[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/02 17:48:20

  Modified:    xml/htdocs/doc/en/draft sudo-guide.xml
  Log:
  Fix spelling mistakes, add %group information

Revision  Changes    Path
1.2       +19 -9     xml/htdocs/doc/en/draft/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-guide.xml	2 Aug 2005 16:14:21 -0000	1.1
+++ sudo-guide.xml	2 Aug 2005 17:48:20 -0000	1.2
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.1 2005/08/02 16:14:21 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.2 2005/08/02 17:48:20 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -34,7 +34,7 @@
 <p>
 The <c>app-admin/sudo</c> package allows the system administrator to grant
 permission to other users to execute one or more applications they would
-normally have no access to. Unlike using the <e>setuid</e> bit on these
+normally have no right to. Unlike using the <e>setuid</e> bit on these
 applications <c>sudo</c> gives a more fine-grained control on <e>who</e> can
 execute a certain command and <e>when</e>.
 </p>
@@ -57,7 +57,7 @@
 
 <p>
 One additional advantage of <c>sudo</c> is that it can log any attempt
-(succesful or not) to run an application. This is very useful if you want to
+(successful or not) to run an application. This is very useful if you want to
 track who made that one fatal mistake that took you 10 hours to fix :)
 </p>
 
@@ -126,6 +126,16 @@
 </pre>
 
 <p>
+The user name can also be substituted with a group name - in this case you should
+start the group name with a <c>%</c> sign. For instance, to allow any one in
+the <c>wheel</c> group to execute <c>emerge</c>:
+</p>
+
+<pre caption="Allowing the wheel group members to execute emerge">
+%wheel  localhost = /usr/bin/emerge
+</pre>
+
+<p>
 You can extend the line to allow for several commands (instead of making a
 single entry for each command). For instance, to allow the same user to not only
 run <c>emerge</c> but also <c>ebuild</c> and <c>emerge-webrsync</c> as root:
@@ -297,8 +307,8 @@
 </p>
 
 <p>
-Of course, this behaviour can be changed: you can set the <c>Defaults:</c>
-directive in <path>/etc/sudoers</path> to change the default behaviour for a
+Of course, this behavior can be changed: you can set the <c>Defaults:</c>
+directive in <path>/etc/sudoers</path> to change the default behavior for a
 user.
 </p>
 
@@ -311,7 +321,7 @@
 </pre>
 
 <p>
-A setting of <c>-1</c> would remember the password indefinately (until the
+A setting of <c>-1</c> would remember the password indefinitely (until the
 system reboots).
 </p>
 
@@ -319,7 +329,7 @@
 A different setting would be to require the password of the user that the
 command should be run as and not the users' personal password. This is 
 accomplished using <c>runaspw</c>. In the following example we
-also set the amount of retries (how many times the user can re-enter a password
+also set the number of retries (how many times the user can re-enter a password
 before <c>sudo</c> fails) to <c>2</c> instead of the default 3:
 </p>
 
@@ -334,7 +344,7 @@
 
 <p>
 If you however want to allow a user to run a certain set of commands without
-providing any password whatsoever, you need to prepend the commands with
+providing any password whatsoever, you need to start the commands with
 <c>NOPASSWD:</c>, like so:
 </p>
 
@@ -382,7 +392,7 @@
 <p>
 By default, if a user has entered his password to authenticate himself to
 <c>sudo</c>, it is remembered for 5 minutes. If the user wants to prolong this
-period, he can run <c>sudo&nbsp;-v</c> to reset the timestamp so that
+period, he can run <c>sudo&nbsp;-v</c> to reset the time stamp so that
 it will take another 5 minutes before <c>sudo</c> asks for the password again.
 </p>
 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       08/05/19 20:45:27

  Modified:             sudo-guide.xml
  Log:
  Coding style

Revision  Changes    Path
1.12                 xml/htdocs/doc/en/sudo-guide.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?r1=1.11&r2=1.12

