From: Bdale Garbee Date: Fri, 20 Nov 2009 22:53:40 +0000 (-0700) Subject: quilting X-Git-Tag: debian/1.7.2p5-1~12 X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=1c7eee811d004785a22c21f61e22af5feb45501f;p=debian%2Fsudo quilting --- diff --git a/sample.sudoers b/sample.sudoers index cc35506..220df7f 100644 --- a/sample.sudoers +++ b/sample.sudoers @@ -46,8 +46,8 @@ Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification ## Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ - /usr/sbin/rrestore, /bin/mt -Cmnd_Alias KILL = /bin/kill + /usr/sbin/rrestore, /usr/bin/mt +Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt @@ -85,7 +85,7 @@ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ sudoedit /etc/printcap, /usr/oper/bin/ # joe may su only to operator -joe ALL = /bin/su operator +joe ALL = /usr/bin/su operator # pete may change passwords for anyone but root on the hp snakes pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root @@ -99,13 +99,13 @@ jim +biglab = ALL # users in the secretaries netgroup need to help manage the printers # as well as add and remove users -+secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser ++secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser # fred can run commands as oracle or sybase without a password fred ALL = (DB) NOPASSWD: ALL # on the alphas, john may su to anyone but root and flags are not allowed -john ALPHA = /bin/su [!-]*, !/bin/su *root* +john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* # jen can run anything on all machines except the ones # in the "SERVERS" Host_Alias diff --git a/sudo.man.in b/sudo.man.in index 23d330f..1188947 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -545,8 +545,8 @@ and, as such, it is not possible for \fBsudo\fR to preserve them. To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting current directory) last when searching for a command in the user's \&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0). Note, however, that the -\&\f(CW\*(C`PATH\*(C'\fR environment variable is further modified in Debian because of -the use of the \fI\s-1SECURE_PATH\s0\fR build option. +actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed +unchanged to the program that \fBsudo\fR executes. .PP \&\fBsudo\fR will check the ownership of its timestamp directory (\fI@timedir@\fR by default) and ignore the directory's contents if @@ -710,10 +710,6 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. \&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), @LCMAN@\&\fIlogin_cap\fR\|(3), \&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(5), \fIvisudo\fR\|(@mansectsu@) -.PP -The file /usr/share/doc/sudo/OPTIONS describes the options used for building -the Debian version of sudo, some of which change default behaviors documented -elsewhere in this document. .SH "AUTHORS" .IX Header "AUTHORS" Many people have worked on \fBsudo\fR over the years; this diff --git a/sudoers.man.in b/sudoers.man.in index b00bdc1..7b21d20 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -833,7 +833,7 @@ by default. .IP "passprompt_override" 16 .IX Item "passprompt_override" The password prompt specified by \fIpassprompt\fR will normally only -be used if the password prompt provided by systems such as \s-1PAM\s0 matches +be used if the passwod prompt provided by systems such as \s-1PAM\s0 matches the string \*(L"Password:\*(R". If \fIpassprompt_override\fR is set, \fIpassprompt\fR will always be used. This flag is \fIoff\fR by default. .IP "preserve_groups" 16 @@ -1061,12 +1061,6 @@ be run as (defaults to root) .el .IP "\f(CW%u\fR" 4 .IX Item "%u" expanded to the invoking user's login name -.ie n .IP "%p" 4 -.el .IP "\f(CW%p\fR" 4 -.IX Item "%p" -expanded to the user whose password is asked for (respects the presence of the -rootpw, targetpw or runaspw options in the configuration) - .ie n .IP "\*(C`%%\*(C'" 4 .el .IP "\f(CW\*(C`%%\*(C'\fR" 4 .IX Item "%%"