Imported Upstream version 1.6.9p11

[debian/sudo] / sudoers.pod

diff --git a/sudoers.pod b/sudoers.pod
index f40d2a15752900aa020ba4fa659cef311e6aecd7..91dfd8494465d7f01822172530e6d7f6e8d92e2e 100644 (file)
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -19,7 +19,7 @@ Sponsored in part by the Defense Advanced Research Projects
 Agency (DARPA) and Air Force Research Laboratory, Air Force
 Materiel Command, USAF, under agreement number F39502-99-1-0512.
 
-$Sudo: sudoers.pod,v 1.95.2.20 2007/08/27 19:52:28 millert Exp $
+$Sudo: sudoers.pod,v 1.95.2.23 2008/01/05 23:59:42 millert Exp $
 =pod
 
 =head1 NAME
@@ -336,7 +336,9 @@ basis.  Note that if C<SETENV> has been set for a command, any
 environment variables set on the command line way are not subject
 to the restrictions imposed by I<env_check>, I<env_delete>, or
 I<env_keep>.  As such, only trusted users should be allowed to set
-variables in this manner.
+variables in this manner.  If the command matched is B<ALL>, the
+C<SETENV> tag is implied for that command; this default may
+be overridden by use of the C<UNSETENV> tag.
 
 =head2 Wildcards
 
@@ -577,6 +579,13 @@ the user's C<PATH>, B<sudo> will tell the user that they are not
 allowed to run it, which can be confusing.  This flag is I<@path_info@>
 by default.
 
+=item passprompt_override
+
+The password prompt specified by I<passprompt> will normally only
+be used if the passwod prompt provided by systems such as PAM matches
+the string "Password:".  If I<passprompt_override> is set, I<passprompt>
+will always be used.  This flag is I<off> by default.
+
 =item preserve_groups
 
 By default B<sudo> will initialize the group vector to the list of
@@ -777,6 +786,11 @@ option is set)
 
 expanded to the local hostname without the domain name
 
+=item C<%p>
+
+expanded to the user whose password is being asked for (respects the 
+I<rootpw>, I<targetpw> and I<runaspw> flags in I<sudoers>)
+
 =item C<%U>
 
 expanded to the login name of the user the command will