isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,022 Commits 1 Branch 0 Tags
788708c9ff925a79ffdd56612f86d3dfc36d7232
Commit Graph

266 Commits

Author SHA1 Message Date
Todd C. Miller
81602ad086 sudoedit should be used for editing files instead of "sudo editor" 
That way the user's editor config files are used by the editor.
 2019-06-21 14:54:09 -06:00
Todd C. Miller
a45732528b Use the term pseudo-terminal more consistently. 2019-06-20 16:52:49 -06:00
Todd C. Miller
ee214e5261 Document why HOME should not be preserved from the user's environment. 
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_set_home as obsolete.
 2019-06-20 16:32:18 -06:00
Todd C. Miller
958cf7e37f Don't describe env_editor as a security hole. 
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
 2019-06-20 11:40:47 -06:00
Todd C. Miller
6fe2223298 Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) preserved. 
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sander Bos
 2019-06-20 11:05:15 -06:00
Todd C. Miller
7ce9b80085 Use of "they" was ambiguous. 2019-06-19 14:36:59 -06:00
Todd C. Miller
05f9643b89 Better description of secure_path. 
The secure_path option affects the resolution of unqualified commands
as well as the environment that commands run with.
 2019-06-19 14:29:25 -06:00
Todd C. Miller
7d5b1e3b1b Fix a few typos and awkward wording. 
Use the singular "they" instead of he/she.
Add back missing text in description of variables starting with ().
Based on changes from Sander Bos.
 2019-06-19 14:02:16 -06:00
Todd C. Miller
cb4ded8fb6 Clarify which environment variables are set based on the target user. 2019-06-15 09:41:39 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
0e8fffdb30 Fix unescaped '\' and remove an extra '[' in the definition of digest. 2019-03-04 08:52:28 -07:00
Todd C. Miller
7d5b0064af The iolog_dir section is below the maxseq section, not above. 2018-12-20 06:57:05 -07:00
Todd C. Miller
b8ba372227 Fix section in the .TH line of *.man.in file. 
The substitution for @mansectsu@ and @mansectform@ was broken.
No longer need to strip out OpenBSD from the header line.
 2018-11-27 13:15:08 -07:00
Todd C. Miller
e010706ede Use roff conditionals in the manuals instead of post-processing. 
We still need to process the resulting .man.in files to add back
the conditionals but this should be easier to debug as the changes
are visible in the .in file.
Some minor postprocessing is still used to make the manuals HP-UX
friendly and to change "0 seconds" -> unlimited after substitution.
 2018-11-27 08:14:15 -07:00
Todd C. Miller
7c0019d2a5 Revert changes to give arguments to the .Bx macro. 
This is intended for things like .Bx 4.3 to generate "4.3BSD" so
the argument ends up before the BSD, not after.  Just go back to
using "BSD authentication" and "BSD login classes" so fixmdoc.sh
can operate correctly.  Bug #861
 2018-11-24 08:34:03 -07:00
Todd C. Miller
fb015fac1b Document that the target user's groups may be specified via the -g option. 2018-10-27 12:52:17 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
675802b71c Use mdoc macros for BSD systems. 
All manuals now pass "make lint"
 2018-10-07 07:34:22 -06:00
Todd C. Miller
dd6a6e4013 Fix problems found by igor. Bug #854 2018-10-06 06:00:56 -06:00
Todd C. Miller
d537daf787 Treat LOGIN, LOGNAME and USER specially. If one is preserved 
or deleted we want to preserve or delete all of them.
 2018-09-24 05:30:28 -06:00
Todd C. Miller
5f61f2c0f4 Remove special handling of the USERNAME environment variable. It 
used to be set on old versions of Fedora but that hasn't been the
case for some time.  It's worth noting that ssh doesn't set USERNAME
either.
