1 |
swift 08/05/19 20:45:27 |
2 |
|
3 |
Modified: sudo-guide.xml |
4 |
Log: |
5 |
Coding style |
6 |
|
7 |
Revision Changes Path |
8 |
1.12 xml/htdocs/doc/en/sudo-guide.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?r1=1.11&r2=1.12 |
13 |
|
14 |
Index: sudo-guide.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v |
17 |
retrieving revision 1.11 |
18 |
retrieving revision 1.12 |
19 |
diff -u -r1.11 -r1.12 |
20 |
--- sudo-guide.xml 29 Nov 2006 15:48:57 -0000 1.11 |
21 |
+++ sudo-guide.xml 19 May 2008 20:45:27 -0000 1.12 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
|
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.11 2006/11/29 15:48:57 nightmorph Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.12 2008/05/19 20:45:27 swift Exp $ --> |
27 |
|
28 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
29 |
|
30 |
@@ -12,7 +12,7 @@ |
31 |
</author> |
32 |
|
33 |
<abstract> |
34 |
-When you want some people to perform certain administrative steps on your |
35 |
+When you want some people to perform certain administrative steps on your |
36 |
system without granting them total root access, using sudo is your best option. |
37 |
With sudo you can control who can do what. This guide offers you a small |
38 |
introduction to this wonderful tool. |
39 |
@@ -45,7 +45,7 @@ |
40 |
application (or any user of a certain group, depending on the permissions used). |
41 |
You can (and probably even should) require the user to provide a password when |
42 |
he wants to execute the application and you can even fine-tune the permissions |
43 |
-based on the user's location: logged on from the system itself or through SSH |
44 |
+based on the user's location: logged on from the system itself or through SSH |
45 |
from a remote site. |
46 |
</p> |
47 |
|
48 |
@@ -71,7 +71,7 @@ |
49 |
The <c>sudo</c> configuration is managed by the <path>/etc/sudoers</path> file. |
50 |
This file should never be edited through <c>nano /etc/sudoers</c> or |
51 |
<c>vim /etc/sudoers</c> or any other editor you might like. When you want |
52 |
-to alter this file, you should use <c>visudo</c>. |
53 |
+to alter this file, you should use <c>visudo</c>. |
54 |
</p> |
55 |
|
56 |
<p> |
57 |
@@ -133,8 +133,8 @@ |
58 |
<p> |
59 |
A <brite>big warning</brite> is in place though: do not allow a user to run an |
60 |
application that can allow people to elevate privileges. For instance, allowing |
61 |
-users to execute <c>emerge</c> as root can indeed grant them full root access |
62 |
-to the system because <c>emerge</c> can be manipulated to change the live file |
63 |
+users to execute <c>emerge</c> as root can indeed grant them full root access |
64 |
+to the system because <c>emerge</c> can be manipulated to change the live file |
65 |
system to the user's advantage. If you do not trust your <c>sudo</c> users, |
66 |
don't grant them any rights. |
67 |
</p> |
68 |
@@ -144,8 +144,8 @@ |
69 |
--> |
70 |
|
71 |
<p> |
72 |
-The user name can also be substituted with a group name - in this case you |
73 |
-should start the group name with a <c>%</c> sign. For instance, to allow any |
74 |
+The user name can also be substituted with a group name - in this case you |
75 |
+should start the group name with a <c>%</c> sign. For instance, to allow any |
76 |
one in the <c>wheel</c> group to execute <c>emerge</c>: |
77 |
</p> |
78 |
|
79 |
@@ -165,10 +165,10 @@ |
80 |
|
81 |
<p> |
82 |
You can also specify a precise command and not only the tool itself. This is |
83 |
-useful to restrict the use of a certain tool to a specified set of command options. |
84 |
-The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob characters) |
85 |
-to be used in pathnames as well as command line arguments in the sudoers file. |
86 |
-Note that these are <e>not</e> regular expressions. |
87 |
+useful to restrict the use of a certain tool to a specified set of command |
88 |
+options. The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob |
89 |
+characters) to be used in pathnames as well as command line arguments in the |
90 |
+sudoers file. Note that these are <e>not</e> regular expressions. |
91 |
</p> |
92 |
|
93 |
<p> |
94 |
@@ -227,7 +227,7 @@ |
95 |
<p> |
96 |
One alias that always works, for any position, is the <c>ALL</c> alias (to make |
97 |
a good distinction between aliases and non-aliases it is recommended to use |
98 |
-capital letters for aliases). As you might undoubtedly have guessed, the |
99 |
+capital letters for aliases). As you might undoubtedly have guessed, the |
100 |
<c>ALL</c> alias is an alias to all possible settings. |
101 |
</p> |
102 |
|
103 |
@@ -279,7 +279,7 @@ |
104 |
</p> |
105 |
|
106 |
<p> |
107 |
-Inside <path>/etc/sudoers</path> you list the user(s) in between |
108 |
+Inside <path>/etc/sudoers</path> you list the user(s) in between |
109 |
<c>(</c> and <c>)</c> before the command listing: |
110 |
</p> |
111 |
|
112 |
@@ -347,7 +347,7 @@ |
113 |
|
114 |
<p> |
115 |
A different setting would be to require the password of the user that the |
116 |
-command should be run as and not the users' personal password. This is |
117 |
+command should be run as and not the users' personal password. This is |
118 |
accomplished using <c>runaspw</c>. In the following example we |
119 |
also set the number of retries (how many times the user can re-enter a password |
120 |
before <c>sudo</c> fails) to <c>2</c> instead of the default 3: |
121 |
|
122 |
|
123 |
|
124 |
-- |
125 |
gentoo-doc-cvs@l.g.o mailing list |