1 |
swift 05/08/02 17:48:20 |
2 |
|
3 |
Modified: xml/htdocs/doc/en/draft sudo-guide.xml |
4 |
Log: |
5 |
Fix spelling mistakes, add %group information |
6 |
|
7 |
Revision Changes Path |
8 |
1.2 +19 -9 xml/htdocs/doc/en/draft/sudo-guide.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo |
12 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo |
13 |
|
14 |
Index: sudo-guide.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v |
17 |
retrieving revision 1.1 |
18 |
retrieving revision 1.2 |
19 |
diff -u -r1.1 -r1.2 |
20 |
--- sudo-guide.xml 2 Aug 2005 16:14:21 -0000 1.1 |
21 |
+++ sudo-guide.xml 2 Aug 2005 17:48:20 -0000 1.2 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
|
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.1 2005/08/02 16:14:21 swift Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.2 2005/08/02 17:48:20 swift Exp $ --> |
27 |
|
28 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
29 |
|
30 |
@@ -34,7 +34,7 @@ |
31 |
<p> |
32 |
The <c>app-admin/sudo</c> package allows the system administrator to grant |
33 |
permission to other users to execute one or more applications they would |
34 |
-normally have no access to. Unlike using the <e>setuid</e> bit on these |
35 |
+normally have no right to. Unlike using the <e>setuid</e> bit on these |
36 |
applications <c>sudo</c> gives a more fine-grained control on <e>who</e> can |
37 |
execute a certain command and <e>when</e>. |
38 |
</p> |
39 |
@@ -57,7 +57,7 @@ |
40 |
|
41 |
<p> |
42 |
One additional advantage of <c>sudo</c> is that it can log any attempt |
43 |
-(succesful or not) to run an application. This is very useful if you want to |
44 |
+(successful or not) to run an application. This is very useful if you want to |
45 |
track who made that one fatal mistake that took you 10 hours to fix :) |
46 |
</p> |
47 |
|
48 |
@@ -126,6 +126,16 @@ |
49 |
</pre> |
50 |
|
51 |
<p> |
52 |
+The user name can also be substituted with a group name - in this case you should |
53 |
+start the group name with a <c>%</c> sign. For instance, to allow any one in |
54 |
+the <c>wheel</c> group to execute <c>emerge</c>: |
55 |
+</p> |
56 |
+ |
57 |
+<pre caption="Allowing the wheel group members to execute emerge"> |
58 |
+%wheel localhost = /usr/bin/emerge |
59 |
+</pre> |
60 |
+ |
61 |
+<p> |
62 |
You can extend the line to allow for several commands (instead of making a |
63 |
single entry for each command). For instance, to allow the same user to not only |
64 |
run <c>emerge</c> but also <c>ebuild</c> and <c>emerge-webrsync</c> as root: |
65 |
@@ -297,8 +307,8 @@ |
66 |
</p> |
67 |
|
68 |
<p> |
69 |
-Of course, this behaviour can be changed: you can set the <c>Defaults:</c> |
70 |
-directive in <path>/etc/sudoers</path> to change the default behaviour for a |
71 |
+Of course, this behavior can be changed: you can set the <c>Defaults:</c> |
72 |
+directive in <path>/etc/sudoers</path> to change the default behavior for a |
73 |
user. |
74 |
</p> |
75 |
|
76 |
@@ -311,7 +321,7 @@ |
77 |
</pre> |
78 |
|
79 |
<p> |
80 |
-A setting of <c>-1</c> would remember the password indefinately (until the |
81 |
+A setting of <c>-1</c> would remember the password indefinitely (until the |
82 |
system reboots). |
83 |
</p> |
84 |
|
85 |
@@ -319,7 +329,7 @@ |
86 |
A different setting would be to require the password of the user that the |
87 |
command should be run as and not the users' personal password. This is |
88 |
accomplished using <c>runaspw</c>. In the following example we |
89 |
-also set the amount of retries (how many times the user can re-enter a password |
90 |
+also set the number of retries (how many times the user can re-enter a password |
91 |
before <c>sudo</c> fails) to <c>2</c> instead of the default 3: |
92 |
</p> |
93 |
|
94 |
@@ -334,7 +344,7 @@ |
95 |
|
96 |
<p> |
97 |
If you however want to allow a user to run a certain set of commands without |
98 |
-providing any password whatsoever, you need to prepend the commands with |
99 |
+providing any password whatsoever, you need to start the commands with |
100 |
<c>NOPASSWD:</c>, like so: |
101 |
</p> |
102 |
|
103 |
@@ -382,7 +392,7 @@ |
104 |
<p> |
105 |
By default, if a user has entered his password to authenticate himself to |
106 |
<c>sudo</c>, it is remembered for 5 minutes. If the user wants to prolong this |
107 |
-period, he can run <c>sudo -v</c> to reset the timestamp so that |
108 |
+period, he can run <c>sudo -v</c> to reset the time stamp so that |
109 |
it will take another 5 minutes before <c>sudo</c> asks for the password again. |
110 |
</p> |
111 |
|
112 |
|
113 |
|
114 |
|
115 |
-- |
116 |
gentoo-doc-cvs@g.o mailing list |