 2018-09-24 05:30:03 -06:00
Todd C. Miller
0484e3d6a9 Fix ambiguity when talking about Aliases. We can't use User_Alias 
in the grammar as both the definition of the Alias as well as its
name.  This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate
between the name of the alias and its definition.  Bug #834
 2018-08-07 10:03:05 -06:00
Todd C. Miller
b67915c6e4 Fix some issues pointed out by mandoc -Tlint 2018-06-13 11:19:35 -06:00
Todd C. Miller
1e26c6043e Describe the special handling of LOGNAME, USER and USERNAME. 
Fix typos reported by aspell.
 2018-04-18 14:14:47 -06:00
Todd C. Miller
3194a00e9e Document that the editor setting is also used by sudoedit. 2018-04-18 09:40:48 -06:00
Todd C. Miller
43ea752ded Update copyright year and regen man pages. 2018-04-15 16:43:06 -06:00
Todd C. Miller
b6c53ac846 Decrease bullet width to 1n. 2018-03-21 06:52:50 -06:00
Todd C. Miller
e26ef96a65 Add case_insensitive_group and case_insensitive_user sudoers options, 
which are enabled by default.
 2018-03-05 10:42:02 -07:00
Todd C. Miller
12affcd5ef Add missing close parenthesis in "Including other files from within 
sudoers" section.  Bug #824
 2018-02-26 17:59:58 -07:00
Todd C. Miller
525c6a3d94 Use /run in preference to /var/run if it exists. 
Bug #822
 2018-02-19 10:59:12 -07:00
Todd C. Miller
5de49b2d6b The max timeout for kernel time stamps is 60 minutes, not 3600 minutes. 2018-01-30 11:11:48 -07:00
Todd C. Miller
eb8b5c7964 document that kernel tty timestamps don't support negative timeouts 2018-01-24 05:27:54 -07:00
Todd C. Miller
b3601253e6 Fall back to ppid time stamps if timestamp_type == kernel and no 
tty is present.  This is consistent with timestamp_type == tty.
 2018-01-23 11:18:18 -07:00
Todd C. Miller
23ac62cfb5 Also honor SUDO_EDITOR in visudo. Previously is was only used 
by sudoedit.
 2017-12-22 10:22:33 -07:00
Todd C. Miller
feb48b8ebf Add "kernel" as a possible value of timestamp_type. 
Currently only supported on OpenBSD.
 2017-12-20 16:19:54 -07:00
Todd C. Miller
5f3797c754 Document the sudoers time stamp file format. 2017-12-20 13:01:06 -07:00
Todd C. Miller
1709dc7f77 In the timestamp record, include the start time of the terminal 
session leader for tty-based timestamps or the start time of the
parent process for ppid-based timestamps.  Idea from Duncan Overbruck.
 2017-12-16 05:53:05 -07:00
Todd C. Miller
f869086eff regen 2017-12-12 14:19:13 -07:00
Todd C. Miller
1350a30737 Add authfail_message sudoers option to allow the user to override 
the default message of %d incorrect password attempt(s).
 2017-12-11 12:43:58 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
1051cf1e6f env_keep and env_check are also taken into account with "sudo -i". 
Bug #806
 2017-09-26 13:08:57 -06:00
Todd C. Miller
7e78fbccfd More accurately describe the use_pty option now that its behavior 
has changed with respect to interposition with a pipe.
Also describe some caveats with log_input.
 2017-09-07 14:59:37 -06:00
Todd C. Miller
54860cf7f5 In the Runas example that uses "boulder" make it clear that "boulder" 
is a host name.
 2017-08-04 14:55:03 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
d76d5eaebc Clarify how the variable prompt options interact with each other 
and PAM.
 2017-07-21 11:18:13 -06:00
Todd C. Miller
d129f306ea Add syslog_pid sudoers option to log sudo's process ID when logging 
via syslog.  This is disabled by default to match historic behavior.
 2017-07-20 16:33:12 -06:00
Todd C. Miller
60146c2959 Fix the man section of sudo_plugin in cross-references. 2017-06-07 16:25:46 -06:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
0ab00964ec Mac OS X -> macOS 2017-06-02 16:10:37 -06:00