X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=visudo.cat;h=74be714137619a02b331fa7eddbfc8b1df8d813f;hb=83e3847cf7ae74e5b8e8fb2ca755b8ca114fcc90;hp=de2e7650b2db46b5cced1412dcac1e080b263fde;hpb=3a1004dc74b0fb7599a4d1f1805fcb798a562948;p=debian%2Fsudo diff --git a/visudo.cat b/visudo.cat index de2e765..74be714 100644 --- a/visudo.cat +++ b/visudo.cat @@ -11,95 +11,91 @@ SSYYNNOOPPSSIISS vviissuuddoo [--cc] [--qq] [--ss] [--VV] [--ff _s_u_d_o_e_r_s] DDEESSCCRRIIPPTTIIOONN - vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous - to _v_i_p_w(1m). vviissuuddoo locks the _s_u_d_o_e_r_s file against multi­ - ple simultaneous edits, provides basic sanity checks, and - checks for parse errors. If the _s_u_d_o_e_r_s file is currently - being edited you will receive a message to try again - later. - - There is a hard-coded list of editors that vviissuuddoo will use - set at compile-time that may be overridden via the _e_d_i_t_o_r - _s_u_d_o_e_r_s Default variable. This list defaults to the path - to _v_i(1) on your system, as determined by the _c_o_n_f_i_g_u_r_e - script. Normally, vviissuuddoo does not honor the VISUAL or - EDITOR environment variables unless they contain an editor - in the aforementioned editors list. However, if vviissuuddoo is - configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r flag or the _e_n_v___e_d_i_­ - _t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use - any the editor defines by VISUAL or EDITOR. Note that - this can be a security hole since it allows the user to - execute any program they wish simply by setting VISUAL or - EDITOR. - - vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not - save the changes if there is a syntax error. Upon finding - an error, vviissuuddoo will print a message stating the line - number(s) where the error occurred and the user will - receive the "What now?" prompt. At this point the user - may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit - without saving the changes, or "Q" to quit and save - changes. The "Q" option should be used with extreme care - because if vviissuuddoo believes there to be a parse error, so - will ssuuddoo and no one will be able to ssuuddoo again until the - error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file - after a parse error has been detected, the cursor will be - placed on the line where the error occurred (if the editor - supports this feature). + vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m). + vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, + provides basic sanity checks, and checks for parse errors. If the + _s_u_d_o_e_r_s file is currently being edited you will receive a message to + try again later. + + There is a hard-coded list of editors that vviissuuddoo will use set at + compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default + variable. This list defaults to the path to _v_i(1) on your system, as + determined by the _c_o_n_f_i_g_u_r_e script. Normally, vviissuuddoo does not honor + the VISUAL or EDITOR environment variables unless they contain an + editor in the aforementioned editors list. However, if vviissuuddoo is + configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r option or the _e_n_v___e_d_i_t_o_r Default + variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by + VISUAL or EDITOR. Note that this can be a security hole since it + allows the user to execute any program they wish simply by setting + VISUAL or EDITOR. + + vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the + changes if there is a syntax error. Upon finding an error, vviissuuddoo will + print a message stating the line number(s) where the error occurred and + the user will receive the "What now?" prompt. At this point the user + may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving + the changes, or "Q" to quit and save changes. The "Q" option should be + used with extreme care because if vviissuuddoo believes there to be a parse + error, so will ssuuddoo and no one will be able to ssuuddoo again until the + error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file after a + parse error has been detected, the cursor will be placed on the line + where the error occurred (if the editor supports this feature). OOPPTTIIOONNSS vviissuuddoo accepts the following command line options: - -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file - will be checked for syntax and a message will be - printed to the standard output detailing the status of - _s_u_d_o_e_r_s. If the syntax check completes successfully, - vviissuuddoo will exit with a value of 0. If a syntax error - is encountered, vviissuuddoo will exit with a value of 1. + -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file will be + checked for syntax and a message will be printed to the + standard output detailing the status of _s_u_d_o_e_r_s. If the + syntax check completes successfully, vviissuuddoo will exit with + a value of 0. If a syntax error is encountered, vviissuuddoo + will exit with a value of 1. - -f Specify and alternate _s_u_d_o_e_r_s file location. With + -f _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this + option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your + choice, instead of the default, _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s. The + lock file used is the specified _s_u_d_o_e_r_s file with ".tmp" + appended to it. + -q Enable qquuiieett mode. In this mode details about syntax -1.6.9p12 January 14, 2008 1 +1.7.0 November 15, 2008 1 -VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) - this option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s - file of your choice, instead of the default, - _/_e_t_c_/_s_u_d_o_e_r_s. The lock file used is the specified - _s_u_d_o_e_r_s file with ".tmp" appended to it. - -q Enable qquuiieett mode. In this