diff options
author | Todd C. Miller <Todd.Miller@courtesan.com> | 2014-03-05 06:06:26 -0700 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@courtesan.com> | 2014-03-05 06:06:26 -0700 |
commit | 6076a4bb948002223f77b0746e93d63c0dd5f9b3 (patch) | |
tree | 8a7a6bd9c4e3f637aa155961b0bc2c462e12fdaa | |
parent | 2cb0cdbcbfd4d6df988a271228183e3df3d1df02 (diff) | |
download | sudo-6076a4bb948002223f77b0746e93d63c0dd5f9b3.tar.gz |
Remove some extraneous markup; from Ingo Schwarze
* No need to explicitly end a macro with No before | because | counts
as middle punctuation and falls out of the macro, anyway.
* No need to explicitly re-open in-line macros after | because |
counts as middle punctuation and the macros resume afterwards,
anyway.
* Simplify the mnemonic remarks regarding the option letters, no need
for manual font and spacing control with No and Ns.
* Trim Ns No to just Ns, it already implies No.
-rw-r--r-- | sudo.mdoc.in | 90 | ||||
-rw-r--r-- | sudoers.ldap.mdoc.in | 18 | ||||
-rw-r--r-- | sudoers.mdoc.in | 34 | ||||
-rw-r--r-- | sudoreplay.mdoc.in | 12 | ||||
-rw-r--r-- | visudo.mdoc.in | 8 |
5 files changed, 81 insertions, 81 deletions
diff --git a/sudo.mdoc.in b/sudo.mdoc.in index 0afebcfc5..3be9cbe51 100644 --- a/sudo.mdoc.in +++ b/sudo.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014 .\" Todd C. Miller <Todd.Miller@courtesan.com> .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd December 8, 2013 +.Dd March 1, 2014 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -28,7 +28,7 @@ .Nd execute a command as another user .Sh SYNOPSIS .Nm sudo -.Fl h No | Fl K No | Fl k No | Fl L No | Fl V +.Fl h | Fl K | Fl k | Fl L | Fl V .Nm sudo .Fl v .Op Fl AknS @@ -36,13 +36,13 @@ .Op Fl a Ar auth_type .Ek .Bk -words -.Op Fl g Ar group name No | Ar #gid +.Op Fl g Ar group name | Ar #gid .Ek .Bk -words .Op Fl p Ar prompt .Ek .Bk -words -.Op Fl u Ar user name No | Ar #uid +.Op Fl u Ar user name | Ar #uid .Ek .Nm sudo .Fl l Ns Op Ar l @@ -51,7 +51,7 @@ .Op Fl a Ar auth_type .Ek .Bk -words -.Op Fl g Ar group name No | Ar #gid +.Op Fl g Ar group name | Ar #gid .Ek .Bk -words .Op Fl p Ar prompt @@ -60,7 +60,7 @@ .Op Fl U Ar user name .Ek .Bk -words -.Op Fl u Ar user name No | Ar #uid +.Op Fl u Ar user name | Ar #uid .Ek .Op Ar command .Nm sudo @@ -72,10 +72,10 @@ .Op Fl C Ar fd .Ek .Bk -words -.Op Fl c Ar class No | Ar - +.Op Fl c Ar class | Ar - .Ek .Bk -words -.Op Fl g Ar group name No | Ar #gid +.Op Fl g Ar group name | Ar #gid .Ek .Bk -words .Op Fl p Ar prompt @@ -87,13 +87,13 @@ .Op Fl t Ar type .Ek .Bk -words -.Op Fl u Ar user name No | Ar #uid +.Op Fl u Ar user name | Ar #uid .Ek .Bk -words .Op Sy VAR Ns = Ns Ar value .Ek .Bk -words -.Fl i No | Fl s +.Fl i | Fl s .Ek .Op Ar command .Nm sudoedit @@ -105,16 +105,16 @@ .Op Fl C Ar fd .Ek .Bk -words -.Op Fl c Ar class No | Ar - +.Op Fl c Ar class | Ar - .Ek .Bk -words -.Op Fl g Ar group name No | Ar #gid +.Op Fl g Ar group name | Ar #gid .Ek .Bk -words .Op Fl p Ar prompt .Ek .Bk -words -.Op Fl u Ar user name No | Ar #uid +.Op Fl u Ar user name | Ar #uid .Ek .Bk -words .Ar @@ -160,7 +160,7 @@ Normally, if .Nm sudo requires a password, it will read it from the user's terminal. If the -.Fl A No ( Em askpass Ns No ) +.Fl A Pq Em askpass option is specified, a (possibly graphical) helper program is executed to read the user's password and output the password to the standard output. @@ -178,7 +178,7 @@ If no askpass program is available, will exit with an error. .It Fl a Ar type The -.Fl a No ( Em "authentication type" Ns No ) +.Fl a Pq "authentication type" option causes .Nm