swift 08/05/19 20:45:27 Modified: sudo-guide.xml Log: Coding style
Revision Changes Path 1.12 xml/htdocs/doc/en/sudo-guide.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.12&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/sudo-guide.xml?r1=1.11&r2=1.12 Index: sudo-guide.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- sudo-guide.xml 29 Nov 2006 15:48:57 -0000 1.11 +++ sudo-guide.xml 19 May 2008 20:45:27 -0000 1.12 @@ -1,6 +1,6 @@ <?xml version='1.0' encoding="UTF-8"?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.11 2006/11/29 15:48:57 nightmorph Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.12 2008/05/19 20:45:27 swift Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> @@ -12,7 +12,7 @@ </author> <abstract> -When you want some people to perform certain administrative steps on your +When you want some people to perform certain administrative steps on your system without granting them total root access, using sudo is your best option. With sudo you can control who can do what. This guide offers you a small introduction to this wonderful tool. @@ -45,7 +45,7 @@ application (or any user of a certain group, depending on the permissions used). You can (and probably even should) require the user to provide a password when he wants to execute the application and you can even fine-tune the permissions -based on the user's location: logged on from the system itself or through SSH +based on the user's location: logged on from the system itself or through SSH from a remote site. </p> @@ -71,7 +71,7 @@ The <c>sudo</c> configuration is managed by the <path>/etc/sudoers</path> file. This file should never be edited through <c>nano /etc/sudoers</c> or <c>vim /etc/sudoers</c> or any other editor you might like. When you want -to alter this file, you should use <c>visudo</c>. +to alter this file, you should use <c>visudo</c>. </p> <p> @@ -133,8 +133,8 @@ <p> A <brite>big warning</brite> is in place though: do not allow a user to run an application that can allow people to elevate privileges. For instance, allowing -users to execute <c>emerge</c> as root can indeed grant them full root access -to the system because <c>emerge</c> can be manipulated to change the live file +users to execute <c>emerge</c> as root can indeed grant them full root access +to the system because <c>emerge</c> can be manipulated to change the live file system to the user's advantage. If you do not trust your <c>sudo</c> users, don't grant them any rights. </p> @@ -144,8 +144,8 @@ --> <p> -The user name can also be substituted with a group name - in this case you -should start the group name with a <c>%</c> sign. For instance, to allow any +The user name can also be substituted with a group name - in this case you +should start the group name with a <c>%</c> sign. For instance, to allow any one in the <c>wheel</c> group to execute <c>emerge</c>: </p> @@ -165,10 +165,10 @@ <p> You can also specify a precise command and not only the tool itself. This is -useful to restrict the use of a certain tool to a specified set of command options. -The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob characters) -to be used in pathnames as well as command line arguments in the sudoers file. -Note that these are <e>not</e> regular expressions. +useful to restrict the use of a certain tool to a specified set of command +options. The <c>sudo</c> tool allows shell-style wildcards (AKA meta or glob +characters) to be used in pathnames as well as command line arguments in the +sudoers file. Note that these are <e>not</e> regular expressions. </p> <p> @@ -227,7 +227,7 @@ <p> One alias that always works, for any position, is the <c>ALL</c> alias (to make a good distinction between aliases and non-aliases it is recommended to use -capital letters for aliases). As you might undoubtedly have guessed, the +capital letters for aliases). As you might undoubtedly have guessed, the <c>ALL</c> alias is an alias to all possible settings. </p> @@ -279,7 +279,7 @@ </p> <p> -Inside <path>/etc/sudoers</path> you list the user(s) in between +Inside <path>/etc/sudoers</path> you list the user(s) in between <c>(</c> and <c>)</c> before the command listing: </p> @@ -347,7 +347,7 @@ <p> A different setting would be to require the password of the user that the -command should be run as and not the users' personal password. This is +command should be run as and not the users' personal password. This is accomplished using <c>runaspw</c>. In the following example we also set the number of retries (how many times the user can re-enter a password before <c>sudo</c> fails) to <c>2</c> instead of the default 3: -- [email protected] mailing list