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- sudo-guide.xml	29 Nov 2006 15:48:57 -0000	1.11
+++ sudo-guide.xml	19 May 2008 20:45:27 -0000	1.12
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.11 2006/11/29 15:48:57 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.12 2008/05/19 20:45:27 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -12,7 +12,7 @@
 </author>
 
 <abstract>
-When you want some people to perform certain administrative steps on your 
+When you want some people to perform certain administrative steps on your
 system without granting them total root access, using sudo is your best option.
 With sudo you can control who can do what. This guide offers you a small
 introduction to this wonderful tool.
@@ -45,7 +45,7 @@
 application (or any user of a certain group, depending on the permissions used).
 You can (and probably even should) require the user to provide a password when
 he wants to execute the application and you can even fine-tune the permissions
-based on the user's location: logged on from the system itself or through SSH 
+based on the user's location: logged on from the system itself or through SSH
 from a remote site.
 </p>
 
@@ -71,7 +71,7 @@
 The <c>sudo</c> configuration is managed by the <path>/etc/sudoers</path> file.
 This file should never be edited through <c>nano&nbsp;/etc/sudoers</c> or
 <c>vim&nbsp;/etc/sudoers</c> or any other editor you might like. When you want
-to alter this file, you should use <c>visudo</c>. 
+to alter this file, you should use <c>visudo</c>.
 </p>
 
 <p>
@@ -133,8 +133,8 @@
 <p>
 A <brite>big warning</brite> is in place though: do not allow a user to run an
 application that can allow people to elevate privileges. For instance, allowing
-users to execute <c>emerge</c> as root can indeed grant them full root access 
-to the system because <c>emerge</c> can be manipulated to change the live file 
+users to execute <c>emerge</c> as root can indeed grant them full root access
+to the system because <c>emerge</c> can be manipulated to change the live file
 system to the user's advantage. If you do not trust your <c>sudo</c> users,
 don't grant them any rights.
 </p>
@@ -144,8 +144,8 @@
 -->
 
 <p>
-The user name can also be substituted with a group name - in this case you 
-should start the group name with a <c>%</c> sign. For instance, to allow any 
+The user name can also be substituted with a group name - in this case you
+should start the group name with a <c>%</c> sign. For instance, to allow any
 one in the <c>wheel</c> group to execute <c>emerge</c>:
 </p>
 
@@ -165,10 +165,10 @@
 
 <p>
 You can also specify a precise command and not only the tool itself. This is
-useful to restrict the use of a certain tool to a specified set of command options.
-The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob characters)
-to be used in pathnames as well as command line arguments in the sudoers file.
-Note that these are <e>not</e> regular expressions.
+useful to restrict the use of a certain tool to a specified set of command
+options. The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob
+characters) to be used in pathnames as well as command line arguments in the
+sudoers file. Note that these are <e>not</e> regular expressions.
 </p>
 
 <p>
@@ -227,7 +227,7 @@
 <p>
 One alias that always works, for any position, is the <c>ALL</c> alias (to make
 a good distinction between aliases and non-aliases it is recommended to use
-capital letters for aliases). As you might undoubtedly have guessed, the 
+capital letters for aliases). As you might undoubtedly have guessed, the
 <c>ALL</c> alias is an alias to all possible settings.
 </p>
 
@@ -279,7 +279,7 @@
 </p>
 
 <p>
-Inside <path>/etc/sudoers</path> you list the user(s) in between 
+Inside <path>/etc/sudoers</path> you list the user(s) in between
 <c>(</c>&nbsp;and&nbsp;<c>)</c> before the command listing:
 </p>
 
@@ -347,7 +347,7 @@
 
 <p>
 A different setting would be to require the password of the user that the
-command should be run as and not the users' personal password. This is 
+command should be run as and not the users' personal password. This is
 accomplished using <c>runaspw</c>. In the following example we
 also set the number of retries (how many times the user can re-enter a password
 before <c>sudo</c> fails) to <c>2</c> instead of the default 3:



-- 
gentoo-doc-cvs@lists.gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Xavier Neys]

neysx       06/07/14 11:46:17

  Modified:             sudo-guide.xml
  Log:
  #127017 sudo tool allows for regular expressions, not!

