Bonjour, On 29/11/2012 18:07, JP Guillonneau wrote: > relecture du diff, suggestions appliquées au fichier entier. Merci JP, tout a été intégré. Amicalement, Thomas
# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # msgid "" msgstr "" "Project-Id-Version: sudo manpages\n" "POT-Creation-Date: 2012-10-13 15:23+0300\n" "PO-Revision-Date: 2012-11-25 01:55+0100\n" "Last-Translator: Olivier Bonhomme <obonhomme@nerim.net>\n" "Language-Team: French <debian-l10n-french@lists.debian.org>\n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "X-Generator: Pootle 2.1.4\n" #. type: =head1 #: C/sudoers.ldap.pod:19 C/sudoers.pod:23 C/sudo.pod:23 C/sudoreplay.pod:18 #: C/visudo.pod:23 msgid "NAME" msgstr "NOM" #. type: textblock #: C/sudoers.ldap.pod:21 msgid "sudoers.ldap - sudo LDAP configuration" msgstr "sudoers.ldap - Configuration LDAP pour sudo" #. type: =head1 #: C/sudoers.ldap.pod:23 C/sudoers.pod:27 C/sudo.pod:57 C/sudoreplay.pod:28 #: C/visudo.pod:31 msgid "DESCRIPTION" msgstr "DESCRIPTION" #. type: textblock #: C/sudoers.ldap.pod:25 msgid "" "In addition to the standard I<sudoers> file, B<sudo> may be configured via " "LDAP. This can be especially useful for synchronizing I<sudoers> in a " "large, distributed environment." msgstr "" "En complément du fichier I<sudoers> standard, B<sudo> peut être configuré " "par LDAP. Cela peut être particulièrement utile pour synchroniser I<sudoers> " "dans un environnement largement distribué." #. type: textblock #: C/sudoers.ldap.pod:29 msgid "Using LDAP for I<sudoers> has several benefits:" msgstr "Utiliser LDAP pour I<sudoers> présente plusieurs avantages : " #. type: =item #: C/sudoers.ldap.pod:33 C/sudoers.ldap.pod:40 C/sudoers.ldap.pod:48 #: C/sudoers.ldap.pod:56 C/sudoers.pod:255 C/sudoers.pod:259 C/sudoers.pod:263 msgid "*" msgstr "*" #. type: textblock #: C/sudoers.ldap.pod:35 msgid "" "B<sudo> no longer needs to read I<sudoers> in its entirety. When LDAP is " "used, there are only two or three LDAP queries per invocation. This makes " "it especially fast and particularly usable in LDAP environments." msgstr "" "B<sudo> n'a plus besoin de lire I<sudoers> dans son intégralité. Lorsque " "LDAP est utilisé, il y a uniquement deux ou trois requêtes LDAP par appel. " "Cela rend B<sudo> rapide et surtout utilisable dans des environnements LDAP." #. type: textblock #: C/sudoers.ldap.pod:42 msgid "" "B<sudo> no longer exits if there is a typo in I<sudoers>. It is not " "possible to load LDAP data into the server that does not conform to the " "sudoers schema, so proper syntax is guaranteed. It is still possible to " "have typos in a user or host name, but this will not prevent B<sudo> from " "running." msgstr "" "B<sudo> est inopérant s'il existe une faute de frappe dans I<sudoers>. Il " "n'est pas possible de charger des données LDAP dans le serveur qui ne " "respectent pas le schéma sudoers, ce qui garantit une syntaxe propre. Il est " "toujours possible d'avoir des fautes de frappe dans un nom d'utilisateur ou " "de machine, mais cela n'empêchera pas B<sudo> de fonctionner." #. type: textblock #: C/sudoers.ldap.pod:50 msgid "" "It is possible to specify per-entry options that override the global default " "options. F<@sysconfdir@/sudoers> only supports default options and limited " "options associated with user/host/commands/aliases. The syntax is " "complicated and can be difficult for users to understand. Placing the " "options directly in the entry is more natural." msgstr "" "Il est possible de préciser pour chaque entrée des options qui outrepassent " "les options globales par défaut. F<@sysconfdir@/sudoers> gère uniquement les " "options par défaut ainsi que les options limitées associées avec les " "directives