|
 |
1b092f |
diff -up sudo-1.8.6p3/doc/sudoers.cat.orig sudo-1.8.6p3/doc/sudoers.cat
|
|
|
1b092f |
--- sudo-1.8.6p3/doc/sudoers.cat.orig 2012-09-18 15:57:43.000000000 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/doc/sudoers.cat 2013-07-10 14:57:53.791093835 +0200
|
|
|
1b092f |
@@ -668,11 +668,24 @@ S?SU?UD?DO?OE?ER?RS?S F?FI?IL?LE?E F?FO?
|
|
|
1b092f |
since in a command context, it allows the user to run a?an?ny?y command on the
|
|
|
1b092f |
system.
|
|
|
1b092f |
|
|
|
1b092f |
- An exclamation point (`!') can be used as a logical _?n_?o_?t operator both in
|
|
|
1b092f |
- an _?a_?l_?i_?a_?s and in front of a Cmnd. This allows one to exclude certain
|
|
|
1b092f |
- values. Note, however, that using a `!' in conjunction with the built-in
|
|
|
1b092f |
- A?AL?LL?L alias to allow a user to run ``all but a few'' commands rarely works
|
|
|
1b092f |
- as intended (see _?S_?E_?C_?U_?R_?I_?T_?Y _?N_?O_?T_?E_?S below).
|
|
|
1b092f |
+ An exclamation point (`!') can be used as a logical _?n_?o_?t operator in a
|
|
|
1b092f |
+ list or _?a_?l_?i_?a_?s as well as in front of a Cmnd. This allows one to exclude
|
|
|
1b092f |
+ certain values. For the `!' operator to be effective, there must be
|
|
|
1b092f |
+ something for it to exclude. For example, to match all users except for
|
|
|
1b092f |
+ root one would use:
|
|
|
1b092f |
+
|
|
|
1b092f |
+ ALL,!root
|
|
|
1b092f |
+
|
|
|
1b092f |
+ If the A?AL?LL?L, is omitted, as in:
|
|
|
1b092f |
+
|
|
|
1b092f |
+ !root
|
|
|
1b092f |
+
|
|
|
1b092f |
+ it would explicitly deny root but not match any other users. This is
|
|
|
1b092f |
+ different from a true ``negation'' operator.
|
|
|
1b092f |
+
|
|
|
1b092f |
+ Note, however, that using a `!' in conjunction with the built-in A?AL?LL?L
|
|
|
1b092f |
+ alias to allow a user to run ``all but a few'' commands rarely works as
|
|
|
1b092f |
+ intended (see _?S_?E_?C_?U_?R_?I_?T_?Y _?N_?O_?T_?E_?S below).
|
|
|
1b092f |
|
|
|
1b092f |
Long lines can be continued with a backslash (`\') as the last character
|
|
|
1b092f |
on the line.
|
|
|
1b092f |
diff -up sudo-1.8.6p3/doc/sudoers.man.in.orig sudo-1.8.6p3/doc/sudoers.man.in
|
|
|
1b092f |
--- sudo-1.8.6p3/doc/sudoers.man.in.orig 2013-07-10 13:00:20.987336061 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/doc/sudoers.man.in 2013-07-10 14:57:53.792093837 +0200
|
|
|
1b092f |
@@ -1490,11 +1490,37 @@ An exclamation point
|
|
|
1b092f |
(`\&!')
|
|
|
1b092f |
can be used as a logical
|
|
|
1b092f |
\fInot\fR
|
|
|
1b092f |
-operator both in an
|
|
|
1b092f |
+operator in a list or
|
|
|
1b092f |
\fIalias\fR
|
|
|
1b092f |
-and in front of a
|
|
|
1b092f |
+as well as in front of a
|
|
|
1b092f |
\fRCmnd\fR.
|
|
|
1b092f |
This allows one to exclude certain values.
|
|
|
1b092f |
+For the
|
|
|
1b092f |
+`\&!'
|
|
|
1b092f |
+operator to be effective, there must be something for it to exclude.
|
|
|
1b092f |
+For example, to match all users except for root one would use:
|
|
|
1b092f |
+.nf
|
|
|
1b092f |
+.sp
|
|
|
1b092f |
+.RS 4n
|
|
|
1b092f |
+ALL,!root
|
|
|
1b092f |
+.RE
|
|
|
1b092f |
+.fi
|
|
|
1b092f |
+.PP
|
|
|
1b092f |
+If the
|
|
|
1b092f |
+\fBALL\fR,
|
|
|
1b092f |
+is omitted, as in:
|
|
|
1b092f |
+.nf
|
|
|
1b092f |
+.sp
|
|
|
1b092f |
+.RS 4n
|
|
|
1b092f |
+!root
|
|
|
1b092f |
+.RE
|
|
|
1b092f |
+.fi
|
|
|
1b092f |
+.PP
|
|
|
1b092f |
+it would explicitly deny root but not match any other users.
|
|
|
1b092f |
+This is different from a true
|
|
|
1b092f |
+``negation''
|
|
|
1b092f |
+operator.
|
|
|
1b092f |
+.PP
|
|
|
1b092f |
Note, however, that using a
|
|
|
1b092f |
`\&!'
|
|
|
1b092f |
in conjunction with the built-in
|
|
|
1b092f |
diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.orig sudo-1.8.6p3/doc/sudoers.mdoc.in
|
|
|
1b092f |
--- sudo-1.8.6p3/doc/sudoers.mdoc.in.orig 2012-09-18 15:57:43.000000000 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2013-07-10 14:57:53.793093839 +0200
|
|
|
1b092f |
@@ -1393,11 +1393,31 @@ An exclamation point
|
|
|
1b092f |
.Pq Ql \&!
|
|
|
1b092f |
can be used as a logical
|
|
|
1b092f |
.Em not
|
|
|
1b092f |
-operator both in an
|
|
|
1b092f |
+operator in a list or
|
|
|
1b092f |
.Em alias
|
|
|
1b092f |
-and in front of a
|
|
|
1b092f |
+as well as in front of a
|
|
|
1b092f |
.Li Cmnd .
|
|
|
1b092f |
This allows one to exclude certain values.
|
|
|
1b092f |
+For the
|
|
|
1b092f |
+.Ql \&!
|
|
|
1b092f |
+operator to be effective, there must be something for it to exclude.
|
|
|
1b092f |
+For example, to match all users except for root one would use:
|
|
|
1b092f |
+.Bd -literal -offset 4n
|
|
|
1b092f |
+ALL,!root
|
|
|
1b092f |
+.Ed
|
|
|
1b092f |
+.Pp
|
|
|
1b092f |
+If the
|
|
|
1b092f |
+.Sy ALL ,
|
|
|
1b092f |
+is omitted, as in:
|
|
|
1b092f |
+.Bd -literal -offset 4n
|
|
|
1b092f |
+!root
|
|
|
1b092f |
+.Ed
|
|
|
1b092f |
+.Pp
|
|
|
1b092f |
+it would explicitly deny root but not match any other users.
|
|
|
1b092f |
+This is different from a true
|
|
|
1b092f |
+.Dq negation
|
|
|
1b092f |
+operator.
|
|
|
1b092f |
+.Pp
|
|
|
1b092f |
Note, however, that using a
|
|
|
1b092f |
.Ql \&!
|
|
|
1b092f |
in conjunction with the built-in
|