Revision  Changes    Path
1.9                  xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.9&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.9&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.8&r2=1.9&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sudo-guide.xml	31 Dec 2005 15:30:31 -0000	1.8
+++ sudo-guide.xml	14 Jul 2006 11:46:17 -0000	1.9
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.8 2005/12/31 15:30:31 neysx Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.9 2006/07/14 11:46:17 neysx Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,8 +22,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.5</version>
-<date>2005-12-31</date>
+<version>1.6</version>
+<date>2006-07-14</date>
 
 <chapter>
 <title>About Sudo</title>
@@ -165,8 +165,10 @@
 
 <p>
 You can also specify a precise command and not only the tool itself. This is
-useful to restrict the use of a certain tool to a specified set of command
-options. The <c>sudo</c> tool allows for regular expressions to be used as well.
+useful to restrict the use of a certain tool to a specified set of command options.
+The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob characters)
+to be used in pathnames as well as command line arguments in the sudoers file.
+Note that these are <e>not</e> regular expressions.
 </p>
 
 <p>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Xavier Neys]

neysx       05/12/31 15:30:31

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  #117270 extend regexp for usernames

Revision  Changes    Path
1.8       +5 -5      xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.8&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.8&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.7&r2=1.8&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- sudo-guide.xml	21 Oct 2005 20:21:05 -0000	1.7
+++ sudo-guide.xml	31 Dec 2005 15:30:31 -0000	1.8
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.7 2005/10/21 20:21:05 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.8 2005/12/31 15:30:31 neysx Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,8 +22,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.4</version>
-<date>2005-10-21</date>
+<version>1.5</version>
+<date>2005-12-31</date>
 
 <chapter>
 <title>About Sudo</title>
@@ -257,7 +257,7 @@
 User_Alias  <i>SOFTWAREMAINTAINERS</i> = swift, john, danny
 User_Alias  <i>PASSWORDMAINTAINERS</i> = swift, sysop
 Cmnd_Alias  <i>SOFTWARECOMMANDS</i>    = /usr/bin/emerge, /usr/bin/ebuild
-Cmnd_Alias  <i>PASSWORDCOMMANDS</i>    = /usr/bin/passwd [a-zA-Z]*, !/usr/bin/passwd root
+Cmnd_Alias  <i>PASSWORDCOMMANDS</i>    = /usr/bin/passwd [a-zA-Z0-9_-]*, !/usr/bin/passwd root
 
 <i>SOFTWAREMAINTAINERS</i>  localhost = <i>SOFTWARECOMMANDS</i>
 <i>PASSWORDMAINTAINERS</i>  localhost = <i>PASSWORDCOMMANDS</i>
@@ -398,7 +398,7 @@
 User swift may run the following commands on this host:
     (root)   /usr/libexec/xfsm-shutdown-helper
     (root)   /usr/bin/emerge
-    (root)   /usr/bin/passwd [a-zA-Z]*
+    (root)   /usr/bin/passwd [a-zA-Z0-9_-]*
     (root)   !/usr/bin/passwd root
     (apache) /usr/bin/pkill
     (apache) /bin/kill



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[swift]

swift       05/10/21 20:21:05

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  #109446 - Adding DISPLAY stuff

Revision  Changes    Path
1.7       +12 -3     xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.7&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.7&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.6&r2=1.7&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sudo-guide.xml	4 Aug 2005 08:07:54 -0000	1.6
+++ sudo-guide.xml	21 Oct 2005 20:21:05 -0000	1.7
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.6 2005/08/04 08:07:54 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.7 2005/10/21 20:21:05 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,8 +22,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.3</version>
-<date>2005-08-04</date>
+<version>1.4</version>
+<date>2005-10-21</date>
 
 <chapter>
 <title>About Sudo</title>
@@ -356,6 +356,15 @@
 </pre>
 
 <p>
+Another interesting feature is to keep the <c>DISPLAY</c> variable set so that
+you can execute graphical tools:
+</p>
+
+<pre caption="Keeping the DISPLAY variable alive">
+Defaults:john env_keep=DISPLAY
+</pre>
+
+<p>
 You can change dozens of default settings using the <c>Defaults:</c> directive.
 Fire up the <c>sudo</c> manual page and search for <c>Defaults</c>.
 </p>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[swift]

swift       05/08/04 08:07:54

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  Refer to sudo/sudoers manual pages