utilisateur/hôte/commandes/alias. La syntaxe est compliquée et " "peut être difficile à comprendre pour les utilisateurs. Placer les options " "directement dans une entrée est plus naturel." #. type: textblock #: C/sudoers.ldap.pod:58 msgid "" "The B<visudo> program is no longer needed. B<visudo> provides locking and " "syntax checking of the F<@sysconfdir@/sudoers> file. Since LDAP updates are " "atomic, locking is no longer necessary. Because syntax is checked when the " "data is inserted into LDAP, there is no need for a specialized tool to check " "syntax." msgstr "" "Le programme B<visudo> n'est plus nécessaire. B<visudo> fournit un " "verrouillage et une vérification de syntaxe du fichier <@sysconfdir@/" "sudoers>. Ã?tant donné que les mises à jour de LDAP sont atomiques, le " "verrouillage n'est plus nécessaire. Parce que la syntaxe est vérifiée " "lorsque les données sont insérées dans LDAP, il n'y a pas besoin d'un outil " "spécialisé pour vérifier la syntaxe." #. type: textblock #: C/sudoers.ldap.pod:66 msgid "" "Another major difference between LDAP and file-based I<sudoers> is that in " "LDAP, B<sudo>-specific Aliases are not supported." msgstr "" "Une autre différence majeure entre LDAP et le fichier I<sudoers> est que " "dans LDAP, les alias spécifiques B<sudo> ne sont pas pris en charge." #. type: textblock #: C/sudoers.ldap.pod:69 msgid "" "For the most part, there is really no need for B<sudo>-specific Aliases. " "Unix groups or user netgroups can be used in place of User_Aliases and " "Runas_Aliases. Host netgroups can be used in place of Host_Aliases. Since " "Unix groups and netgroups can also be stored in LDAP there is no real need " "for B<sudo>-specific aliases." msgstr "" "Dans la plupart des cas, il n'y a pas réellement besoin des alias " "spécifiques B<sudo>. Les groupes Unix ou bien les groupes réseaux " "utilisateurs (« users netgroups ») peuvent être utilisés en lieu et place de " "« User_Aliases » et de « Runas_Aliases ». Les groupes réseau machines (« " "host netgroups ») peuvent être utilisés en lieu et place de " "« Host_Aliases ». Ã?tant donné que les groupes Unix et les groupes réseau " "peuvent être stockés dans LDAP, il n'y a pas de besoin réel pour les alias " "spécifiques B<sudo>." #. type: textblock #: C/sudoers.ldap.pod:75 msgid "" "Cmnd_Aliases are not really required either since it is possible to have " "multiple users listed in a C<sudoRole>. Instead of defining a Cmnd_Alias " "that is referenced by multiple users, one can create a C<sudoRole> that " "contains the commands and assign multiple users to it." msgstr "" "Les alias de type « Cmnd_Aliases » ne sont pas réellement requis étant donné " "qu'il est possible d'avoir plusieurs utilisateurs listés dans un " "C<sudoRole>. Au lieu de définir une instruction « Cmnd_Aliases » qui est " "référencée par de multiples utilisateurs, on peut créer un objet C<sudoRole> " "contenant les commandes et assigner à celui-ci plusieurs utilisateurs." #. type: =head2 #: C/sudoers.ldap.pod:81 msgid "SUDOers LDAP container" msgstr "Conteneur SUDOers LDAP" #. type: textblock #: C/sudoers.ldap.pod:83 msgid "" "The I<sudoers> configuration is contained in the C<ou=SUDOers> LDAP " "container." msgstr "" "La configuration I<sudoers> est contenue dans le conteneur LDAP " "C<ou=SUDOers>." #. type: textblock #: C/sudoers.ldap.pod:86 msgid "" "Sudo first looks for the C<cn=default> entry in the SUDOers container. If " "found, the multi-valued C<sudoOption> attribute is parsed in the same manner " "as a global C<Defaults> line in F<@sysconfdir@/sudoers>. In the following " "example, the C<SSH_AUTH_SOCK> variable will be preserved in the environment " "for all users." msgstr "" "Sudo