sudo to use the specified authentication type when validating the user, @@ -192,7 +192,7 @@ entry in This option is only available on systems that support BSD authentication. .It Fl b The -.Fl b No ( Em background Ns No ) +.Fl b Pq Em background option tells .Nm sudo to run the given command in the background. @@ -207,7 +207,7 @@ Normally, will close all open file descriptors other than standard input, standard output and standard error. The -.Fl C No ( Em close from Ns No ) +.Fl C Pq Em close from option allows the user to specify a starting point above the standard error (file descriptor three). Values less than three are not permitted. @@ -217,7 +217,7 @@ option in .Xr sudoers @mansectform@ . .It Fl c Ar class The -.Fl c No ( Em class Ns No ) +.Fl c Pq Em class option causes .Nm sudo to run the command with resource limits and scheduling priority of @@ -245,7 +245,7 @@ be applied, if present. This option is only available on systems with BSD login classes. .It Fl E The -.Fl E No ( Em preserve environment Ns No ) +.Fl E Pq Em preserve environment option will override the .Em env_reset option in @@ -263,7 +263,7 @@ option is specified and the user does not have permission to preserve the environment. .It Fl e The -.Fl e No ( Em edit Ns No ) +.Fl e Pq Em edit option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the @@ -313,7 +313,7 @@ runs a command with the primary group set to the one specified by the password database for the user the command is being run as (by default, root). The -.Fl g No ( Em group Ns No ) +.Fl g Pq Em group option causes .Nm sudo to run the command with the primary group set to @@ -339,7 +339,7 @@ In either case, the primary group will be set to .Em group . .It Fl H The -.Fl H No ( Em HOME Ns No ) +.Fl H Pq Em HOME option option sets the .Ev HOME environment variable to the home directory of the target user (root @@ -364,13 +364,13 @@ is set and the option is specified on the command line. .It Fl h The -.Fl h No ( Em help Ns No ) +.Fl h Pq Em help option causes .Nm sudo to print a short help message to the standard output and exit. .It Fl i Op Ar command The -.Fl i No ( Em simulate initial login Ns No ) +.Fl i Pq Em simulate initial login option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as @@ -395,7 +395,7 @@ section below documents in detail how the option affects the environment in which a command is run. .It Fl K The -.Fl K No ( sure Em kill Ns No ) +.Fl K Pq sure Em kill option is like .Fl k except that it removes the user's time stamp file entirely and @@ -403,7 +403,7 @@ may not be used in conjunction with a command or other option. This option does not require a password. .It Fl k Op Ar command When used alone, the -.Fl k No ( Em kill Ns No ) +.Fl k Pq Em kill option to .Nm sudo invalidates the user's time stamp file. @@ -430,7 +430,7 @@ will prompt for a password (if one is required by and will not update the user's time stamp file. .It Fl L The -.Fl L No ( Em list No defaults Ns ) +.Fl L Pq Em list No defaults option will list the parameters that may be set in a .Em Defaults @@ -441,7 +441,7 @@ This option will be removed from a future version of If no .Ar command is specified, the -.Fl l No ( Em list Ns No ) +.Fl l Pq Em list option will list the allowed (and forbidden) commands for the invoking user (or the user specified by the .Fl U @@ -469,7 +469,7 @@ or if is specified multiple times, a longer list format is used. .It Fl n The -.Fl n No ( Em non-interactive Ns No ) +.Fl n Pq Em non-interactive option prevents .Nm sudo from prompting the user for a password. @@ -478,7 +478,7 @@ If a password is required for the command to run, will display an error message and exit. .It Fl P The -.Fl P No ( Em preserve group vector Ns No ) +.Fl P Pq Em preserve group vector option causes .Nm sudo to preserve the invoking user's group vector unaltered. @@ -490,7 +490,7 @@ The real and effective group IDs, however, are still set to match the target user. .It Fl p Ar prompt The -.Fl p No ( Em prompt Ns No ) +.Fl p Pq Em prompt option allows you to override the default password prompt and use a custom one. The following percent @@ -538,13 +538,13 @@ flag is disabled in .Em sudoers . .It Fl r Ar role The -.Fl r No ( Em role Ns No ) +.Fl r Pq Em role option causes the new (SELinux) security context to have the role specified by .Ar role . .It Fl S The -.Fl S ( Em stdin Ns No ) +.Fl S ( Em stdin Ns ) option causes .Nm sudo to read the password from the standard input instead of the terminal @@ -552,7 +552,7 @@ device. The password must be followed by a newline character. .It Fl s Op Ar command The -.Fl s ( Em shell Ns No ) +.Fl s ( Em shell Ns ) option runs the shell specified by the .Ev SHELL environment variable if it is set or the shell as specified in the @@ -564,7 +564,7 @@ option. If no command is specified, an interactive shell is executed. .It Fl t Ar type The -.Fl t ( Em type Ns No ) +.Fl t ( Em type Ns ) option causes the new (SELinux) security context to have the type specified by .Ar type . @@ -572,7 +572,7 @@ If no type is specified, the default type is derived from the specified role. .It Fl U Ar user The -.Fl U ( Em other user Ns No ) +.Fl U ( Em other user Ns ) option is used in conjunction with the .Fl l option to specify the user whose privileges should be listed. @@ -581,7 +581,7 @@ Only root or a user with the privilege on the current host may use this option. .It Fl u Ar user The -.Fl u ( Em user Ns No ) +.Fl u ( Em user Ns ) option causes .Nm sudo to run the specified command as a user other than @@ -605,7 +605,7 @@ it is not possible to run commands with a uid not listed in the password database. .It Fl V The -.Fl V ( Em version Ns No ) +.Fl V ( Em version Ns ) option causes .Nm sudo to print its version string and exit. @@ -618,7 +618,7 @@ was built as well a list of the defaults was compiled with as well as the machine's local network addresses. .It Fl v When given the -.Fl v ( Em validate Ns No ) +.Fl v ( Em validate Ns ) option, .Nm sudo will update the user's time stamp file, authenticating the user's @@ -640,9 +640,9 @@ should stop processing command line arguments. .Pp Environment variables to be set for the command may also be passed on the command line in the form of -.Sy VAR Ns No = Ns Em value , +.Sy VAR Ns = Ns Em value , e.g.\& -.Sy LD_LIBRARY_PATH Ns No = Ns Em /usr/local/pkg/lib . +.Sy LD_LIBRARY_PATH Ns = Ns Em /usr/local/pkg/lib . Variables passed on the command line are subject to the same restrictions as normal environment variables with one important exception. @@ -878,7 +878,7 @@ and, as such, it is not possible for to preserve them. .Pp As a special case, if -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl i option (initial login) is specified, @@ -1431,7 +1431,7 @@ If a user runs a command such as or .Li sudo sh , subsequent commands run from that shell are not subject to -.Nm sudo Ns No 's +.Nm sudo Ns 's security policy. The same is true for commands that offer shell escapes (including most editors). @@ -1628,7 +1628,7 @@ if that user is allowed to run arbitrary commands via .Nm sudo . Also, many programs (such as editors) allow the user to run commands via shell escapes, thus avoiding -.Nm sudo Ns No 's +.Nm sudo Ns 's checks. However, on most systems it is possible to prevent shell escapes with .Nm sudo ' s diff --git a/sudoers.ldap.mdoc.in b/sudoers.ldap.mdoc.in index 68d7dcd2f..b1d63172c 100644 --- a/sudoers.ldap.mdoc.in +++ b/sudoers.ldap.