Revision  Changes    Path
1.6       +7 -2      xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.6&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.6&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.5&r2=1.6&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sudo-guide.xml	4 Aug 2005 08:05:21 -0000	1.5
+++ sudo-guide.xml	4 Aug 2005 08:07:54 -0000	1.6
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.5 2005/08/04 08:05:21 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.6 2005/08/04 08:07:54 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,7 +22,7 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.2</version>
+<version>1.3</version>
 <date>2005-08-04</date>
 
 <chapter>
@@ -94,6 +94,11 @@
 keyboard, ...), etc.
 </p>
 
+<p>
+Please read the <c>sudo</c> and <c>sudoers</c> manual pages for more
+information.
+</p>
+
 </body>
 </section>
 </chapter>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[swift]

swift       05/08/04 08:05:21

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  Spelling mistakes, no content change. Fixed #101189

Revision  Changes    Path
1.5       +8 -8      xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.5&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.5&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.4&r2=1.5&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sudo-guide.xml	3 Aug 2005 08:13:40 -0000	1.4
+++ sudo-guide.xml	4 Aug 2005 08:05:21 -0000	1.5
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.4 2005/08/03 08:13:40 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.5 2005/08/04 08:05:21 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -23,7 +23,7 @@
 <license/>
 
 <version>1.2</version>
-<date>2005-08-03</date>
+<date>2005-08-04</date>
 
 <chapter>
 <title>About Sudo</title>
@@ -45,8 +45,8 @@
 application (or any user of a certain group, depending on the permissions used).
 You can (and probably even should) require the user to provide a password when
 he wants to execute the application and you can even fine-tune the permissions
-based on the location where the user is at: if he is logged on from the system
-itself or through SSH from a remote site.
+based on the user's location: logged on from the system itself or through SSH 
+from a remote site.
 </p>
 
 </body>
@@ -130,7 +130,7 @@
 application that can allow people to elevate privileges. For instance, allowing
 users to execute <c>emerge</c> as root can indeed grant them full root access 
 to the system because <c>emerge</c> can be manipulated to change the live file 
-system in the user his advantage. If you do not trust your <c>sudo</c> users,
+system to the user's advantage. If you do not trust your <c>sudo</c> users,
 don't grant them any rights.
 </p>
 
@@ -182,7 +182,7 @@
 </pre>
 
 <p>
-The password that <c>sudo</c> requires is the user his own password. This is to
+The password that <c>sudo</c> requires is the user's own password. This is to
 make sure that no terminal that you accidentally left open to others is abused
 for malicious purposes.
 </p>
@@ -245,7 +245,7 @@
 <p>
 More interesting is to define a set of users who can run software administrative
 applications (such as <c>emerge</c> and <c>ebuild</c>) on the system and a group
-of administrators who can change users their password - but not roots!
+of administrators who can change the password of any user, except root!
 </p>
 
 <pre caption="Using aliases for users and commands">
@@ -346,7 +346,7 @@
 before <c>sudo</c> fails) to <c>2</c> instead of the default 3:
 </p>
 
-<pre caption="Requiring the root password instead of the user his password">
+<pre caption="Requiring the root password instead of the user's password">
 Defaults:john   runaspw, passwd_tries=2
 </pre>
 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/03 08:13:40

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  No wrappers either, just do not grant sudo access to users you do not trust completely

Revision  Changes    Path
1.4       +9 -6      xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.4&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.4&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.3&r2=1.4&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sudo-guide.xml	2 Aug 2005 19:23:28 -0000	1.3
+++ sudo-guide.xml	3 Aug 2005 08:13:40 -0000	1.4
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.3 2005/08/02 19:23:28 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.4 2005/08/03 08:13:40 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,8 +22,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.1</version>
-<date>2005-08-02</date>
+<version>1.2</version>
+<date>2005-08-03</date>
 
