=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/sudoers.pod,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- src/usr.bin/sudo/Attic/sudoers.pod 2008/11/14 11:58:08 1.10 +++ src/usr.bin/sudo/Attic/sudoers.pod 2008/11/18 16:01:29 1.11 @@ -18,7 +18,7 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.152 2008/11/09 14:13:13 millert Exp $ +$Sudo: sudoers.pod,v 1.153 2008/11/15 18:34:01 millert Exp $ =pod =head1 NAME @@ -192,7 +192,7 @@ (or match the wildcards if there are any). Note that the following characters must be escaped with a '\' if they are used in command arguments: ',', ':', '=', '\'. The special command C<"sudoedit"> -is used to permit a user to run B with the B<-e> flag (or +is used to permit a user to run B with the B<-e> option (or as B). It may take command line arguments just as a normal command does. @@ -267,12 +267,12 @@ may be run as. A fully-specified C consists of two Cs (as defined above) separated by a colon (':') and enclosed in a set of parentheses. The first C indicates -which users the command may be run as via B's B<-u> flag. +which users the command may be run as via B's B<-u> option. The second defines a list of groups that can be specified via -B's B<-g> flag. If both Cs are specified, the +B's B<-g> option. If both Cs are specified, the command may be run with any combination of users and groups listed in their respective Cs. If only the first is specified, -the command may be run as any user in the list but no B<-g> flag +the command may be run as any user in the list but no B<-g> option may be specified. If the first C is empty but the second is specified, the command may be run as the invoking user with the group set to any listed in the C. If no @@ -504,7 +504,7 @@ If set, B will set the C environment variable to the home directory of the target user (which is root unless the B<-u> option is used). -This effectively means that the B<-H> flag is always implied. +This effectively means that the B<-H> option is always implied. This flag is I by default. =item authenticate @@ -689,16 +689,16 @@ =item set_home -If set and B is invoked with the B<-s> flag the C +If set and B is invoked with the B<-s> option the C environment variable will be set to the home directory of the target user (which is root unless the B<-u> option is used). This effectively -makes the B<-s> flag imply B<-H>. This flag is I by default. +makes the B<-s> option imply B<-H>. This flag is I by default. =item set_logname Normally, B will set the C, C and C environment variables to the name of the target user (usually root -unless the B<-u> flag is given). However, since some programs +unless the B<-u> option is given). However, since some programs (including the RCS revision control system) use C to determine the real identity of the user, it may be desirable to change this behavior. This can be done by negating the set_logname @@ -718,7 +718,7 @@ =item shell_noargs If set and B is invoked with no arguments it acts as if the -B<-s> flag had been given. That is, it runs a shell as root (the +B<-s> option had been given. That is, it runs a shell as root (the shell is determined by the C environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is I by default. @@ -737,9 +737,9 @@ =item targetpw If set, B will prompt for the password of the user specified by -the B<-u> flag (defaults to C) instead of the password of the +the B<-u> option (defaults to C) instead of the password of the invoking user. Note that this precludes the use of a uid not listed -in the passwd database as an argument to the B<-u> flag. +in the passwd database as an argument to the B<-u> option. This flag is I by default. =item tty_tickets @@ -895,7 +895,7 @@ =item runas_default -The default user to run commands as if the B<-u> flag is not specified +The default user to run commands as if the B<-u> option is not specified on the command line. This defaults to C<@runas_default@>. Note that if I is set it B occur before any C specifications. @@ -990,7 +990,7 @@ =item listpw This option controls when a password will be required when a -user runs B with the B<-l> flag. It has the following possible values: +user runs B with the B<-l> option. It has the following possible values: =over 8 @@ -1001,7 +1001,7 @@ =item always -The user must always enter a password to use the B<-l> flag. +The user must always enter a password to use the B<-l> option. =item any @@ -1010,7 +1010,7 @@ =item never -The user need never enter a password to use the B<-l> flag. +The user need never enter a password to use the B<-l> option. =back @@ -1063,7 +1063,7 @@ =item verifypw This option controls when a password will be required when a user runs -B with the B<-v> flag. It has the following possible values: +B with the B<-v> option. It has the following possible values: =over 8 @@ -1074,7 +1074,7 @@ =item always -The user must always enter a password to use the B<-v> flag. +The user must always enter a password to use the B<-v> option. =item any @@ -1083,7 +1083,7 @@ =item never -The user need never enter a password to use the B<-v> flag. +The user need never enter a password to use the B<-v> option. =back @@ -1297,7 +1297,7 @@ john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* On the I machines, user B may su to anyone except root -but he is not allowed to give L any flags. +but he is not allowed to specify any options to the L command. jen ALL, !SERVERS = ALL