| 1 |
swift 11/08/14 17:58:51 |
| 2 |
|
| 3 |
Modified: sudo-guide.xml |
| 4 |
Log: |
| 5 |
Sudoers does not care frmo where you are logged on. The hostname field is for the system on which the command is executed. Thanks to Chris X Edwards (chris xed ch) for reporting |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.13 xml/htdocs/doc/en/sudo-guide.xml |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.13&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.13&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/sudo-guide.xml?r1=1.12&r2=1.13 |
| 13 |
|
| 14 |
Index: sudo-guide.xml |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v |
| 17 |
retrieving revision 1.12 |
| 18 |
retrieving revision 1.13 |
| 19 |
diff -u -r1.12 -r1.13 |
| 20 |
--- sudo-guide.xml 19 May 2008 20:45:27 -0000 1.12 |
| 21 |
+++ sudo-guide.xml 14 Aug 2011 17:58:50 -0000 1.13 |
| 22 |
@@ -1,6 +1,6 @@ |
| 23 |
<?xml version='1.0' encoding="UTF-8"?> |
| 24 |
|
| 25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.12 2008/05/19 20:45:27 swift Exp $ --> |
| 26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.13 2011/08/14 17:58:50 swift Exp $ --> |
| 27 |
|
| 28 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
| 29 |
|
| 30 |
@@ -22,8 +22,8 @@ |
| 31 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
| 32 |
<license/> |
| 33 |
|
| 34 |
-<version>1.6</version> |
| 35 |
-<date>2006-07-14</date> |
| 36 |
+<version>2</version> |
| 37 |
+<date>2011-08-13</date> |
| 38 |
|
| 39 |
<chapter> |
| 40 |
<title>About Sudo</title> |
| 41 |
@@ -44,9 +44,7 @@ |
| 42 |
application. If you would set the setuid bit, any user would be able to run this |
| 43 |
application (or any user of a certain group, depending on the permissions used). |
| 44 |
You can (and probably even should) require the user to provide a password when |
| 45 |
-he wants to execute the application and you can even fine-tune the permissions |
| 46 |
-based on the user's location: logged on from the system itself or through SSH |
| 47 |
-from a remote site. |
| 48 |
+he wants to execute the application. |
| 49 |
</p> |
| 50 |
|
| 51 |
</body> |
| 52 |
@@ -120,16 +118,20 @@ |
| 53 |
|
| 54 |
<p> |
| 55 |
This syntax tells <c>sudo</c> that the user, identified by <e>user</e> and |
| 56 |
-logged on through the system <e>host</e> can execute any of the commands listed |
| 57 |
+logged in on the system <e>host</e> can execute any of the commands listed |
| 58 |
in <e>commands</e> as the root user. A more real-life example might make this |
| 59 |
more clear: allow the user <e>swift</e> to execute <c>emerge</c> if he is logged |
| 60 |
-on from the system (not through SSH): |
| 61 |
+in on localhost: |
| 62 |
</p> |
| 63 |
|
| 64 |
<pre caption="Live /etc/sudoers examples"> |
| 65 |
swift localhost = /usr/bin/emerge |
| 66 |
</pre> |
| 67 |
|
| 68 |
+<note> |
| 69 |
+The hostname must match what the <c>hostname</c> command returns. |
| 70 |
+</note> |
| 71 |
+ |
| 72 |
<p> |
| 73 |
A <brite>big warning</brite> is in place though: do not allow a user to run an |
| 74 |
application that can allow people to elevate privileges. For instance, allowing |
Archives