cherche en premier une entrée C<cn=defaults> dans le conteneur SUDOers. " "Si une entrée est trouvée, l'attribut multivalué C<sudoOption> est analysé " "de la même manière que la ligne de configuration globale C<Defaults> dans " "F<@sysconfdir@/sudoers>. Dans l'exemple suivant, la variable " "C<SSH_AUTH_SOCK> sera préservée dans l'environnement pour tous les " "utilisateurs." #. type: verbatim #: C/sudoers.ldap.pod:92 #, no-wrap msgid "" " dn: cn=defaults,ou=SUDOers,dc=example,dc=com\n" " objectClass: top\n" " objectClass: sudoRole\n" " cn: defaults\n" " description: Default sudoOption's go here\n" " sudoOption: env_keep+=SSH_AUTH_SOCK\n" " \n" msgstr "" " dn: cn=defaults,ou=SUDOers,dc=example,dc=com\n" " objectClass: top\n" " objectClass: sudoRole\n" " cn: defaults\n" " description: Les options de sudo par défaut sont stockées ici.\n" " sudoOption: env_keep+=SSH_AUTH_SOCK\n" " \n" #. type: textblock #: C/sudoers.ldap.pod:99 msgid "" "The equivalent of a sudoer in LDAP is a C<sudoRole>. It consists of the " "following attributes:" msgstr "" "L'équivalent d'un sudoer dans LDAP est un objet C<sudoRole>. Il est " "constitué des attributs suivants :" #. type: =item #: C/sudoers.ldap.pod:104 msgid "B<sudoUser>" msgstr "B<sudoUser>" #. type: textblock #: C/sudoers.ldap.pod:106 msgid "" "A user name, user ID (prefixed with C<'#'>), Unix group (prefixed with " "C<'%'>), Unix group ID (prefixed with C<'%#'>), or user netgroup (prefixed " "with C<'+'>)." msgstr "" "Un nom d'utilisateur, un identifiant d'utilisateur (préfixé avec C<'#'>), un " "groupe Unix (préfixé avec un C<'%'>), un identifiant de groupe Unix (préfixé " "avec un C<'%#'>), ou un « netgroup » utilisateur (préfixé avec un C<'+'>)." #. type: =item #: C/sudoers.ldap.pod:110 msgid "B<sudoHost>" msgstr "B<sudoHost>" #. type: textblock #: C/sudoers.ldap.pod:112 msgid "" "A host name, IP address, IP network, or host netgroup (prefixed with a " "C<'+'>). The special value C<ALL> will match any host." msgstr "" "Un nom d'hôte, une adresse IP, un réseau IP, ou bien un « netgroup » machine " "(préfixé avec un C<'+'>). La valeur spéciale C<ALL> correspondra à n'importe " "quel hôte." #. type: =item #: C/sudoers.ldap.pod:116 msgid "B<sudoCommand>" msgstr "B<sudoCommand>" #. type: textblock #: C/sudoers.ldap.pod:118 msgid "" "A Unix command with optional command line arguments, potentially including " "globbing characters (aka wild cards). The special value C<ALL> will match " "any command. If a command is prefixed with an exclamation point C<'!'>, the " "user will be prohibited from running that command." msgstr "" "Une commande Unix avec des paramètres optionnels passés en ligne de " "commande, incluant potentiellement des caractères permettant de représenter " "des motifs (connus également sous le nom de caractères de remplacement). La " "valeur spéciale C<ALL> correspondra à n'importe quelle commande. Si une " "commande est préfixée avec un point d'exclamation C<'!'>, l'utilisateur sera " "interdit d'exécuter cette commande." #. type: =item #: C/sudoers.ldap.pod:124 msgid "B<sudoOption>" msgstr "B<sudoOption>" #. type: textblock #: C/sudoers.ldap.pod:126 msgid "" "Identical in function to the global options described above, but specific to " "the C<sudoRole> in which it resides." msgstr "" "Identique en fonction des options globales décrites ci-dessus, mais " "spécifique au C<sudoRole> dans lequel il réside." #. type: =item #: C/sudoers.ldap.pod:129 msgid "B<sudoRunAsUser>" msgstr "B<sudoRunAsUser>" #. type: textblock #: C/sudoers.ldap.pod:131 msgid "" "A user name or uid (prefixed with C<'#'>) that commands may be run as or a " "Unix group (prefixed with a C<'%'>) or user netgroup (prefixed with a " "C<'+'>) that contains a list of users that commands may be run as. The " "special value C<ALL> will match any user." msgstr "" "Un nom d'utilisateur ou uid (préfixé avec <'#'>) en tant que lequel les " "commandes peuvent être exécutées ou bien un groupe Unix (préfixé avec " "C<'%'>) ou un « netgroup » utilisateur (préfixé avec un C<'+'>) contenant " "une liste d'utilisateurs en tant que lesquels les commandes peuvent être " "exécutées. La valeur spéciale C<ALL> correspondra à n'importe quel " "utilisateur." #. type: textblock #: C/sudoers.ldap.pod:137 msgid "" "The C<sudoRunAsUser> attribute is only available in B<sudo> versions 1.7.0 " "and higher. Older versions of B<sudo> use the C<sudoRunAs> attribute " "instead." msgstr "" "L'attribut C<sudoRunAsUser> n'est disponible que depuis la version 1.7.0 de " "B<sudo>. Les versions plus anciennes de B<sudo> utilisent C<sudoRunAs> à la " "place." #. type: =item #: C/sudoers.ldap.pod:141 msgid "B<sudoRunAsGroup>" msgstr "B<sudoRunAsGroup>" #. type: textblock #: C/sudoers.ldap.pod:143 msgid "" "A Unix group or gid (prefixed with C<'#'>) that commands may be run as. The " "special value C<ALL> will match any group." msgstr "" "Un groupe Unix ou un gid (préfixé avec C<'#'>) en tant que lequel les " "commandes peuvent être exécutées. La valeur spéciale C<ALL> correspondra à " "n'importe quel groupe." #. type: textblock #: C/sudoers.ldap.pod:146 msgid "" "The C<sudoRunAsGroup> attribute is only available in B<sudo> versions 1.7.0 " "and higher." msgstr "" "L'attribut C<sudoRunAsGroup> n'est disponible que depuis la version 1.7.0 de " "B<sudo>." #. type: =item #: C/sudoers.ldap.pod:149 msgid "B<sudoNotBefore>" msgstr "B<sudoNotBefore>" #. type: textblock #: C/sudoers.ldap.pod:151 msgid "" "A timestamp in the form C<yyyymmddHHMMSSZ> that can be used to provide a " "start date/time for when the C<sudoRole> will be valid. If multiple " "C<sudoNotBefore> entries are present, the earliest is used. Note that " "timestamps must be in Coordinated Universal Time (UTC), not the local " "timezone. The minute and seconds portions are optional, but some LDAP " "servers require that they be present (contrary to the RFC)." msgstr "" "Un horodatage de la forme C<aaaammjjHHMMSSZ> peut être utilisé pour fournir " "une date à partir de laquelle le C<sudoRole> sera valide. En présence de " "plusieurs entrées C<sudoNotBefore>, celle ayant la date la plus antérieure " "est utilisée. Veuillez noter que les horodatages doivent être indiqués en " "temps coordonné universel (UTC) et non dans la zone horaire locale. " "L'indication des minutes et secondes est optionnelle mais il se peut que " "certains serveurs LDAP l'exigent (contrairement à ce qu'indique la RFC)." #. type: textblock #: C/sudoers.ldap.pod:158 msgid "" "The C<sudoNotBefore> attribute is only available in B<sudo> versions 1.7.5 " "and higher and must be explicitly enabled via the B<SUDOERS_TIMED> option in " "F<@ldap_conf@>." msgstr "" "L'attribut C<sudoNotBefore> n'est disponible que depuis la version 1.7.5 de " "B<sudo> et doit être activé explicitement grâce à l'option B<SUDOERS_TIMED> " "dans F<@ldap_conf@>." #. type: =item #: C/sudoers.ldap.pod:162 msgid "B<sudoNotAfter>" msgstr "B<sudoNotAfter>" # FIXME: to be reported to sudo: typo, read sudoNotAfter instead of sudoNotBefore #. type: textblock #: C/sudoers.ldap.pod:164 msgid "" "A timestamp in the form C<yyyymmddHHMMSSZ> that indicates an expiration date/" "time, after which the C<sudoRole> will no longer be valid. If multiple " "C<sudoNotBefore> entries are present, the last one is used. Note that " "timestamps must be in Coordinated Universal Time (UTC), not the local " "timezone. The minute and seconds portions are