mode details about syntax - errors are not printed. This option is only useful - when combined with the --cc flag. + errors are not printed. This option is only useful when + combined with the --cc option. - -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an - alias is used before it is defined, vviissuuddoo will con­ - sider this a parse error. Note that it is not possi­ - ble to differentiate between an alias and a hostname - or username that consists solely of uppercase letters, - digits, and the underscore ('_') character. + -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is + used before it is defined, vviissuuddoo will consider this a + parse error. Note that it is not possible to differentiate + between an alias and a hostname or username that consists + solely of uppercase letters, digits, and the underscore + ('_') character. - -V The --VV (version) option causes vviissuuddoo to print its - version number and exit. + -V The --VV (version) option causes vviissuuddoo to print its version + number and exit. EENNVVIIRROONNMMEENNTT - The following environment variables are used only if - vviissuuddoo was configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option: + The following environment variables may be consulted depending on the + value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s variables: VISUAL Invoked by visudo as the editor to use EDITOR Used by visudo if VISUAL is not set FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what - _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo + _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s List of who can run what + + _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s_._t_m_p + Lock file for visudo DDIIAAGGNNOOSSTTIICCSS sudoers file busy, try again later. @@ -111,45 +107,38 @@ DDIIAAGGNNOOSSTTIICCSS Can't find you in the passwd database Your userid does not appear in the system passwd file. - Warning: undeclared Alias referenced near ... - Either you are using a {User,Runas,Host,Cmnd}_Alias - before defining it or you have a user or hostname - listed that consists solely of uppercase letters, dig­ - its, and the underscore ('_') character. If the lat­ - ter, you can ignore the warnings (ssuuddoo will not com­ - plain). In --ss (strict) mode these are errors, not - warnings. + Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined + Either you are trying to use an undeclare + {User,Runas,Host,Cmnd}_Alias or you have a user or hostname listed + that consists solely of uppercase letters, digits, and the + underscore ('_') character. In the latter case, you can ignore the + warnings (ssuuddoo will not complain). In --ss (strict) mode these are + errors, not warnings. - Warning: runas_default set after old value is in use ... - You have a _r_u_n_a_s___d_e_f_a_u_l_t Defaults setting listed in - the _s_u_d_o_e_r_s file after its value has already been - used. This means that entries prior to the + Warning: unused {User,Runas,Host,Cmnd}_Alias + The specified {User,Runas,Host,Cmnd}_Alias was defined but never + used. You may wish to comment out or remove the unused alias. In + --ss (strict) mode this is an error, not a warning. +SSEEEE AALLSSOO + _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) -1.6.9p12 January 14, 2008 2 +1.7.0 November 15, 2008 2 -VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) - _r_u_n_a_s___d_e_f_a_u_l_t setting will match based on the default - value of _r_u_n_a_s___d_e_f_a_u_l_t (root) whereas entries aafftteerr - the _r_u_n_a_s___d_e_f_a_u_l_t setting will match based on the new - value. This is usually unintentional and in most - cases the setting should be placed - before any Runas_Alias or User specifications. In --ss - (strict) mode this is an error, not a warning. -SSEEEE AALLSSOO - _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) +VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) + AAUUTTHHOORR - Many people have worked on _s_u_d_o over the years; this ver­ - sion of vviissuuddoo was written by: + Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo + was written by: Todd Miller @@ -157,26 +146,37 @@ AAUUTTHHOORR http://www.sudo.ws/sudo/history.html for more details. CCAAVVEEAATTSS - There is no easy way to prevent a user from gaining a root - shell if the editor used by vviissuuddoo allows shell escapes. + There is no easy way to prevent a user from gaining a root shell if the + editor used by vviissuuddoo allows shell escapes. BBUUGGSS - If you feel you have found a bug in vviissuuddoo, please submit - a bug report at http://www.sudo.ws/sudo/bugs/ + If you feel you have found a bug in vviissuuddoo, please submit a bug report + at http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT - Limited free support is available via the sudo-users mail­ - ing list, see http://www.sudo.ws/mail­ - man/listinfo/sudo-users to subscribe or search the - archives. + Limited free support is available via the sudo-users mailing list, see + http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search + the archives. DDIISSCCLLAAIIMMEERR - vviissuuddoo is provided ``AS IS'' and any express or implied - warranties, including, but not limited to, the implied - warranties of merchantability and fitness for a particular - purpose are disclaimed. See the LICENSE file distributed - with ssuuddoo or http://www.sudo.ws/sudo/license.html for com­ - plete details. + vviissuuddoo is provided ``AS IS'' and any express or implied warranties, + including, but not limited to, the implied warranties of + merchantability and fitness for a particular purpose are disclaimed. + See the LICENSE file distributed with ssuuddoo or + http://www.sudo.ws/sudo/license.html for complete details. + + + + + + + + + + + + + @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.6.9p12 January 14, 2008 3 +1.7.0 November 15, 2008 3