X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=visudo.man.in;h=563fd3bcebd6363e1d5c2dc8328019e3b1178650;hb=f77e86575347d9b13db3615e7640c84dceafb0eb;hp=6caf2e743346a0a1e4e7018352ffa79a8c2ab094;hpb=a922b9e5432b28b092428393180b1a2c2569f708;p=debian%2Fsudo diff --git a/visudo.man.in b/visudo.man.in index 6caf2e7..563fd3b 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -1,4 +1,5 @@ -.\" Copyright (c) 1996,1998-2005, 2007 Todd C. Miller +.\" Copyright (c) 1996,1998-2005, 2007-2010 +.\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -17,19 +18,10 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.20.2.11 2007/10/09 13:30:48 millert Exp $ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -45,11 +37,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -68,22 +60,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -149,7 +144,11 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "October 9, 2007" "1.6.9p6" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "July 14, 2010" "1.7.4" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" @@ -163,14 +162,13 @@ simultaneous edits, provides basic sanity checks, and checks for parse errors. If the \fIsudoers\fR file is currently being edited you will receive a message to try again later. .PP -There is a hard-coded list of editors that \fBvisudo\fR will use set -at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR -\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on -your system, as determined by the \fIconfigure\fR script. Normally, +There is a hard-coded list of one or more editors that \fBvisudo\fR will +use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR +\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to \f(CW"@editor@"\fR. Normally, \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment variables unless they contain an editor in the aforementioned editors -list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR -flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, +list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-env\-editor\fR +option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. @@ -191,7 +189,7 @@ error occurred (if the editor supports this feature). .SH "OPTIONS" .IX Header "OPTIONS" \&\fBvisudo\fR accepts the following command line options: -.IP "\-c" 4 +.IP "\-c" 12 .IX Item "-c" Enable \fBcheck-only\fR mode. The existing \fIsudoers\fR file will be checked for syntax and a message will be printed to the @@ -199,32 +197,32 @@ standard output detailing the status of \fIsudoers\fR. If the syntax check completes successfully, \fBvisudo\fR will exit with a value of 0. If a syntax error is encountered, \&\fBvisudo\fR will exit with a value of 1. -.IP "\-f" 4 -.IX Item "-f" +.IP "\-f \fIsudoers\fR" 12 +.IX Item "-f sudoers" Specify and alternate \fIsudoers\fR file location. With this option \&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, instead of the default, \fI@sysconfdir@/sudoers\fR. The lock file used is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. -.IP "\-q" 4 +.IP "\-q" 12 .IX Item "-q" Enable \fBquiet\fR mode. In this mode details about syntax errors are not printed. This option is only useful when combined with -the \fB\-c\fR flag. -.IP "\-s" 4 +the \fB\-c\fR option. +.IP "\-s" 12 .IX Item "-s" Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is used before it is defined, \fBvisudo\fR will consider this a parse error. Note that it is not possible to differentiate between an -alias and a hostname or username that consists solely of uppercase +alias and a host name or user name that consists solely of uppercase letters, digits, and the underscore ('_') character. -.IP "\-V" 4 +.IP "\-V" 12 .IX Item "-V" The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number and exit. .SH "ENVIRONMENT" .IX Header "ENVIRONMENT" -The following environment variables are used only if \fBvisudo\fR -was configured with the \fI\-\-with\-env\-editor\fR option: +The following environment variables may be consulted depending on +the value of the \fIeditor\fR and \fIenv_editor\fR \fIsudoers\fR variables: .ie n .IP "\*(C`VISUAL\*(C'" 16 .el .IP "\f(CW\*(C`VISUAL\*(C'\fR" 16 .IX Item "VISUAL" @@ -235,44 +233,38 @@ Invoked by visudo as the editor to use Used by visudo if \s-1VISUAL\s0 is not set .SH "FILES" .IX Header "FILES" -.ie n .IP "\fI@sysconfdir@/sudoers\fR\*(C` \*(C'List of who can run what" 4 -.el .IP "\fI@sysconfdir@/sudoers\fR\f(CW\*(C` \*(C'\fRList of who can run what" 4 -.IX Item "@sysconfdir@/sudoers List of who can run what" -.PD 0 -.ie n .IP "\fI@sysconfdir@/sudoers.tmp\fR\*(C` \*(C'Lock file for visudo" 4 -.el .IP "\fI@sysconfdir@/sudoers.tmp\fR\f(CW\*(C` \*(C'\fRLock file for visudo" 4 -.IX Item "@sysconfdir@/sudoers.tmp Lock file for visudo" -.PD +.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers\fR" 24 +.IX Item "@sysconfdir@/sudoers" +List of who can run what +.ie n .IP "\fI@sysconfdir@/sudoers.tmp\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers.tmp\fR" 24 +.IX Item "@sysconfdir@/sudoers.tmp" +Lock file for visudo .SH "DIAGNOSTICS" .IX Header "DIAGNOSTICS" .IP "sudoers file busy, try again later." 4 .IX Item "sudoers file busy, try again later." Someone else is currently editing the \fIsudoers\fR file. -.IP "@sysconfdir@/sudoers.tmp: Permission denied" 4 +.ie n .IP "@sysconfdir@/sudoers.tmp: Permission denied" 4 +.el .IP "\f(CW@sysconfdir\fR@/sudoers.tmp: Permission denied" 4 .IX Item "@sysconfdir@/sudoers.tmp: Permission denied" You didn't run \fBvisudo\fR as root. .IP "Can't find you in the passwd database" 4 .IX Item "Can't find you in the passwd database" Your userid does not appear in the system passwd file. -.IP "Warning: undeclared Alias referenced near ..." 4 -.IX Item "Warning: undeclared Alias referenced near ..." -Either you are using a {User,Runas,Host,Cmnd}_Alias before -defining it or you have a user or hostname listed that -consists solely of uppercase letters, digits, and the -underscore ('_') character. If the latter, you can ignore -the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict) -mode these are errors, not warnings. -.IP "Warning: runas_default set after old value is in use ..." 4 -.IX Item "Warning: runas_default set after old value is in use ..." -You have a \fIrunas_default\fR Defaults setting listed in the \fIsudoers\fR -file after its value has already been used. This means that entries -prior to the \fIrunas_default\fR setting will match based on the default -value of \fIrunas_default\fR (\f(CW\*(C`@runas_default@\*(C'\fR) whereas entries -\&\fBafter\fR the \fIrunas_default\fR setting will match based on the new -value. This is usually unintentional and in most cases the - setting should be placed before any \f(CW\*(C`Runas_Alias\*(C'\fR -or User specifications. In \fB\-s\fR (strict) mode this is an error, -not a warning. +.IP "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" 4 +.IX Item "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" +Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias +or you have a user or host name listed that consists solely of +uppercase letters, digits, and the underscore ('_') character. In +the latter case, you can ignore the warnings (\fBsudo\fR will not +complain). In \fB\-s\fR (strict) mode these are errors, not warnings. +.IP "Warning: unused {User,Runas,Host,Cmnd}_Alias" 4 +.IX Item "Warning: unused {User,Runas,Host,Cmnd}_Alias" +The specified {User,Runas,Host,Cmnd}_Alias was defined but never +used. You may wish to comment out or remove the unused alias. In +\&\fB\-s\fR (strict) mode this is an error, not a warning. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8)