From 5f7a49fc31b7007effb5638dbd7eade8ef8537f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 12 Dec 2025 17:14:36 +0000 Subject: [PATCH 1/3] mention that logfile is not supported MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 287c40094..0956b6115 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ To avoid that and/or to get the latest version, you can use our prepackaged bina ### Ubuntu 25.10 (Questing Quokka) -sudo-rs is installed and enabled by default; you can control which sudo version is being used by running +sudo-rs is installed and enabled by default; you can control which sudo version is being used by running ```sh update-alternatives --config sudo ``` @@ -70,7 +70,7 @@ We are maintaining the FreeBSD port of sudo-rs ourselves, which is available in pkg install sudo-rs ``` To get sudo-rs using the commands `sudo`, `visudo` and `sudoedit`. This conflicts with the `security/sudo` package and so you cannot have both -installed at the same time. +installed at the same time. Alternatively, ``` @@ -206,6 +206,7 @@ Exceptions to the above, with respect to your `/etc/sudoers` configuration: compatibility reasons. * `timestamp_type` is always set at `tty`. * `sudoedit_checkdir` is always `on`, and `sudoedit_follow` is always `off`. +* `logfile` is not supported --- logging is always done via syslog. Some other notable restrictions to be aware of: From a45386dc859111b01333439ce5634de70e374ce2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 12 Dec 2025 17:15:29 +0000 Subject: [PATCH 2/3] remove mentions of exempt_group MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- docs/man/sudoers.5.man | 3 --- docs/man/sudoers.5.md | 2 -- 2 files changed, 5 deletions(-) diff --git a/docs/man/sudoers.5.man b/docs/man/sudoers.5.man index 8a489fa91..d88a594f6 100644 --- a/docs/man/sudoers.5.man +++ b/docs/man/sudoers.5.man @@ -539,9 +539,6 @@ entry would be: queen rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .EE .PP -Note, however, that the PASSWD tag has no effect on users who are in the -group specified by the exempt_group setting. -.PP By default, if the NOPASSWD tag is applied to any of a user\[cq]s entries for the current host, the user will be able to run \[lq]sudo \-l\[rq] without a password. diff --git a/docs/man/sudoers.5.md b/docs/man/sudoers.5.md index 05ecbede2..f73d441a2 100644 --- a/docs/man/sudoers.5.md +++ b/docs/man/sudoers.5.md @@ -290,8 +290,6 @@ would allow the user queen to run /bin/kill, /bin/ls, and /usr/bin/lprm as root queen rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm -Note, however, that the PASSWD tag has no effect on users who are in the group specified by the exempt_group setting. - By default, if the NOPASSWD tag is applied to any of a user's entries for the current host, the user will be able to run “sudo -l” without a password. Additionally, a user may only run “sudo -v” without a password if all of the user's entries for the current host have the NOPASSWD tag. ### SETENV and NOSETENV From 603c116f74853d87fe377b375be827e4e8dfb530 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 15 Dec 2025 10:11:58 +0000 Subject: [PATCH 3/3] revert man file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- docs/man/sudoers.5.man | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/man/sudoers.5.man b/docs/man/sudoers.5.man index d88a594f6..8a489fa91 100644 --- a/docs/man/sudoers.5.man +++ b/docs/man/sudoers.5.man @@ -539,6 +539,9 @@ entry would be: queen rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm .EE .PP +Note, however, that the PASSWD tag has no effect on users who are in the +group specified by the exempt_group setting. +.PP By default, if the NOPASSWD tag is applied to any of a user\[cq]s entries for the current host, the user will be able to run \[lq]sudo \-l\[rq] without a password.