--- embedaddon/sudo/doc/sudoers.cat	2012/02/21 16:23:02	1.1.1.1
+++ embedaddon/sudo/doc/sudoers.cat	2012/05/29 12:26:49	1.1.1.2
@@ -65,10 +65,15 @@ DDEESSCCRRIIPPTTIIOONN
        distinct ways _s_u_d_o_e_r_s can deal with environment variables.
 
        By default, the _e_n_v___r_e_s_e_t option is enabled.  This causes commands to
-       be executed with a minimal environment containing TERM, PATH, HOME,
-       MAIL, SHELL, LOGNAME, USER and USERNAME in addition to variables from
-       the invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options.
-       This is effectively a whitelist for environment variables.
+       be executed with a new, minimal environment.  On AIX (and Linux systems
+       without PAM), the environment is initialized with the contents of the
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t file.  On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is
+       enabled, the environment is initialized based on the _p_a_t_h and _s_e_t_e_n_v
+       settings in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  The new environment contains the TERM,
+       PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables
+       in addition to variables from the invoking process permitted by the
+       _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options.  This is effectively a whitelist for
+       environment variables.
 
        If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not
        explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited
@@ -94,9 +99,16 @@ DDEESSCCRRIIPPTTIIOONN
        _s_u_d_o_e_r_s will initialize the environment regardless of the value of
        _e_n_v___r_e_s_e_t.  The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged;
        _H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user.
-       On Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also
-       included.  All other environment variables are removed.
+       On AIX (and Linux systems without PAM), the contents of
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also included.  On BSD systems, if the
+       _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the _p_a_t_h and _s_e_t_e_n_v variables in
+       _/_e_t_c_/_l_o_g_i_n_._c_o_n_f are also applied.  All other environment variables are
+       removed.
 
+       Finally, if the _e_n_v___f_i_l_e option is defined, any variables present in
+       that file will be set to their specified values as long as they would
+       not conflict with an existing environment variable.
+
 SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        The _s_u_d_o_e_r_s file is composed of two types of entries: aliases
        (basically variables) and user specifications (which specify who may
@@ -198,11 +210,11 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        below).  For instance, the QAS AD plugin supports the following
        formats:
 
-       +o   Group in the same domain: "Group Name"
+       o   Group in the same domain: "Group Name"
 
-       +o   Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN"
+       o   Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN"
 
-       +o   Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567"
+       o   Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567"
 
        Note that quotes around group names are optional.  Unquoted strings
        must use a backslash (\) to escape spaces and special characters.  See
@@ -473,7 +485,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
 
         aaron  shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
 
-       See the "PREVENTING SHELL ESCAPES" section below for more details on
+       See the "Preventing Shell Escapes" section below for more details on
        how NOEXEC works and whether or not it will work on your system.
 
        _S_E_T_E_N_V _a_n_d _N_O_S_E_T_E_N_V
@@ -560,9 +572,17 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        A hard limit of 128 nested include files is enforced to prevent include
        file loops.
 
-       The file name may include the %h escape, signifying the short form of
-       the host name.  I.e., if the machine's host name is "xerxes", then
+       If the path to the include file is not fully-qualified (does not begin
+       with a _/), it must be located in the same directory as the sudoers file
+       it was included from.  For example, if _/_e_t_c_/_s_u_d_o_e_r_s contains the line:
 
+           #include sudoers.local
+
+       the file that will be included is _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l.
+
+       The file name may also include the %h escape, signifying the short form
+       of the host name.  I.e., if the machine's host name is "xerxes", then
+
        #include /etc/sudoers.%h
 
        will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s.
@@ -662,15 +682,18 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        use the EDITOR or VISUAL if they match a value
                        specified in editor.  This flag is _o_f_f by default.
 
-       env_reset       If set, ssuuddoo will reset the environment to only contain
-                       the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
-                       variables.  Any variables in the caller's environment
-                       that match the env_keep and env_check lists are then
-                       added.  The default contents of the env_keep and
-                       env_check lists are displayed when ssuuddoo is run by root
-                       with the _-_V option.  If the _s_e_c_u_r_e___p_a_t_h option is set,
-                       its value will be used for the PATH environment
-                       variable.  This flag is _o_n by default.
+       env_reset       If set, ssuuddoo will run the command in a minimal
+                       environment containing the TERM, PATH, HOME, MAIL,
+                       SHELL, LOGNAME, USER, USERNAME and SUDO_* variables.
+                       Any variables in the caller's environment that match
+                       the env_keep and env_check lists are then added,
+                       followed by any variables present in the file specified
+                       by the _e_n_v___f_i_l_e option (if any).  The default contents
+                       of the env_keep and env_check lists are displayed when
+                       ssuuddoo is run by root with the _-_V option.  If the
+                       _s_e_c_u_r_e___p_a_t_h option is set, its value will be used for
+                       the PATH environment variable.  This flag is _o_n by
+                       default.
 
        fast_glob       Normally, ssuuddoo uses the _g_l_o_b(3) function to do shell-
                        style globbing when matching path names.  However,
@@ -800,7 +823,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
        noexec          If set, all commands run via ssuuddoo will behave as if the
                        NOEXEC tag has been set, unless overridden by a EXEC
                        tag.  See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as
-                       well as the "PREVENTING SHELL ESCAPES" section at the
+                       well as the "Preventing Shell Escapes" section at the
                        end of this manual.  This flag is _o_f_f by default.
 
        path_info       Normally, ssuuddoo will tell the user when a command could
@@ -1087,9 +1110,9 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        %h will expand to the host name of the machine.
                        Default is *** SECURITY information for %h ***.
 
