From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JyCEc-0006nv-Be for garchives@archives.gentoo.org; Mon, 19 May 2008 20:45:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CC151E0315; Mon, 19 May 2008 20:45:29 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 84CF9E0315 for ; Mon, 19 May 2008 20:45:29 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 34EF665B7D for ; Mon, 19 May 2008 20:45:29 +0000 (UTC) Received: from swift by stork.gentoo.org with local (Exim 4.68) (envelope-from ) id 1JyCEZ-0005x3-QX for gentoo-doc-cvs@lists.gentoo.org; Mon, 19 May 2008 20:45:27 +0000 To: gentoo-doc-cvs@lists.gentoo.org Subject: [gentoo-doc-cvs] cvs commit: sudo-guide.xml Message-Id: From: Sven Vermeulen Date: Mon, 19 May 2008 20:45:27 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-doc-cvs@lists.gentoo.org Reply-to: docs-team@lists.gentoo.org X-Archives-Salt: af61bf8b-8f0b-47ca-8393-7e318e53d580 X-Archives-Hash: 3abda80a7575ebf1c19cd1acf55198da swift 08/05/19 20:45:27 Modified: sudo-guide.xml Log: Coding style Revision Changes Path 1.12 xml/htdocs/doc/en/sudo-guide.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?r1=1.11&r2=1.12 Index: sudo-guide.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- sudo-guide.xml 29 Nov 2006 15:48:57 -0000 1.11 +++ sudo-guide.xml 19 May 2008 20:45:27 -0000 1.12 @@ -1,6 +1,6 @@ - + @@ -12,7 +12,7 @@ -When you want some people to perform certain administrative steps on your +When you want some people to perform certain administrative steps on your system without granting them total root access, using sudo is your best option. With sudo you can control who can do what. This guide offers you a small introduction to this wonderful tool. @@ -45,7 +45,7 @@ application (or any user of a certain group, depending on the permissions used). You can (and probably even should) require the user to provide a password when he wants to execute the application and you can even fine-tune the permissions -based on the user's location: logged on from the system itself or through SSH +based on the user's location: logged on from the system itself or through SSH from a remote site.

@@ -71,7 +71,7 @@ The sudo configuration is managed by the /etc/sudoers file. This file should never be edited through nano /etc/sudoers or vim /etc/sudoers or any other editor you might like. When you want -to alter this file, you should use visudo. +to alter this file, you should use visudo.

@@ -133,8 +133,8 @@

A big warning is in place though: do not allow a user to run an application that can allow people to elevate privileges. For instance, allowing -users to execute emerge as root can indeed grant them full root access -to the system because emerge can be manipulated to change the live file +users to execute emerge as root can indeed grant them full root access +to the system because emerge can be manipulated to change the live file system to the user's advantage. If you do not trust your sudo users, don't grant them any rights.

@@ -144,8 +144,8 @@ -->

-The user name can also be substituted with a group name - in this case you -should start the group name with a % sign. For instance, to allow any +The user name can also be substituted with a group name - in this case you +should start the group name with a % sign. For instance, to allow any one in the wheel group to execute emerge:

@@ -165,10 +165,10 @@

You can also specify a precise command and not only the tool itself. This is -useful to restrict the use of a certain tool to a specified set of command options. -The sudo tool allows shell-style wildcards (AKA meta or glob characters) -to be used in pathnames as well as command line arguments in the sudoers file. -Note that these are not regular expressions. +useful to restrict the use of a certain tool to a specified set of command +options. The sudo tool allows shell-style wildcards (AKA meta or glob +characters) to be used in pathnames as well as command line arguments in the +sudoers file. Note that these are not regular expressions.

@@ -227,7 +227,7 @@

One alias that always works, for any position, is the ALL alias (to make a good distinction between aliases and non-aliases it is recommended to use -capital letters for aliases). As you might undoubtedly have guessed, the +capital letters for aliases). As you might undoubtedly have guessed, the ALL alias is an alias to all possible settings.

@@ -279,7 +279,7 @@

-Inside /etc/sudoers you list the user(s) in between +Inside /etc/sudoers you list the user(s) in between ( and ) before the command listing:

@@ -347,7 +347,7 @@

A different setting would be to require the password of the user that the -command should be run as and not the users' personal password. This is +command should be run as and not the users' personal password. This is accomplished using runaspw. In the following example we also set the number of retries (how many times the user can re-enter a password before sudo fails) to 2 instead of the default 3: -- gentoo-doc-cvs@lists.gentoo.org mailing list