 <chapter>
 <title>About Sudo</title>
@@ -130,11 +130,14 @@
 application that can allow people to elevate privileges. For instance, allowing
 users to execute <c>emerge</c> as root can indeed grant them full root access 
 to the system because <c>emerge</c> can be manipulated to change the live file 
-system in the user his advantage. Trust your users, or use a <e>wrapper</e> 
-instead: a script that limits the use of the application to a known set of 
-safe instructions.
+system in the user his advantage. If you do not trust your <c>sudo</c> users,
+don't grant them any rights.
 </p>
 
+<!--
+  Wrappers are no real advantage here either, see #71750
+-->
+
 <p>
 The user name can also be substituted with a group name - in this case you 
 should start the group name with a <c>%</c> sign. For instance, to allow any 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/02 19:23:28

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  Coding Style, no content change

Revision  Changes    Path
1.3       +4 -4      xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.3&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.3&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.2&r2=1.3&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sudo-guide.xml	2 Aug 2005 19:22:33 -0000	1.2
+++ sudo-guide.xml	2 Aug 2005 19:23:28 -0000	1.3
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 2005/08/02 19:22:33 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.3 2005/08/02 19:23:28 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -136,9 +136,9 @@
 </p>
 
 <p>
-The user name can also be substituted with a group name - in this case you should
-start the group name with a <c>%</c> sign. For instance, to allow any one in
-the <c>wheel</c> group to execute <c>emerge</c>:
+The user name can also be substituted with a group name - in this case you 
+should start the group name with a <c>%</c> sign. For instance, to allow any 
+one in the <c>wheel</c> group to execute <c>emerge</c>:
 </p>
 
 <pre caption="Allowing the wheel group members to execute emerge">



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/02 19:22:33

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  Trust your users or use a wrapper script instead of granting full access to tools that manipulate the system. Tx to ciaranm for reporting

Revision  Changes    Path
1.2       +12 -2     xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-guide.xml	2 Aug 2005 17:59:29 -0000	1.1
+++ sudo-guide.xml	2 Aug 2005 19:22:33 -0000	1.2
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 2005/08/02 17:59:29 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 2005/08/02 19:22:33 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,7 +22,7 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.0</version>
+<version>1.1</version>
 <date>2005-08-02</date>
 
 <chapter>
@@ -126,6 +126,16 @@
 </pre>
 
 <p>
+A <brite>big warning</brite> is in place though: do not allow a user to run an
+application that can allow people to elevate privileges. For instance, allowing
+users to execute <c>emerge</c> as root can indeed grant them full root access 
+to the system because <c>emerge</c> can be manipulated to change the live file 
+system in the user his advantage. Trust your users, or use a <e>wrapper</e> 
+instead: a script that limits the use of the application to a known set of 
+safe instructions.
+</p>
+
+<p>
 The user name can also be substituted with a group name - in this case you should
 start the group name with a <c>%</c> sign. For instance, to allow any one in
 the <c>wheel</c> group to execute <c>emerge</c>:



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/02 18:00:03

  Removed:     xml/htdocs/doc/en/draft sudo-guide.xml
  Log:
  Removing sudo-guide.xml from this location
-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/02 17:59:29

  Modified:    xml/htdocs/doc/en metadoc.xml
  Added:       xml/htdocs/doc/en sudo-guide.xml
  Log:
  Committing sudo(ers) guide

Revision  Changes    Path
1.93      +6 -1      xml/htdocs/doc/en/metadoc.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.93&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml?rev=1.93&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/metadoc.xml.diff?r1=1.92&r2=1.93&cvsroot=gentoo

Index: metadoc.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- metadoc.xml	1 Aug 2005 15:52:23 -0000	1.92
+++ metadoc.xml	2 Aug 2005 17:59:29 -0000	1.93
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding="UTF-8"?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.92 2005/08/01 15:52:23 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.93 2005/08/02 17:59:29 swift Exp $ -->
 <!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd">
 