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com> +.\" Copyright (c) 2003-2014 Todd C. Miller <Todd.Miller@courtesan.com> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd July 12, 2012 +.Dd March 1, 2014 .Dt SUDOERS.LDAP @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -76,18 +76,18 @@ is no need for a specialized tool to check syntax. Another major difference between LDAP and file-based .Em sudoers is that in LDAP, -.Nm sudo Ns No -specific +.Nm sudo Ns -specific Aliases are not supported. .Pp For the most part, there is really no need for -.Nm sudo Ns No -specific +.Nm sudo Ns -specific Aliases. Unix groups or user netgroups can be used in place of User_Aliases and Runas_Aliases. Host netgroups can be used in place of Host_Aliases. Since Unix groups and netgroups can also be stored in LDAP there is no real need for -.Nm sudo Ns No -specific +.Nm sudo Ns -specific aliases. .Pp Cmnd_Aliases are not really required either since it is possible @@ -375,7 +375,7 @@ sudoHost: !web01 .Ed .Ss Sudoers schema In order to use -.Nm sudo Ns No 's +.Nm sudo Ns 's LDAP support, the .Nm sudo schema must be @@ -405,7 +405,7 @@ Sudo reads the file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. As such, most of the settings are not -.Nm sudo Ns No -specific. +.Nm sudo Ns -specific. Note that .Nm sudo parses @@ -501,9 +501,9 @@ The parameter specifies the amount of time, in seconds, to wait while trying to connect to an LDAP server. If multiple -.Sy URI Ns No s +.Sy URI Ns s or -.Sy HOST Ns No s +.Sy HOST Ns s are specified, this is the amount of time to wait before trying the next one in the list. .It Sy NETWORK_TIMEOUT Ar seconds diff --git a/sudoers.mdoc.in b/sudoers.mdoc.in index 7a403601c..e35dbf4c2 100644 --- a/sudoers.mdoc.in +++ b/sudoers.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2014 .\" Todd C. Miller <Todd.Miller@courtesan.com> .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd July 16, 2012 +.Dd March 1, 2014 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -167,7 +167,7 @@ non-Unix group names and IDs (prefixed with and .Ql %:# respectively) and -.Li User_Alias Ns No es. +.Li User_Alias Ns es. Each list item may be prefixed with zero or more .Ql \&! operators. @@ -237,9 +237,9 @@ is similar to a .Li User_List except that instead of -.Li User_Alias Ns No es +.Li User_Alias Ns es it can contain -.Li Runas_Alias Ns No es . +.Li Runas_Alias Ns es . Note that user names and groups are matched as strings. In other words, two @@ -459,7 +459,7 @@ may be run as. A fully-specified .Li Runas_Spec consists of two -.Li Runas_List Ns No s +.Li Runas_List Ns s (as defined above) separated by a colon .Pq Ql :\& and enclosed in a set of parentheses. @@ -467,18 +467,18 @@ The first .Li Runas_List indicates which users the command may be run as via -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl u option. The second defines a list of groups that can be specified via -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl g option. If both -.Li Runas_List Ns No s +.Li Runas_List Ns s are specified, the command may be run with any combination of users and groups listed in their respective -.Li Runas_List Ns No s. +.Li Runas_List Ns s. If only the first is specified, the command may be run as any user in the list but no .Fl g @@ -511,7 +511,7 @@ may run .Pa /bin/ls , .Pa /bin/kill , and -.Pa /usr/bin/lprm Ns No \(em Ns but +.Pa /usr/bin/lprm Ns \(em Ns but only as .Sy operator . E.g., @@ -630,7 +630,7 @@ and Once a tag is set on a .Li Cmnd , subsequent -.Li Cmnd Ns No s +.Li Cmnd Ns s in the .Li Cmnd_Spec_List , inherit the tag unless it is overridden by the opposite tag (in other words, @@ -1105,7 +1105,7 @@ when used as part of a word (e.g.