swift 05/08/02 17:48:20 Modified: xml/htdocs/doc/en/draft sudo-guide.xml Log: Fix spelling mistakes, add %group information
Revision Changes Path 1.2 +19 -9 xml/htdocs/doc/en/draft/sudo-guide.xml file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/draft/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo Index: sudo-guide.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- sudo-guide.xml 2 Aug 2005 16:14:21 -0000 1.1 +++ sudo-guide.xml 2 Aug 2005 17:48:20 -0000 1.2 @@ -1,6 +1,6 @@ <?xml version='1.0' encoding="UTF-8"?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.1 2005/08/02 16:14:21 swift Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/draft/sudo-guide.xml,v 1.2 2005/08/02 17:48:20 swift Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> @@ -34,7 +34,7 @@ <p> The <c>app-admin/sudo</c> package allows the system administrator to grant permission to other users to execute one or more applications they would -normally have no access to. Unlike using the <e>setuid</e> bit on these +normally have no right to. Unlike using the <e>setuid</e> bit on these applications <c>sudo</c> gives a more fine-grained control on <e>who</e> can execute a certain command and <e>when</e>. </p> @@ -57,7 +57,7 @@ <p> One additional advantage of <c>sudo</c> is that it can log any attempt -(succesful or not) to run an application. This is very useful if you want to +(successful or not) to run an application. This is very useful if you want to track who made that one fatal mistake that took you 10 hours to fix :) </p> @@ -126,6 +126,16 @@ </pre> <p> +The user name can also be substituted with a group name - in this case you should +start the group name with a <c>%</c> sign. For instance, to allow any one in +the <c>wheel</c> group to execute <c>emerge</c>: +</p> + +<pre caption="Allowing the wheel group members to execute emerge"> +%wheel localhost = /usr/bin/emerge +</pre> + +<p> You can extend the line to allow for several commands (instead of making a single entry for each command). For instance, to allow the same user to not only run <c>emerge</c> but also <c>ebuild</c> and <c>emerge-webrsync</c> as root: @@ -297,8 +307,8 @@ </p> <p> -Of course, this behaviour can be changed: you can set the <c>Defaults:</c> -directive in <path>/etc/sudoers</path> to change the default behaviour for a +Of course, this behavior can be changed: you can set the <c>Defaults:</c> +directive in <path>/etc/sudoers</path> to change the default behavior for a user. </p> @@ -311,7 +321,7 @@ </pre> <p> -A setting of <c>-1</c> would remember the password indefinately (until the +A setting of <c>-1</c> would remember the password indefinitely (until the system reboots). </p> @@ -319,7 +329,7 @@ A different setting would be to require the password of the user that the command should be run as and not the users' personal password. This is accomplished using <c>runaspw</c>. In the following example we -also set the amount of retries (how many times the user can re-enter a password +also set the number of retries (how many times the user can re-enter a password before <c>sudo</c> fails) to <c>2</c> instead of the default 3: </p> @@ -334,7 +344,7 @@ <p> If you however want to allow a user to run a certain set of commands without -providing any password whatsoever, you need to prepend the commands with +providing any password whatsoever, you need to start the commands with <c>NOPASSWD:</c>, like so: </p> @@ -382,7 +392,7 @@ <p> By default, if a user has entered his password to authenticate himself to <c>sudo</c>, it is remembered for 5 minutes. If the user wants to prolong this -period, he can run <c>sudo -v</c> to reset the timestamp so that +period, he can run <c>sudo -v</c> to reset the time stamp so that it will take another 5 minutes before <c>sudo</c> asks for the password again. </p> -- [email protected] mailing list
