Emphasis on the never.

2015-08-07 17:05:50 -06:00
parent d4f1aeb196
commit f1053af3b5
6 changed files with 21 additions and 9 deletions
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -433,11 +433,11 @@ SSEECCUURRIITTYY NNOOTTEESS
     environment variable is _n_o_t modified and is passed unchanged to the
     program that ssuuddoo executes.

-     Users should not be granted ssuuddoo privileges to execute files that are
+     Users should _n_e_v_e_r be granted ssuuddoo privileges to execute files that are
     writable by the user or that reside in a directory that is writable by
     the user.  If the user can modify or replace the command there is no way
     to limit what additional commands they can run.  Likewise, users should
-     not be granted ssuuddooeeddiitt permission to edit a file that resides in a
+     _n_e_v_e_r be granted ssuuddooeeddiitt permission to edit a file that resides in a
     directory the user has write access to.  A user with directory write
     access could replace the legitimate file with a link to some other,
     arbitrary, file.  Starting with version 1.8.15, ssuuddooeeddiitt will refuse to
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -869,13 +869,17 @@ modified and is passed unchanged to the program that
 \fBsudo\fR
 executes.
 .PP
-Users should not be granted
+Users should
+\fInever\fR
+be granted
 \fBsudo\fR
 privileges to execute files that are writable by the user or
 that reside in a directory that is writable by the user.
 If the user can modify or replace the command there is no way
 to limit what additional commands they can run.
-Likewise, users should not be granted
+Likewise, users should
+\fInever\fR
+be granted
 \fBsudoedit\fR
 permission to edit a file that resides in a directory the user has
 write access to.
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -804,13 +804,17 @@ modified and is passed unchanged to the program that
 .Nm
 executes.
 .Pp
-Users should not be granted
+Users should
+.Em never
+be granted
 .Nm
 privileges to execute files that are writable by the user or
 that reside in a directory that is writable by the user.
 If the user can modify or replace the command there is no way
 to limit what additional commands they can run.
-Likewise, users should not be granted
+Likewise, users should
+.Em never
+be granted
 .Nm sudoedit
 permission to edit a file that resides in a directory the user has
 write access to.
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -2310,7 +2310,7 @@ SSEECCUURRIITTYY NNOOTTEESS
     of _/_e_t_c_/_m_o_t_d.  After the file has been edited, _/_e_t_c_/_m_o_t_d will be updated
     with the contents of the temporary copy.

-     Users should never be granted ssuuddooeeddiitt permission to edit a file that
+     Users should _n_e_v_e_r be granted ssuuddooeeddiitt permission to edit a file that
     resides in a directory the user has write access to, either directly or
     via a wildcard.  If the user has write access to the directory it is
     possible to replace the legitimate file with a link to another file,
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -4725,7 +4725,9 @@ After the file has been edited,
 \fI/etc/motd\fR
 will be updated with the contents of the temporary copy.
 .PP
-Users should never be granted
+Users should
+\fInever\fR
+be granted
 \fBsudoedit\fR
 permission to edit a file that resides in a directory the user
 has write access to, either directly or via a wildcard.
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -4357,7 +4357,9 @@ After the file has been edited,
 .Pa /etc/motd
 will be updated with the contents of the temporary copy.
 .Pp
-Users should never be granted
+Users should
+.Em never
+be granted
 .Nm sudoedit
 permission to edit a file that resides in a directory the user
 has write access to, either directly or via a wildcard.