update to what will soon be sudo 1.6.7

1 files changed, 81 insertions, 60 deletions

diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8
index fbdbfc31974..0040a8e9658 100644
--- a/usr.bin/sudo/sudo.8
+++ b/usr.bin/sudo/sudo.8
@@ -1,28 +1,25 @@
-.\" Automatically generated by Pod::Man version 1.15
-.\" Thu Apr 25 09:34:52 2002
-.\"
-.\" Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 1994-1996,1998-2003 Todd C. Miller <Todd.Miller@courtesan.com>
 .\" All rights reserved.
-.\"
+.\" 
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
-.\"
+.\" 
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
-.\"
+.\" 
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
-.\"
+.\" 
 .\" 3. The name of the author may not be used to endorse or promote products
 .\"    derived from this software without specific prior written permission
 .\"    from the author.
-.\"
+.\" 
 .\" 4. Products derived from this software may not be called "Sudo" nor
 .\"    may "Sudo" appear in their names without specific prior written
 .\"    permission from the author.
-.\"
+.\" 
 .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 .\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 .\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
@@ -33,9 +30,12 @@
 .\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 .\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" 
+.\" $Sudo: sudo.man.in,v 1.16 2003/03/15 20:33:31 millert Exp $
+.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
 .\"
 .\" Standard preamble:
-.\" ======================================================================
+.\" ========================================================================
 .de Sh \" Subsection heading
 .br
 .if t .Sp
@@ -48,12 +48,6 @@
 .if t .sp .5v
 .if n .sp
 ..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
 .de Vb \" Begin verbatim text
 .ft CW
 .nf
@@ -61,15 +55,14 @@
 ..
 .de Ve \" End verbatim text
 .ft R
-
 .fi
 ..
 .\" Set up some character translations and predefined strings.  \*(-- will
 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 .\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used
-.\" to do unbreakable dashes and therefore won't be available.  \*(C` and
-.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
+.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
+.\" expand to `' in nroff, nothing in troff, for use with C<>.
 .tr \(*W-|\(bv\*(Tr
 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
@@ -89,10 +82,10 @@
 .    ds R" ''
 'br\}
 .\"
-.\" If the F register is turned on, we'll generate index entries on stderr
-.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
-.\" index entries marked with X<> in POD.  Of course, you'll have to process
-.\" the output yourself in some meaningful fashion.
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
 .if \nF \{\
 .    de IX
 .    tm Index:\\$1\t\\n%\t"\\$2"
@@ -101,14 +94,13 @@
 .    rr F
 .\}
 .\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it
-.\" makes way too many mistakes in technical documents.
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
 .hy 0
 .if n .na
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
-.bd B 3
 .    \" fudge factors for nroff and troff
 .if n \{\
 .    ds #H 0
@@ -168,18 +160,17 @@
 .    ds Ae AE
 .\}
 .rm #[ #] #H #V #F C
-.\" ======================================================================
+.\" ========================================================================
 .\"
-.IX Title "sudo 8"
-.TH sudo 8 "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS"
-.UC
+.IX Title "SUDO 8"
+.TH SUDO 8 "March 13, 2003" "1.6.7" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudo \- execute a command as another user
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
 [ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ]
-[ \fB\-c\fR \fIclass\fR|\fI-\fR ] [ \fB\-a\fR \fIauth_type\fR ]
+[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ]
 [ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
@@ -216,55 +207,80 @@ or via the \fIsudoers\fR file.
 .SH "OPTIONS"
 .IX Header "OPTIONS"
 \&\fBsudo\fR accepts the following command line options:
-.Ip "\-V" 4
+.IP "\-V" 4
 .IX Item "-V"
 The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
 version number and exit.  If the invoking user is already root
 the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR
 was compiled with as well as the machine's local network addresses.
-.Ip "\-l" 4
+.IP "\-l" 4
 .IX Item "-l"
 The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and
 forbidden) commands for the user on the current host.
-.Ip "\-L" 4
+.IP "\-L" 4
 .IX Item "-L"
 The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters
 that may be set in a \fIDefaults\fR line along with a short description
 for each.  This option is useful in conjunction with \fIgrep\fR\|(1).
-.Ip "\-h" 4
+.IP "\-h" 4
 .IX Item "-h"
 The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
-.Ip "\-v" 4
+.IP "\-v" 4
 .IX Item "-v"
 If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
 user's timestamp, prompting for the user's password if necessary.
 This extends the \fBsudo\fR timeout for another \f(CW\*(C`5\*(C'\fR minutes
 (or whatever the timeout is set to in \fIsudoers\fR) but does not run
 a command.
-.Ip "\-k" 4
+.IP "\-k" 4
 .IX Item "-k"
 The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
 by setting the time on it to the epoch.  The next time \fBsudo\fR is
 run a password will be required.  This option does not require a password
 and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
 file.
-.Ip "\-K" 4
+.IP "\-K" 4
 .IX Item "-K"
 The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
 entirely.  Likewise, this option does not require a password.
-.Ip "\-b" 4
+.IP "\-b" 4
 .IX Item "-b"
 The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
 command in the background.  Note that if you use the \fB\-b\fR
 option you cannot use shell job control to manipulate the process.
-.Ip "\-p" 4
+.IP "\-p" 4
 .IX Item "-p"
 The \fB\-p\fR (\fIprompt\fR) option allows you to override the default
-password prompt and use a custom one.  If the password prompt
-contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's
-login name.  Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local
-hostname.
