some questions/observations about sudo

[Robert P. J. Day]

  a couple questions about sudo, and some comments on the man page for
sudoers, which could be fixed to make it a bit clearer.  (my version
is sudo-1.6.7p5-2 under the latest red hat beta).



man page (very top)

  "The sudoers file is composed of two types of entries: aliases (basi-
  cally variables) and user specifications (which specify who may run
  what)." 

  not really, it also contains the "Defaults" entries, no?  those
  don't seem to qualify as either of these two categories.



man page:
----
User_List ::= User |
              User , User_List

        User ::= â!â* username |
                 â!â* â% group |
                 â!â* â+ânetgroup |
                 â!â* User_Alias

       A User_List is made up of one or more usernames, uids (prefixed 
with # .....
---

  a couple observations.  first, the ENNF for a User_List could just 
have easily have been written as

  User_List ::= User (, User)*

which would seem to be simpler and more obvious.  in fact, a later
production in the same man page uses this format.

  second observation is that the rule doesn't mention the #UIDs, which
are referred to immediately below.  (just below that, the Runas_User
rule claims that it differs from a User in that it supports #UIDs.  so
there's definitely some confusion here.) 



man page : Defaults

  the rules for Default_Type, Default_Entry and Parameter do not define
the "Parameter_List" rule.

  also, it would be useful to have more examples of parameters and
parameter lists.  for instance, there isn't a single example of how to
use the += and -= operators for lists, which would be *really* handy,
as i'm still not sure what i'd do with those operators.  a single example
would go a long way to clearing that up.


rday