--- /dev/null
+--- /home/bdale/Desktop/sudo-1.7.2p1/sudo.pod 2009-06-15 15:19:47.000000000 -0600
++++ sudo/sudo.pod 2009-11-20 07:31:58.000000000 -0700
+@@ -452,8 +452,8 @@
+ To prevent command spoofing, B<sudo> checks "." and "" (both denoting
+ current directory) last when searching for a command in the user's
+ PATH (if one or both are in the PATH). Note, however, that the
+-actual C<PATH> environment variable is I<not> modified and is passed
+-unchanged to the program that B<sudo> executes.
++C<PATH> environment variable is further modified in Debian because of
++the use of the I<SECURE_PATH> build option.
+
+ B<sudo> will check the ownership of its timestamp directory
+ (F<@timedir@> by default) and ignore the directory's contents if
+@@ -616,6 +616,10 @@
+ L<login_cap(3)>,
+ L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
+
++The file /usr/share/doc/sudo/OPTIONS describes the options used for building
++the Debian version of sudo, some of which change default behaviors documented
++elsewhere in this document.
++
+ =head1 AUTHORS
+
+ Many people have worked on B<sudo> over the years; this
--- /dev/null
+--- /home/bdale/Desktop/sudo-1.7.2p1/sudoers.pod 2009-06-30 06:41:09.000000000 -0600
++++ sudo/sudoers.pod 2009-11-20 07:31:58.000000000 -0700
+@@ -93,7 +93,7 @@
+
+ Cmnd_Alias ::= NAME '=' Cmnd_List
+
+- NAME ::= [A-Z]([A-Z][0-9]_)*
++ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
+
+ Each I<alias> definition is of the form
+
+@@ -565,7 +565,7 @@
+
+ =over 16
+
+-=item always_set_home
++=item mail_badpass
+
+ If set, B<sudo> will set the C<HOME> environment variable to the home
+ directory of the target user (which is root unless the B<-u> option is used).
+@@ -1227,6 +1227,9 @@
+
+ =item env_delete
+
++Not effective due to security issues: only variables listed in
++I<env_keep> or I<env_check> can be passed through B<sudo>!
++
+ Environment variables to be removed from the user's environment
+ when the I<env_reset> option is not in effect. The argument may
+ be a double-quoted, space-separated list or a single value without
+@@ -1240,8 +1243,8 @@
+
+ =item env_keep
+
+-Environment variables to be preserved in the user's environment
+-when the I<env_reset> option is in effect. This allows fine-grained
++Environment variables to be preserved in the user's environment.
++This allows fine-grained
+ control over the environment B<sudo>-spawned processes will receive.
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes. The list can be replaced, added
+@@ -1282,6 +1285,15 @@
+ Below are example I<sudoers> entries. Admittedly, some of
+ these are a bit contrived. First, we define our I<aliases>:
+
++Below are example I<sudoers> entries. Admittedly, some of
++these are a bit contrived. First, we allow a few environment
++variables to pass and then define our I<aliases>:
++
++ # Run X applications through sudo; HOME is used to find .Xauthority file
++ # Note that some programs may use HOME for other purposes too and
++ # this may lead to privilege escalation!
++ Defaults env_keep = "DISPLAY HOME"
++
+ # User alias specification
+ User_Alias FULLTIMERS = millert, mikef, dowdy
+ User_Alias PARTTIMERS = bostley, jwfox, crawl
To prevent command spoofing, B<sudo> checks "." and "" (both denoting
current directory) last when searching for a command in the user's
PATH (if one or both are in the PATH). Note, however, that the
-C<PATH> environment variable is further modified in Debian because of
-the use of the I<SECURE_PATH> build option.
+actual C<PATH> environment variable is I<not> modified and is passed
+unchanged to the program that B<sudo> executes.
B<sudo> will check the ownership of its timestamp directory
(F<@timedir@> by default) and ignore the directory's contents if
L<login_cap(3)>,
L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
-The file /usr/share/doc/sudo/OPTIONS describes the options used for building
-the Debian version of sudo, some of which change default behaviors documented
-elsewhere in this document.
-
=head1 AUTHORS
Many people have worked on B<sudo> over the years; this
Cmnd_Alias ::= NAME '=' Cmnd_List
- NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
+ NAME ::= [A-Z]([A-Z][0-9]_)*
Each I<alias> definition is of the form
=over 16
-=item mail_badpass
+=item always_set_home
If set, B<sudo> will set the C<HOME> environment variable to the home
directory of the target user (which is root unless the B<-u> option is used).
=item env_delete
-Not effective due to security issues: only variables listed in
-I<env_keep> or I<env_check> can be passed through B<sudo>!
-
Environment variables to be removed from the user's environment
when the I<env_reset> option is not in effect. The argument may
be a double-quoted, space-separated list or a single value without
=item env_keep
-Environment variables to be preserved in the user's environment.
-This allows fine-grained
+Environment variables to be preserved in the user's environment
+when the I<env_reset> option is in effect. This allows fine-grained
control over the environment B<sudo>-spawned processes will receive.
The argument may be a double-quoted, space-separated list or a
single value without double-quotes. The list can be replaced, added
Below are example I<sudoers> entries. Admittedly, some of
these are a bit contrived. First, we define our I<aliases>:
-Below are example I<sudoers> entries. Admittedly, some of
-these are a bit contrived. First, we allow a few environment
-variables to pass and then define our I<aliases>:
-
- # Run X applications through sudo; HOME is used to find .Xauthority file
- # Note that some programs may use HOME for other purposes too and
- # this may lead to privilege escalation!
- Defaults env_keep = "DISPLAY HOME"
-
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
projects / debian / sudo / commitdiff