swift 11/08/14 17:58:51 Modified: sudo-guide.xml Log: Sudoers does not care frmo where you are logged on. The hostname field is for the system on which the command is executed. Thanks to Chris X Edwards (chris xed ch) for reporting
Revision Changes Path 1.13 xml/htdocs/doc/en/sudo-guide.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.13&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/sudo-guide.xml?rev=1.13&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/sudo-guide.xml?r1=1.12&r2=1.13 Index: sudo-guide.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- sudo-guide.xml 19 May 2008 20:45:27 -0000 1.12 +++ sudo-guide.xml 14 Aug 2011 17:58:50 -0000 1.13 @@ -1,6 +1,6 @@ <?xml version='1.0' encoding="UTF-8"?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.12 2008/05/19 20:45:27 swift Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.13 2011/08/14 17:58:50 swift Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> @@ -22,8 +22,8 @@ <!-- See http://creativecommons.org/licenses/by-sa/2.5 --> <license/> -<version>1.6</version> -<date>2006-07-14</date> +<version>2</version> +<date>2011-08-13</date> <chapter> <title>About Sudo</title> @@ -44,9 +44,7 @@ application. If you would set the setuid bit, any user would be able to run this application (or any user of a certain group, depending on the permissions used). You can (and probably even should) require the user to provide a password when -he wants to execute the application and you can even fine-tune the permissions -based on the user's location: logged on from the system itself or through SSH -from a remote site. +he wants to execute the application. </p> </body> @@ -120,16 +118,20 @@ <p> This syntax tells <c>sudo</c> that the user, identified by <e>user</e> and -logged on through the system <e>host</e> can execute any of the commands listed +logged in on the system <e>host</e> can execute any of the commands listed in <e>commands</e> as the root user. A more real-life example might make this more clear: allow the user <e>swift</e> to execute <c>emerge</c> if he is logged -on from the system (not through SSH): +in on localhost: </p> <pre caption="Live /etc/sudoers examples"> swift localhost = /usr/bin/emerge </pre> +<note> +The hostname must match what the <c>hostname</c> command returns. +</note> + <p> A <brite>big warning</brite> is in place though: do not allow a user to run an application that can allow people to elevate privileges. For instance, allowing