-       noexec_file     This option is deprecated and will be removed in a
-                       future release of ssuuddoo.  The path to the noexec file
-                       should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
+       noexec_file     This option is no longer supported.  The path to the
+                       noexec file should now be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
+                       file.
 
        passprompt      The default prompt to use when asking for a password;
                        can be overridden via the --pp option or the SUDO_PROMPT
@@ -1158,8 +1181,8 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
 
        SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
 
-       env_file    The _e_n_v___f_i_l_e options specifies the fully qualified path to
-                   a file containing variables to be set in the environment of
+       env_file    The _e_n_v___f_i_l_e option specifies the fully qualified path to a
+                   file containing variables to be set in the environment of
                    the program being run.  Entries in this file should either
                    be of the form VARIABLE=value or export VARIABLE=value.
                    The value may optionally be surrounded by single or double
@@ -1325,7 +1348,113 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        variables to keep is displayed when ssuuddoo is run by root
                        with the _-_V option.
 
+SSUUDDOO..CCOONNFF
+       The _/_e_t_c_/_s_u_d_o_._c_o_n_f file determines which plugins the ssuuddoo front end
+       will load.  If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it contains no
+       Plugin lines, ssuuddoo will use the _s_u_d_o_e_r_s security policy and I/O
+       logging, which corresponds to the following _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
+
+        #
+        # Default /etc/sudo.conf file
+        #
+        # Format:
+        #   Plugin plugin_name plugin_path plugin_options ...
+        #   Path askpass /path/to/askpass
+        #   Path noexec /path/to/sudo_noexec.so
+        #   Debug sudo /var/log/sudo_debug all@warn
+        #   Set disable_coredump true
+        #
+        # The plugin_path is relative to /usr/local/libexec unless
+        #   fully qualified.
+        # The plugin_name corresponds to a global symbol in the plugin
+        #   that contains the plugin interface structure.
+        # The plugin_options are optional.
+        #
+        Plugin policy_plugin sudoers.so
+        Plugin io_plugin sudoers.so
+
+   PPLLUUGGIINN OOPPTTIIOONNSS
+       Starting with ssuuddoo 1.8.5 it is possible to pass options to the _s_u_d_o_e_r_s
+       plugin.  Options may be listed after the path to the plugin (i.e. after
+       _s_u_d_o_e_r_s_._s_o); multiple options should be space-separated.  For example:
+
+        Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440
+
+       The following plugin options are supported:
+
+       sudoers_file=pathname
+                 The _s_u_d_o_e_r_s___f_i_l_e option can be used to override the default
+                 path to the _s_u_d_o_e_r_s file.
+
+       sudoers_uid=uid
+                 The _s_u_d_o_e_r_s___u_i_d option can be used to override the default
+                 owner of the sudoers file.  It should be specified as a
+                 numeric user ID.
+
+       sudoers_gid=gid
+                 The _s_u_d_o_e_r_s___g_i_d option can be used to override the default
+                 group of the sudoers file.  It should be specified as a
+                 numeric group ID.
+
+       sudoers_mode=mode
+                 The _s_u_d_o_e_r_s___m_o_d_e option can be used to override the default
+                 file mode for the sudoers file.  It should be specified as an
+                 octal value.
+
+   DDEEBBUUGG FFLLAAGGSS
+       Versions 1.8.4 and higher of the _s_u_d_o_e_r_s plugin supports a debugging
+       framework that can help track down what the plugin is doing internally
+       if there is a problem.  This can be configured in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
+       file as described in _s_u_d_o(1m).
+
+       The _s_u_d_o_e_r_s plugin uses the same debug flag format as ssuuddoo itself:
+       _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y.
+
+       The priorities used by _s_u_d_o_e_r_s, in order of decreasing severity, are:
+       _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.  Each priority,
+       when specified, also includes all priorities higher than it.  For
+       example, a priority of _n_o_t_i_c_e would include debug messages logged at
+       _n_o_t_i_c_e and higher.
+
+       The following subsystems are used by _s_u_d_o_e_r_s:
+
+       _a_l_i_a_s     User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing
+
+       _a_l_l       matches every subsystem
+
+       _a_u_d_i_t     BSM and Linux audit code
+
+       _a_u_t_h      user authentication
+
+       _d_e_f_a_u_l_t_s  _s_u_d_o_e_r_s _D_e_f_a_u_l_t_s settings
+
+       _e_n_v       environment handling
+
+       _l_d_a_p      LDAP-based sudoers
+
+       _l_o_g_g_i_n_g   logging support
+
+       _m_a_t_c_h     matching of users, groups, hosts and netgroups in _s_u_d_o_e_r_s
+
+       _n_e_t_i_f     network interface handling
+
+       _n_s_s       network service switch handling in _s_u_d_o_e_r_s
+
+       _p_a_r_s_e_r    _s_u_d_o_e_r_s file parsing
+
+       _p_e_r_m_s     permission setting
+
+       _p_l_u_g_i_n    The equivalent of _m_a_i_n for the plugin.
+
+       _p_t_y       pseudo-tty related code
+
+       _r_b_t_r_e_e    redblack tree internals
+
+       _u_t_i_l      utility functions
+
 FFIILLEESS
+       _/_e_t_c_/_s_u_d_o_._c_o_n_f          Sudo front end configuration
+
        _/_e_t_c_/_s_u_d_o_e_r_s            List of who can run what
 