-.Ip "\-c" 4
+password prompt and use a custom one.  The following percent (`\f(CW\*(C`%\*(C'\fR')
+escapes are supported:
+.RS 4
+.ie n .IP "%u" 8
+.el .IP "\f(CW%u\fR" 8
+.IX Item "%u"
+expanded to the invoking user's login name
+.ie n .IP "%U" 8
+.el .IP "\f(CW%U\fR" 8
+.IX Item "%U"
+expanded to the login name of the user the command will
+be run as (defaults to root)
+.ie n .IP "%h" 8
+.el .IP "\f(CW%h\fR" 8
+.IX Item "%h"
+expanded to the local hostname without the domain name
+.ie n .IP "%H" 8
+.el .IP "\f(CW%H\fR" 8
+.IX Item "%H"
+expanded to the local hostname including the domain name
+(on if the machine's hostname is fully qualified or the \fIfqdn\fR
+sudoers option is set)
+.ie n .IP "\*(C`%%\*(C'" 8
+.el .IP "\f(CW\*(C`%%\*(C'\fR" 8
+.IX Item "%%"
+two consecutive \f(CW\*(C`%\*(C'\fR characters are collaped into a single \f(CW\*(C`%\*(C'\fR character
+.RE
+.RS 4
+.RE
+.IP "\-c" 4
 .IX Item "-c"
 The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
 with resources limited by the specified login class.  The \fIclass\fR
@@ -275,44 +291,44 @@ capabilities for the user the command is run as.  If the \fIclass\fR
 argument specifies an existing user class, the command must be run
 as root, or the \fBsudo\fR command must be run from a shell that is already
 root.  This option is only available on systems with \s-1BSD\s0 login classes
-where \fBsudo\fR has been configured with the \-\-with-logincap option.
-.Ip "\-a" 4
+where \fBsudo\fR has been configured with the \-\-with\-logincap option.
+.IP "\-a" 4
 .IX Item "-a"
 The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
 specified authentication type when validating the user, as allowed
 by /etc/login.conf.  The system administrator may specify a list
-of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
+of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R"
 entry in /etc/login.conf.  This option is only available on systems
 that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured
-with the \-\-with-bsdauth option.
-.Ip "\-u" 4
+with the \-\-with\-bsdauth option.
+.IP "\-u" 4
 .IX Item "-u"
 The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
 as a user other than \fIroot\fR.  To specify a \fIuid\fR instead of a
 \&\fIusername\fR, use \fI#uid\fR.
-.Ip "\-s" 4
+.IP "\-s" 4
 .IX Item "-s"
 The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
 environment variable if it is set or the shell as specified
 in \fIpasswd\fR\|(5).
-.Ip "\-H" 4
+.IP "\-H" 4
 .IX Item "-H"
 The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable
 to the homedir of the target user (root by default) as specified
 in \fIpasswd\fR\|(5).  By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR.
-.Ip "\-P" 4
+.IP "\-P" 4
 .IX Item "-P"
 The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve
 the user's group vector unaltered.  By default, \fBsudo\fR will initialize
 the group vector to the list of groups the target user is in.
 The real and effective group IDs, however, are still set to match
 the target user.
-.Ip "\-S" 4
+.IP "\-S" 4
 .IX Item "-S"
 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
 standard input instead of the terminal device.
-.Ip "\-\-" 4
-The \fB\--\fR flag indicates that \fBsudo\fR should stop processing command
+.IP "\-\-" 4
+The \fB\-\-\fR flag indicates that \fBsudo\fR should stop processing command
 line arguments.  It is most useful in conjunction with the \fB\-s\fR flag.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -335,7 +351,7 @@ unreachable.
 \&\fBsudo\fR tries to be safe when executing external commands.  Variables
 that control how dynamic loading and binding is done can be used
 to subvert the program that \fBsudo\fR runs.  To combat this the
-\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0
+\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP\-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0
 only) environment variables are removed from the environment passed
 on to all commands executed.  \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR,
 \&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR,
@@ -401,22 +417,26 @@ To get a file listing of an unreadable directory:
 .Vb 1
 \& % sudo ls /usr/local/protected
 .Ve
+.PP
 To list the home directory of user yazza on a machine where the
 filesystem holding ~yazza is not exported as root:
 .PP
 .Vb 1
 \& % sudo -u yazza ls ~yazza
 .Ve
+.PP
 To edit the \fIindex.html\fR file as user www:
 .PP
 .Vb 1
 \& % sudo -u www vi ~www/htdocs/index.html
 .Ve
+.PP
 To shutdown a machine:
 .PP
 .Vb 1
 \& % sudo shutdown -r +15 "quick reboot"
 .Ve
+.PP
 To make a usage listing of the directories in the /home
 partition.  Note that this runs the commands in a sub-shell
 to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
@@ -458,6 +478,7 @@ version consists of code written primarily by:
 \&        Todd Miller
 \&        Chris Jepeway
 .Ve
+.PP
 See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit
 http://www.sudo.ws/sudo/history.html for a short history
 of \fBsudo\fR.
@@ -486,4 +507,4 @@ that make setuid shell scripts unsafe on some operating systems
 are generally safe).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(5), \fIpasswd\fR\|(5), \fIvisudo\fR\|(8), \fIgrep\fR\|(1), \fIsu\fR\|(1).
+\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(5), \fIpasswd\fR\|(5), \fIvisudo\fR\|(8)