\& a user name or host name): .Ql )\& , .Ql \e . .Sh SUDOERS OPTIONS -.Nm sudo Ns No 's +.Nm sudo Ns 's behavior can be modified by .Li Default_Entry lines, as explained earlier. @@ -1154,7 +1154,7 @@ This flag is by default. .It closefrom_override If set, the user may use -.Nm sudo Ns No 's +.Nm sudo Ns 's .Fl C option which overrides the default starting point at which .Nm sudo @@ -2373,7 +2373,7 @@ Environment variables to be preserved in the user's environment when the .Em env_reset option is in effect. This allows fine-grained control over the environment -.Nm sudo Ns No -spawned +.Nm sudo Ns -spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. @@ -2809,7 +2809,7 @@ executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue since it is not uncommon for a program to allow shell escapes, which lets a user bypass -.Nm sudo Ns No 's +.Nm sudo Ns 's access control and logging. Common programs that permit shell escapes include shells (obviously), editors, paginators, mail and terminal programs. @@ -2835,7 +2835,7 @@ variable (usually .Ev LD_PRELOAD ) to an alternate shared library. On such systems, -.Nm sudo Ns No 's +.Nm sudo Ns 's .Em noexec functionality can be used to prevent a program run by .Nm sudo diff --git a/sudoreplay.mdoc.in b/sudoreplay.mdoc.in index ca3ea3684..1bc9632b0 100644 --- a/sudoreplay.mdoc.in +++ b/sudoreplay.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com> +.\" Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd July 12, 2012 +.Dd March 1, 2014 .Dt SUDOREPLAY @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -72,7 +72,7 @@ log file. The .Em ID may also be determined using -.Nm sudoreplay Ns No 's +.Nm sudoreplay Ns 's list mode. .Pp In list mode, @@ -84,7 +84,7 @@ In replay mode, if the standard output has not been redirected, .Nm sudoreplay will act on the following keys: .Bl -tag -width 12n -.It So Li \ Sc No (space) +.It So Li \ Sc Pq space Pause output; press any key to resume. .It Ql < Reduce the playback speed by one half. @@ -115,7 +115,7 @@ and .Em ttyout . .It Fl h The -.Fl h No ( Em help Ns No ) +.Fl h Pq Em help option causes .Nm sudoreplay to print a short help message to the standard output and exit. @@ -236,7 +236,7 @@ of would make the output twice as slow. .It Fl V The -.Fl V No ( Em version Ns No ) +.Fl V Pq Em version option causes .Nm sudoreplay to print its version number diff --git a/visudo.mdoc.in b/visudo.mdoc.in index 187c9f3e4..c3e2eead1 100644 --- a/visudo.mdoc.in +++ b/visudo.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1996,1998-2005, 2007-2012 +.\" Copyright (c) 1996,1998-2005, 2007-2014 .\" Todd C. Miller <Todd.Miller@courtesan.com> .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd July 12, 2012 +.Dd March 1, 2014 .Dt VISUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -168,7 +168,7 @@ indicating that will be read from the standard input. .It Fl h The -.Fl h No ( Em help Ns No ) +.Fl h Pq Em help option causes .Nm visudo to print a short help message @@ -198,7 +198,7 @@ letters, digits, and the underscore character. .It Fl V The -.Fl V ( Em version Ns No ) +.Fl V ( Em version Ns ) option causes .Nm visudo to print its version number |