        _/_e_t_c_/_g_r_o_u_p              Local groups file
@@ -1337,8 +1466,8 @@ FFIILLEESS
        _/_v_a_r_/_a_d_m_/_s_u_d_o           Directory containing time stamps for the
                                _s_u_d_o_e_r_s security policy
 
-       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t        Initial environment for --ii mode on Linux and
-                               AIX
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t        Initial environment for --ii mode on AIX and
+                               Linux systems
 
 EEXXAAMMPPLLEESS
        Below are example _s_u_d_o_e_r_s entries.  Admittedly, some of these are a bit
@@ -1521,6 +1650,7 @@ EEXXAAMMPPLLEESS
        encapsulating in a shell script.
 
 SSEECCUURRIITTYY NNOOTTEESS
+   LLiimmiittaattiioonnss ooff tthhee ''!!'' ooppeerraattoorr
        It is generally not effective to "subtract" commands from ALL using the
        '!' operator.  A user can trivially circumvent this by copying the
        desired command to a different name and then executing that.  For
@@ -1534,13 +1664,19 @@ SSEECCUURRIITTYY NNOOTTEESS
        kind of restrictions should be considered advisory at best (and
        reinforced by policy).
 
-       Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to
-       reliably negate commands where the path name includes globbing (aka
-       wildcard) characters.  This is because the C library's _f_n_m_a_t_c_h(3)
-       function cannot resolve relative paths.  While this is typically only
-       an inconvenience for rules that grant privileges, it can result in a
-       security issue for rules that subtract or revoke privileges.
+       In general, if a user has sudo ALL there is nothing to prevent them
+       from creating their own program that gives them a root shell (or making
+       their own copy of a shell) regardless of any '!' elements in the user
+       specification.
 
+   SSeeccuurriittyy iimmpplliiccaattiioonnss ooff _f_a_s_t___g_l_o_b
+       If the _f_a_s_t___g_l_o_b option is in use, it is not possible to reliably
+       negate commands where the path name includes globbing (aka wildcard)
+       characters.  This is because the C library's _f_n_m_a_t_c_h(3) function cannot
+       resolve relative paths.  While this is typically only an inconvenience
+       for rules that grant privileges, it can result in a security issue for
+       rules that subtract or revoke privileges.
+
        For example, given the following _s_u_d_o_e_r_s entry:
 
         john   ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
@@ -1549,7 +1685,7 @@ SSEECCUURRIITTYY NNOOTTEESS
        User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by
        changing to _/_u_s_r_/_b_i_n and running ./passwd root instead.
 
-PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
+   PPrreevveennttiinngg SShheellll EEssccaappeess
        Once ssuuddoo executes a program, that program is free to do whatever it
        pleases, including run other programs.  This can be a security issue
        since it is not uncommon for a program to allow shell escapes, which
@@ -1606,7 +1742,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSC
        privilege escalation.  In the specific case of an editor, a safer
        approach is to give the user permission to run ssuuddooeeddiitt.
 
-SSEECCUURRIITTYY NNOOTTEESS
+   TTiimmee ssttaammpp ffiillee cchheecckkss
        _s_u_d_o_e_r_s will check the ownership of its time stamp directory
        (_/_v_a_r_/_a_d_m_/_s_u_d_o by default) and ignore the directory's contents if it is
        not owned by root or if it is writable by a user other than root.  On
@@ -1645,11 +1781,6 @@ SSEECCUURRIITTYY NNOOTTEESS
        Administrators should not rely on this feature as it is not universally
        available.
 
-       If users have sudo ALL there is nothing to prevent them from creating
-       their own program that gives them a root shell (or making their own
-       copy of a shell) regardless of any '!' elements in the user
-       specification.
-
 SSEEEE AALLSSOO
        _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _m_k_t_e_m_p(3), _s_t_r_f_t_i_m_e(3),
        _s_u_d_o_e_r_s_._l_d_a_p(4), _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o(1m), _v_i_s_u_d_o(1m)
@@ -1683,4 +1814,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.3                         September 16, 2011                    SUDOERS(4)
+1.8.5                           March 28, 2012                      SUDOERS(4)