklist all potentially dangerous environment variables, use +to block all potentially dangerous environment variables, use of the default .Em env_reset behavior is encouraged. @@ -4902,7 +4897,7 @@ Defaults env_keep += "DISPLAY HOME" # User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl -User_Alias WEBMASTERS = will, wendy, wim +User_Alias WEBADMIN = will, wendy, wim # Runas alias specification Runas_Alias OP = root, operator @@ -4916,7 +4911,7 @@ Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification @@ -5198,7 +5193,7 @@ The user may run any command on any machine except for those in the .Em SERVERS .Li Host_Alias -(master, mail, www and ns). +(primary, mail, www and ns). .Bd -literal jill SERVERS = /usr/bin/, !SU, !SHELLS .Ed @@ -5240,11 +5235,11 @@ On his personal workstation, valkyrie, .Sy matt needs to be able to kill hung processes. .Bd -literal -WEBMASTERS www = (www) ALL, (root) /usr/bin/su www +WEBADMIN www = (www) ALL, (root) /usr/bin/su www .Ed .Pp On the host www, any user in the -.Em WEBMASTERS +.Em WEBADMIN .Li User_Alias (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply diff --git a/examples/sudoers b/examples/sudoers index 4d950958f..1ee8d7257 100644 --- a/examples/sudoers +++ b/examples/sudoers @@ -20,7 +20,7 @@ Defaults!PAGERS noexec ## User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl -User_Alias WEBMASTERS = will, wendy, wim +User_Alias WEBADMIN = will, wendy, wim ## # Runas alias specification @@ -37,7 +37,7 @@ Host_Alias SPARC = bigtime, eclipse, moet, anchor:\ HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns Host_Alias CDROM = orion, perseus, hercules ## @@ -123,10 +123,10 @@ steve CSNETS = (operator) /usr/local/op_commands/ # they get hung. matt valkyrie = KILL -# users in the WEBMASTERS User_Alias (will, wendy, and wim) +# users in the WEBADMIN User_Alias (will, wendy, and wim) # may run any command as user www (which owns the web pages) # or simply su to www. -WEBMASTERS www = (www) ALL, (root) /usr/bin/su www +WEBADMIN www = (www) ALL, (root) /usr/bin/su www # anyone can mount/unmount a cd-rom on the machines in the CDROM alias ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ diff --git a/plugins/sudoers/regress/cvtsudoers/sudoers b/plugins/sudoers/regress/cvtsudoers/sudoers index 6f6608380..8a926f8c0 100644 --- a/plugins/sudoers/regress/cvtsudoers/sudoers +++ b/plugins/sudoers/regress/cvtsudoers/sudoers @@ -20,7 +20,7 @@ Defaults!PAGERS noexec ## User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl -User_Alias WEBMASTERS = will, wendy, wim +User_Alias WEBADMIN = will, wendy, wim ## # Runas alias specification @@ -37,7 +37,7 @@ Host_Alias SPARC = bigtime, eclipse, moet, anchor:\ HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns Host_Alias CDROM = orion, perseus, hercules ## @@ -116,10 +116,10 @@ steve CSNETS = (operator) /usr/local/op_commands/ # they get hung. matt valkyrie = KILL -# users in the WEBMASTERS User_Alias (will, wendy, and wim) +# users in the WEBADMIN User_Alias (will, wendy, and wim) # may run any command as user www (which owns the web pages) # or simply su to www. -WEBMASTERS www = (www) ALL, (root) /usr/bin/su www +WEBADMIN www = (www) ALL, (root) /usr/bin/su www # anyone can mount/unmount a cd-rom on the machines in the CDROM alias ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ diff --git a/plugins/sudoers/regress/cvtsudoers/sudoers.defs b/plugins/sudoers/regress/cvtsudoers/sudoers.defs index c6bfa930e..b374930fe 100755 --- a/plugins/sudoers/regress/cvtsudoers/sudoers.defs +++ b/plugins/sudoers/regress/cvtsudoers/sudoers.defs @@ -8,7 +8,7 @@ Defaults!PAGERS noexec User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns Host_Alias CDROM = orion, perseus, hercules Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ diff --git a/plugins/sudoers/regress/cvtsudoers/test13.out.ok b/plugins/sudoers/regress/cvtsudoers/test13.out.ok index 791dcba7e..5276327cc 100644 --- a/plugins/sudoers/regress/cvtsudoers/test13.out.ok +++ b/plugins/sudoers/regress/cvtsudoers/test13.out.ok @@ -3,5 +3,5 @@ Defaults@SERVERS log_year, logfile=/var/log/sudo.log Host_Alias CDROM = orion, perseus, hercules Runas_Alias OPERATOR = operator, backup User_Alias PARTTIMERS = bostley, jwfox, crawl -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn diff --git a/plugins/sudoers/regress/cvtsudoers/test19.out.ok b/plugins/sudoers/regress/cvtsudoers/test19.out.ok index a36b949a3..66b95acfd 100644 --- a/plugins/sudoers/regress/cvtsudoers/test19.out.ok +++ b/plugins/sudoers/regress/cvtsudoers/test19.out.ok @@ -6,6 +6,6 @@ Defaults!PAGERS noexec User_Alias FULLTIMERS = millert, mikef, dowdy Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns FULLTIMERS ALL = NOPASSWD: ALL diff --git a/plugins/sudoers/regress/visudo/test6.sh b/plugins/sudoers/regress/visudo/test6.sh index 596f5a184..a702c7946 100755 --- a/plugins/sudoers/regress/visudo/test6.sh +++ b/plugins/sudoers/regress/visudo/test6.sh @@ -19,7 +19,7 @@ User_Alias FULLTIMERS = millert, mikef, dowdy Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less -Host_Alias SERVERS = master, mail, www, ns +Host_Alias SERVERS = primary, mail, www, ns EOF exit 0