 <metadoc lang="en">
@@ -362,6 +362,7 @@
     <file id="apache-troubleshooting">/doc/en/apache-troubleshooting.xml</file>
     <file id="apache-upgrading">/doc/en/apache-upgrading.xml</file>
     <file id="apache-developer">/doc/en/apache-developer.xml</file>
+    <file id="sudo-guide">/doc/en/sudo-guide.xml</file>
   </files>
   <docs>
     <doc id="name-logo">
@@ -994,5 +995,9 @@
       <memberof>gentoodev_docs</memberof>
       <fileid>apache-developer</fileid>
     </doc>
+    <doc id="sudo-guide">
+      <memberof>sysadmin_general</memberof>
+      <fileid>sudo-guide</fileid>
+    </doc>
   </docs>
 </metadoc>



1.1                  xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
<?xml version='1.0' encoding="UTF-8"?>

<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 2005/08/02 17:59:29 swift Exp $ -->

<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

<guide link="/doc/en/sudo-guide.xml">
<title>Gentoo Sudo(ers) Guide</title>

<author title="Author">
  <mail link="swift@gentoo.org">Sven Vermeulen</mail>
</author>

<abstract>
When you want some people to perform certain administrative steps on your 
system without granting them total root access, using sudo is your best option.
With sudo you can control who can do what. This guide offers you a small
introduction to this wonderful tool.
</abstract>

<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>

<version>1.0</version>
<date>2005-08-02</date>

<chapter>
<title>About Sudo</title>
<section>
<title>Granting Permissions</title>
<body>

<p>
The <c>app-admin/sudo</c> package allows the system administrator to grant
permission to other users to execute one or more applications they would
normally have no right to. Unlike using the <e>setuid</e> bit on these
applications <c>sudo</c> gives a more fine-grained control on <e>who</e> can
execute a certain command and <e>when</e>.
</p>

<p>
With <c>sudo</c> you can make a clear list <e>who</e> can execute a certain
application. If you would set the setuid bit, any user would be able to run this
application (or any user of a certain group, depending on the permissions used).
You can (and probably even should) require the user to provide a password when
he wants to execute the application and you can even fine-tune the permissions
based on the location where the user is at: if he is logged on from the system
itself or through SSH from a remote site.
</p>

</body>
</section>
<section>
<title>Logging Activity</title>
<body>

<p>
One additional advantage of <c>sudo</c> is that it can log any attempt
(successful or not) to run an application. This is very useful if you want to
track who made that one fatal mistake that took you 10 hours to fix :)
</p>

</body>
</section>
<section>
<title>Configuring Sudo</title>
<body>

<p>
The <c>sudo</c> configuration is managed by the <path>/etc/sudoers</path> file.
This file should never be edited through <c>nano&nbsp;/etc/sudoers</c> or
<c>vim&nbsp;/etc/sudoers</c> or any other editor you might like. When you want
to alter this file, you should use <c>visudo</c>. 
</p>

<p>
This tool makes sure that no two system administrators are editing this file at
the same time, preserves the permissions on the file and performs some syntax
checking to make sure you make no fatal mistakes in the file.
</p>

</body>
</section>
<section>
<title>About this Guide</title>
<body>

<p>
This guide is meant as a quick introduction. The <c>sudo</c> package is a lot
more powerful than what is described in this guide. It has special features for
editing files as a different user (<c>sudoedit</c>), running from within a
script (so it can background, read the password from standard in instead of the
keyboard, ...), etc.
</p>

</body>
</section>
</chapter>

<chapter>
<title>Sudoers Syntax</title>
<section>
<title>Basic Syntax</title>
<body>

<p>
The most difficult part of <c>sudo</c> is the <path>/etc/sudoers</path> syntax.
The basic syntax is like so:
</p>

<pre caption="Basic /etc/sudoers syntax">
user  host = commands
</pre>

<p>
This syntax tells <c>sudo</c> that the user, identified by <e>user</e> and
logged on through the system <e>host</e> can execute any of the commands listed
in <e>commands</e> as the root user. A more real-life example might make this
more clear: allow the user <e>swift</e> to execute <c>emerge</c> if he is logged
on from the system (not through SSH):
</p>

