=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/visudo.8,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- src/usr.bin/sudo/Attic/visudo.8 2003/03/15 21:23:54 1.10 +++ src/usr.bin/sudo/Attic/visudo.8 2004/09/28 15:10:51 1.11 @@ -1,38 +1,24 @@ .\" Copyright (c) 1996,1998-2003 Todd C. Miller -.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission -.\" from the author. -.\" -.\" 4. Products derived from this software may not be called "Sudo" nor -.\" may "Sudo" appear in their names without specific prior written -.\" permission from the author. -.\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $Sudo: visudo.man.in,v 1.14 2003/03/15 20:33:31 millert Exp $ -.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13 +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.\" $Sudo: visudo.man.in,v 1.21 2004/09/06 20:46:28 millert Exp $ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: .\" ======================================================================== @@ -163,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO 8" -.TH VISUDO 8 "March 13, 2003" "1.6.7" "MAINTENANCE COMMANDS" +.TH VISUDO 8 "September 6, 2004" "1.6.8" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" @@ -172,7 +158,7 @@ .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to -\&\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple +vipw(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the \fIsudoers\fR file is currently being edited you will receive a message to try again later. @@ -181,13 +167,13 @@ at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR \&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on your system, as determined by the \fIconfigure\fR script. Normally, -\&\fBvisudo\fR does not honor the \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR environment +\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment variables unless they contain an editor in the aforementioned editors list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, -\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. +\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. Note that this can be a security hole since it allows the user to -execute any program they wish simply by setting \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. +execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. .PP \&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will not save the changes if there is a syntax error. Upon finding @@ -217,7 +203,7 @@ .IX Item "-f" Specify and alternate \fIsudoers\fR file location. With this option \&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, -instead of the default, \f(CW@sysconfdir\fR@/sudoers. The lock file used +instead of the default, \fI/etc/sudoers\fR. The lock file used is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. .IP "\-q" 4 .IX Item "-q" @@ -235,8 +221,23 @@ .IX Item "-V" The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number and exit. -.SH "ERRORS" -.IX Header "ERRORS" +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +The following environment variables are used only if \fBvisudo\fR +was configured with the \fI\-\-with\-env\-editor\fR option: +.PP +.Vb 2 +\& VISUAL Invoked by visudo as the editor to use +\& EDITOR Used by visudo if VISUAL is not set +.Ve +.SH "FILES" +.IX Header "FILES" +.Vb 2 +\& /etc/sudoers List of who can run what +\& /etc/sudoers.tmp Lock file for visudo +.Ve +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" .IP "sudoers file busy, try again later." 4 .IX Item "sudoers file busy, try again later." Someone else is currently editing the \fIsudoers\fR file. @@ -254,46 +255,51 @@ underscore ('_') character. If the latter, you can ignore the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict) mode these are errors, not warnings. -.SH "ENVIRONMENT" -.IX Header "ENVIRONMENT" -The following environment variables are used only if \fBvisudo\fR -was configured with the \fI\-\-with\-env\-editor\fR option: -.PP -.Vb 2 -\& EDITOR Invoked by visudo as the editor to use -\& VISUAL Used Invoked visudo if EDITOR is not set -.Ve -.SH "FILES" -.IX Header "FILES" -.Vb 2 -\& /etc/sudoers List of who can run what -\& /etc/sudoers.tmp Lock file for visudo -.Ve +.IP "Warning: runas_default set after old value is in use ..." 4 +.IX Item "Warning: runas_default set after old value is in use ..." +You have a \fIrunas_default\fR Defaults setting listed in the \fIsudoers\fR +file after its value has already been used. This means that entries +prior to the \fIrunas_default\fR setting will match based on the default +value of \fIrunas_default\fR (\f(CW\*(C`root\*(C'\fR) whereas entries +\&\fBafter\fR the \fIrunas_default\fR setting will match based on the new +value. This is usually unintentional and in most cases the + setting should be placed before any \f(CW\*(C`Runas_Alias\*(C'\fR +or User specifications. In \fB\-s\fR (strict) mode this is an error, +not a warning. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIvi\fR\|(1), sudoers(5), sudo(8), vipw(8) .SH "AUTHOR" .IX Header "AUTHOR" Many people have worked on \fIsudo\fR over the years; this version of \&\fBvisudo\fR was written by: .PP .Vb 1 -\& Todd Miller +\& Todd Miller .Ve .PP See the \s-1HISTORY\s0 file in the sudo distribution or visit http://www.sudo.ws/sudo/history.html for more details. +.SH "CAVEATS" +.IX Header "CAVEATS" +There is no easy way to prevent a user from gaining a root shell if +the editor used by \fBvisudo\fR allows shell escapes. .SH "BUGS" .IX Header "BUGS" -If you feel you have found a bug in sudo, please submit a bug report +If you feel you have found a bug in \fBvisudo\fR, please submit a bug report at http://www.sudo.ws/sudo/bugs/ +.SH "SUPPORT" +.IX Header "SUPPORT" +Commercial support is available for \fBsudo\fR, see +http://www.sudo.ws/sudo/support.html for details. +.PP +Limited free support is available via the sudo-users mailing list, +see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or +search the archives. .SH "DISCLAIMER" .IX Header "DISCLAIMER" \&\fBVisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability -and fitness for a particular purpose are disclaimed. -See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details. -.SH "CAVEATS" -.IX Header "CAVEATS" -There is no easy way to prevent a user from gaining a root shell if -the editor used by \fBvisudo\fR allows shell escapes. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIvi\fR\|(1), \fIsudoers\fR\|(5), \fIsudo\fR\|(8), \fIvipw\fR\|(8) +and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0 +file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html +for complete details.