diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | doc/sudoers.man.in | 21 | ||||
| -rw-r--r-- | doc/sudoers.mdoc.in | 21 |
3 files changed, 23 insertions, 22 deletions
@@ -77,6 +77,9 @@ What's new in Sudo 1.9.7 options at the end, separate from output of configure script tests. Bug #820. + * Corrected the description of which groups may be specified via the + -g option in the Runas_Spec section. Bug #975. + What's new in Sudo 1.9.6p1 * Fixed a regression introduced in sudo 1.9.6 that resulted in an diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 73d769212..3923d9954 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "March 3, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "May 7, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -1224,19 +1224,16 @@ The first indicates which users the command may be run as via the \fB\-u\fR option. -The second defines a list of groups that can be specified via the +The second defines a list of groups that may be specified via the \fB\-g\fR -option in addition to any of the target user's groups. +option (in addition to any of the target user's groups). If both \fRRunas_List\fRs are specified, the command may be run with any combination of users and groups listed in their respective \fRRunas_List\fRs. If only the first is specified, the command may be run as any user -in the list but no -\fB\-g\fR -option -may be specified. +in the list and, optionally, with any group the target user belongs to. If the first \fRRunas_List\fR is empty but the @@ -1245,13 +1242,15 @@ with the group set to any listed in the \fRRunas_List\fR. If both \fRRunas_List\fRs -are empty, the command may only be run as the invoking user. +are empty, the command may only be run as the invoking user and the +group, if specified, must be one that the invoking user is a member of. If no \fRRunas_Spec\fR -is specified the command may be run as +is specified, the command may only be run as \fBroot\fR -and -no group may be specified. +and the group, if specified, must be one that +\fBroot\fR +is a member of. .PP A \fRRunas_Spec\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 644fb8473..ce7c07305 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd March 3, 2020 +.Dd May 7, 2021 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -1176,19 +1176,16 @@ The first indicates which users the command may be run as via the .Fl u option. -The second defines a list of groups that can be specified via the +The second defines a list of groups that may be specified via the .Fl g -option in addition to any of the target user's groups. +option (in addition to any of the target user's groups). If both .Li Runas_List Ns s are specified, the command may be run with any combination of users and groups listed in their respective .Li Runas_List Ns s. If only the first is specified, the command may be run as any user -in the list but no -.Fl g -option -may be specified. +in the list and, optionally, with any group the target user belongs to. If the first .Li Runas_List is empty but the @@ -1197,13 +1194,15 @@ with the group set to any listed in the .Li Runas_List . If both .Li Runas_List Ns s -are empty, the command may only be run as the invoking user. +are empty, the command may only be run as the invoking user and the +group, if specified, must be one that the invoking user is a member of. If no .Li Runas_Spec -is specified the command may be run as +is specified, the command may only be run as .Sy root -and -no group may be specified. +and the group, if specified, must be one that +.Sy root +is a member of. .Pp A .Li Runas_Spec |