<pre caption="Live /etc/sudoers examples">
swift  localhost = /usr/bin/emerge
</pre>

<p>
The user name can also be substituted with a group name - in this case you should
start the group name with a <c>%</c> sign. For instance, to allow any one in
the <c>wheel</c> group to execute <c>emerge</c>:
</p>

<pre caption="Allowing the wheel group members to execute emerge">
%wheel  localhost = /usr/bin/emerge
</pre>

<p>
You can extend the line to allow for several commands (instead of making a
single entry for each command). For instance, to allow the same user to not only
run <c>emerge</c> but also <c>ebuild</c> and <c>emerge-webrsync</c> as root:
</p>

<pre caption="Multiple commands">
swift  localhost = /usr/bin/emerge, /usr/bin/ebuild, /usr/sbin/emerge-webrsync
</pre>

<p>
You can also specify a precise command and not only the tool itself. This is
useful to restrict the use of a certain tool to a specified set of command
options. The <c>sudo</c> tool allows for regular expressions to be used as well.
</p>

<p>
Let us put this to the test:
</p>

<pre caption="Attempt to update the system using sudo">
$ <i>sudo emerge -uDN world</i>

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password: <comment>(Enter the user password, not root!)</comment>
</pre>

<p>
The password that <c>sudo</c> requires is the user his own password. This is to
make sure that no terminal that you accidentally left open to others is abused
for malicious purposes.
</p>

<p>
You should know that <c>sudo</c> does not alter the <c>${PATH}</c> variable: any
command you place after <c>sudo</c> is treated from <e>your</e> environment. If
you want the user to run a tool in for instance <path>/sbin</path> he should
provide the full path to <c>sudo</c>, like so:
</p>

<pre caption="Using the full path to a tool">
$ <i>sudo /usr/sbin/emerge-webrsync</i>
</pre>

</body>
</section>
<section>
<title>Using Aliases</title>
<body>

<p>
In larger environments having to enter all users over and over again (or hosts,
or commands) can be a daunting task. To ease the administration of
<path>/etc/sudoers</path> you can define <e>aliases</e>. The format to declare
aliases is quite simple:
</p>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: sudo-guide.xml

[Sven Vermeulen]

swift       05/08/02 16:14:21

  Added:       xml/htdocs/doc/en/draft sudo-guide.xml
  Log:
  Sudo guide, draft

Revision  Changes    Path
1.1                  xml/htdocs/doc/en/draft/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
<?xml version='1.0' encoding="UTF-8"?>

<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.1 2005/08/02 16:14:21 swift Exp $ -->

<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

<guide link="/doc/en/sudo-guide.xml">
<title>Gentoo Sudo(ers) Guide</title>

<author title="Author">
  <mail link="swift@gentoo.org">Sven Vermeulen</mail>
</author>

<abstract>
When you want some people to perform certain administrative steps on your 
system without granting them total root access, using sudo is your best option.
With sudo you can control who can do what. This guide offers you a small
introduction to this wonderful tool.
</abstract>

<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>

<version>0.1</version>
<date>2005-01-01</date>

<chapter>
<title>About Sudo</title>
<section>
<title>Granting Permissions</title>
<body>

<p>
The <c>app-admin/sudo</c> package allows the system administrator to grant
permission to other users to execute one or more applications they would
normally have no access to. Unlike using the <e>setuid</e> bit on these
applications <c>sudo</c> gives a more fine-grained control on <e>who</e> can
execute a certain command and <e>when</e>.
</p>

<p>
With <c>sudo</c> you can make a clear list <e>who</e> can execute a certain
application. If you would set the setuid bit, any user would be able to run this
application (or any user of a certain group, depending on the permissions used).
You can (and probably even should) require the user to provide a password when
he wants to execute the application and you can even fine-tune the permissions
based on the location where the user is at: if he is logged on from the system
itself or through SSH from a remote site.
</p>

