isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

963 Commits

Author SHA1 Message Date
Todd C. Miller
81602ad086 sudoedit should be used for editing files instead of "sudo editor" 
That way the user's editor config files are used by the editor.
 2019-06-21 14:54:09 -06:00
Todd C. Miller
1fe9644f54 Move the section on HOME to be after the environment section. 
Also strongly discourage the disabling of env_reset.
 2019-06-21 13:26:02 -06:00
Todd C. Miller
2d8949198d Remove the Solaris last login question, add one about HOME. 
The PAM session is opened with PAM_SILENT so last login info is not printed.
It is dangerous to preserve HOME from the user's environment.
 2019-06-20 21:49:11 -06:00
Todd C. Miller
a45732528b Use the term pseudo-terminal more consistently. 2019-06-20 16:52:49 -06:00
Todd C. Miller
ee214e5261 Document why HOME should not be preserved from the user's environment. 
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_set_home as obsolete.
 2019-06-20 16:32:18 -06:00
Todd C. Miller
e11fa62cdc Refer to command line options, not flags. 2019-06-20 16:12:32 -06:00
Todd C. Miller
c1fc4e6bec sudo will now prompt for a password as long as /dev/tty is available. 2019-06-20 14:03:03 -06:00
Todd C. Miller
71fdb8e037 Remove .cat pages, there is no need for them in the modern world. 
Sudo only shipped .cat pages for Irix, which lacked nroff.
Irix is long dead and there are multiple open source nroff options.
 2019-06-20 13:15:46 -06:00
Todd C. Miller
184484b213 Make env_editor the default. 
It is already the default in the package script.
 2019-06-20 11:51:47 -06:00
Todd C. Miller
958cf7e37f Don't describe env_editor as a security hole. 
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
 2019-06-20 11:40:47 -06:00
Todd C. Miller
6fe2223298 Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) preserved. 
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sander Bos
 2019-06-20 11:05:15 -06:00
Todd C. Miller
a193f39c83 Modern visudo locks the actual sudoers file, not the sudoers.tmp file. 
Refer to sudoers.tmp as a temporary file, not a lock file.
Reported by Sander Bos
 2019-06-20 10:11:26 -06:00
Todd C. Miller
7ce9b80085 Use of "they" was ambiguous. 2019-06-19 14:36:59 -06:00
Todd C. Miller
05f9643b89 Better description of secure_path. 
The secure_path option affects the resolution of unqualified commands
as well as the environment that commands run with.
 2019-06-19 14:29:25 -06:00
Todd C. Miller
0304416099 Add Sander Bos 2019-06-19 14:02:56 -06:00
Todd C. Miller
7d5b1e3b1b Fix a few typos and awkward wording. 
Use the singular "they" instead of he/she.
Add back missing text in description of variables starting with ().
Based on changes from Sander Bos.
 2019-06-19 14:02:16 -06:00
Todd C. Miller
cb4ded8fb6 Clarify which environment variables are set based on the target user. 2019-06-15 09:41:39 -06:00
Todd C. Miller
948007e771 Document that "no tty present and no askpass program specified" may 
happen when /proc is not accessible.
 2019-05-28 08:42:26 -06:00
Todd C. Miller
d63fe33d1f Add Sangamesh Mallayya and Michael Spradling 2019-05-27 08:51:06 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
14e72b3ec6 Sudo's conversation functions now filters out the last login information. 2019-05-01 10:56:43 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
4b240c2673 regen 2019-04-29 19:43:17 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
0e8fffdb30 Fix unescaped '\' and remove an extra '[' in the definition of digest. 2019-03-04 08:52:28 -07:00
Todd C. Miller
f4853cb754 For sssd, the nsswitch.conf setting should be "sss" not "sssd". 
From Johnathan Smith.
 2019-02-26 13:15:40 -07:00
Todd C. Miller
de94a04ba4 Update for 2019 2019-01-03 11:05:46 -07:00
Todd C. Miller
dc9338ffe7 Allow the sudoers file to be specified without the -f option. 
Bug #864
 2018-12-24 08:26:18 -07:00
Todd C. Miller
7d5b0064af The iolog_dir section is below the maxseq section, not above. 2018-12-20 06:57:05 -07:00
Todd C. Miller
258c7d4dd0 Add missing description of padding option and missing argument to -c. 2018-12-11 09:12:06 -07:00
Todd C. Miller
04a4b3c1fc Fix some typos; reported by Radovan Sroka 2018-12-11 09:02:30 -07:00
Todd C. Miller
85dd1747cf fix mode fixmdoc.sed 2018-11-29 08:47:42 -07:00
Todd C. Miller
b8ba372227 Fix section in the .TH line of *.man.in file. 
The substitution for @mansectsu@ and @mansectform@ was broken.
No longer need to strip out OpenBSD from the header line.
 2018-11-27 13:15:08 -07:00
Todd C. Miller
e0d2dc61eb Add sudoers.man.in.sed, missed from previous commit. 2018-11-27 08:33:51 -07:00
Todd C. Miller
168a7ca110 Add Guillem Jover 2018-11-27 08:27:23 -07:00
Todd C. Miller
e010706ede Use roff conditionals in the manuals instead of post-processing. 
We still need to process the resulting .man.in files to add back
the conditionals but this should be easier to debug as the changes
are visible in the .in file.
Some minor postprocessing is still used to make the manuals HP-UX
friendly and to change "0 seconds" -> unlimited after substitution.
 2018-11-27 08:14:15 -07:00
Todd C. Miller
23006c72c7 Sudo plugin manual updates and clarification from Guillem Jover: 
- Add missing return information for show_version().
- Fix prototypes for several function pointers.
- Update SUDO_API_VERSION_MINOR.
- Add missing references to log_suspend() and change_winsize().
- Add missing "array.".
- Clarify that argc can be zero on sudo -V.
- Clarify size requirements for conversation array arguments.
- Clarify timeout zero value for struct sudo_conv_message.
- Clarify initial and final state of reply in struct sudo_conv_reply.
 2018-11-24 08:39:09 -07:00
Todd C. Miller
7c0019d2a5 Revert changes to give arguments to the .Bx macro. 
This is intended for things like .Bx 4.3 to generate "4.3BSD" so
the argument ends up before the BSD, not after.  Just go back to
using "BSD authentication" and "BSD login classes" so fixmdoc.sh
can operate correctly.  Bug #861
 2018-11-24 08:34:03 -07:00
Todd C. Miller
0679f4529c Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals. 
Bug #861
 2018-11-23 06:42:23 -07:00
Todd C. Miller
5f5d4a285c Mention schema.olcSudo here too. 2018-11-09 11:02:34 -07:00
Todd C. Miller
5e098a782d OpenLDAP schema file for Sudo in on-line configuration (OLC) format. 
From Frederic Pasteleurs.
 2018-11-09 10:38:49 -07:00
Todd C. Miller
cad10fbd2e Portuguese translation for sudo and sudoers from translationproject.org. 2018-11-07 11:20:27 -07:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
fb015fac1b Document that the target user's groups may be specified via the -g option. 2018-10-27 12:52:17 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
56cff772eb Asturian translation for sudo from translationproject.org 2018-10-22 06:21:59 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
75d9c6f165 Some DIAGNOSTICS updates: 
Update error message for when the user's uid does not exist in passwd.
Remove "This error indicates" and some other cosmetic cleanups.
 2018-10-13 06:21:52 -06:00
Todd C. Miller
ae7198a247 Add a DIAGNOSTICS section with an explanation of the more non-trivial 
error messages.
 2018-10-12 09:40:37 -06:00