</body>
</section>
<section>
<title>Logging Activity</title>
<body>

<p>
One additional advantage of <c>sudo</c> is that it can log any attempt
(succesful or not) to run an application. This is very useful if you want to
track who made that one fatal mistake that took you 10 hours to fix :)
</p>

</body>
</section>
<section>
<title>Configuring Sudo</title>
<body>

<p>
The <c>sudo</c> configuration is managed by the <path>/etc/sudoers</path> file.
This file should never be edited through <c>nano&nbsp;/etc/sudoers</c> or
<c>vim&nbsp;/etc/sudoers</c> or any other editor you might like. When you want
to alter this file, you should use <c>visudo</c>. 
</p>

<p>
This tool makes sure that no two system administrators are editing this file at
the same time, preserves the permissions on the file and performs some syntax
checking to make sure you make no fatal mistakes in the file.
</p>

</body>
</section>
<section>
<title>About this Guide</title>
<body>

<p>
This guide is meant as a quick introduction. The <c>sudo</c> package is a lot
more powerful than what is described in this guide. It has special features for
editing files as a different user (<c>sudoedit</c>), running from within a
script (so it can background, read the password from standard in instead of the
keyboard, ...), etc.
</p>

</body>
</section>
</chapter>

<chapter>
<title>Sudoers Syntax</title>
<section>
<title>Basic Syntax</title>
<body>

<p>
The most difficult part of <c>sudo</c> is the <path>/etc/sudoers</path> syntax.
The basic syntax is like so:
</p>

<pre caption="Basic /etc/sudoers syntax">
user  host = commands
</pre>

<p>
This syntax tells <c>sudo</c> that the user, identified by <e>user</e> and
logged on through the system <e>host</e> can execute any of the commands listed
in <e>commands</e> as the root user. A more real-life example might make this
more clear: allow the user <e>swift</e> to execute <c>emerge</c> if he is logged
on from the system (not through SSH):
</p>

<pre caption="Live /etc/sudoers examples">
swift  localhost = /usr/bin/emerge
</pre>

<p>
You can extend the line to allow for several commands (instead of making a
single entry for each command). For instance, to allow the same user to not only
run <c>emerge</c> but also <c>ebuild</c> and <c>emerge-webrsync</c> as root:
</p>

<pre caption="Multiple commands">
swift  localhost = /usr/bin/emerge, /usr/bin/ebuild, /usr/sbin/emerge-webrsync
</pre>

<p>
You can also specify a precise command and not only the tool itself. This is
useful to restrict the use of a certain tool to a specified set of command
options. The <c>sudo</c> tool allows for regular expressions to be used as well.
</p>

<p>
Let us put this to the test:
</p>

<pre caption="Attempt to update the system using sudo">
$ <i>sudo emerge -uDN world</i>

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password: <comment>(Enter the user password, not root!)</comment>
</pre>

<p>
The password that <c>sudo</c> requires is the user his own password. This is to
make sure that no terminal that you accidentally left open to others is abused
for malicious purposes.
</p>

<p>
You should know that <c>sudo</c> does not alter the <c>${PATH}</c> variable: any
command you place after <c>sudo</c> is treated from <e>your</e> environment. If
you want the user to run a tool in for instance <path>/sbin</path> he should
provide the full path to <c>sudo</c>, like so:
</p>

<pre caption="Using the full path to a tool">
$ <i>sudo /usr/sbin/emerge-webrsync</i>
</pre>

</body>
</section>
<section>
<title>Using Aliases</title>
<body>

<p>
In larger environments having to enter all users over and over again (or hosts,
or commands) can be a daunting task. To ease the administration of
<path>/etc/sudoers</path> you can define <e>aliases</e>. The format to declare
aliases is quite simple:
</p>

<pre caption="Declaring aliases in /etc/sudoers">
Host_Alias hostalias = hostname1, hostname2, ...
User_Alias useralias = user1, user2, ...
Cmnd_Alias cmndalias = command1, command2, ...
</pre>

<p>
One alias that always works, for any position, is the <c>ALL</c> alias (to make
a good distinction between aliases and non-aliases it is recommended to use



-- 
gentoo-doc-cvs@gentoo.org mailing list