optional, but some LDAP " "servers require that they be present (contrary to the RFC)." msgstr "" "Un horodatage de la forme C<aaaammjjHHMMSSZ> qui indique une date " "d'expiration après laquelle le C<sudoRole> ne sera plus valide. En présence " "de plusieurs entrées C<sudoNotAfter>, celle ayant la date la plus récente " "est utilisée. Veuillez noter que les horodatages doivent être indiqués en " "temps coordonné universel (UTC) et non dans la zone horaire locale. " "L'indication des minutes et secondes est optionnelle mais il se peut que " "certains serveurs LDAP l'exigent (contrairement à ce qu'indique la RFC)." #. type: textblock #: C/sudoers.ldap.pod:171 msgid "" "The C<sudoNotAfter> attribute is only available in B<sudo> versions 1.7.5 " "and higher and must be explicitly enabled via the B<SUDOERS_TIMED> option in " "F<@ldap_conf@>." msgstr "" "L'attribut C<sudoNotAfter> n'est disponible que depuis la version 1.7.5 de " "B<sudo> est doit être activé explicitement grâce à l'option B<SUDOERS_TIMED> " "dans F<@ldap_conf@>." #. type: =item #: C/sudoers.ldap.pod:175 msgid "B<sudoOrder>" msgstr "B<sudoOrder>" #. type: textblock #: C/sudoers.ldap.pod:177 msgid "" "The C<sudoRole> entries retrieved from the LDAP directory have no inherent " "order. The C<sudoOrder> attribute is an integer (or floating point value " "for LDAP servers that support it) that is used to sort the matching " "entries. This allows LDAP-based sudoers entries to more closely mimic the " "behaviour of the sudoers file, where the of the entries influences the " "result. If multiple entries match, the entry with the highest C<sudoOrder> " "attribute is chosen. This corresponds to the \"last match\" behavior of the " "sudoers file. If the C<sudoOrder> attribute is not present, a value of 0 is " "assumed." msgstr "" "Les entrées C<sudoRole> récupérées depuis le répertoire LDAP n'ont pas " "d'ordre. L'attribut C<sudoOrder> est un entier (ou un nombre en virgule " "flottante pour les serveurs LDAP qui le gèrent) utilisé pour ordonner les " "entrées concordantes. Cela permet aux entrées sudoers basées sur LDAP de " "mieux imiter le comportement du fichier sudoers, où l'ordre des entrées a " "une influence sur le résultat. Si plusieurs entrées correspondent, celle " "ayant l'attribut C<sudoOrder> le plus élevé est choisie. Cela correspond au " "comportement « dernière correspondance » du fichier sudoers. Si l'attribut " "C<sudoOrder> est absent, il est considéré comme valant 0." #. type: textblock #: C/sudoers.ldap.pod:187 msgid "" "The C<sudoOrder> attribute is only available in B<sudo> versions 1.7.5 and " "higher." msgstr "" "L'attribut C<sudoOrder> n'est disponible que depuis la version 1.7.5 de " "B<sudo>." #. type: textblock #: C/sudoers.ldap.pod:192 msgid "" "Each attribute listed above should contain a single value, but there may be " "multiple instances of each attribute type. A C<sudoRole> must contain at " "least one C<sudoUser>, C<sudoHost> and C<sudoCommand>." msgstr "" "Chaque attribut listé ci-dessus devrait contenir une seule valeur, mais il " "peut y avoir de multiples instances de chaque type d'attribut. Un objet " "C<sudoRole> doit contenir au moins un objet C<sudoUser>, un objet " "C<sudoHost> et un objet C<sudoCommand>." #. type: textblock #: C/sudoers.ldap.pod:196 msgid "" "The following example allows users in group wheel to run any command on any " "host via B<sudo>:" msgstr "" "L'exemple suivant permet aux utilisateurs du groupe wheel d'exécuter " "n'importe quelle commande sur n'importe quel hôte par B<sudo> :" #. type: verbatim #: C/sudoers.ldap.pod:199 #, no-wrap msgid "" " dn: cn=%wheel,ou=SUDOers,dc=example,dc=com\n" " objectClass: top\n" " objectClass: sudoRole\n" " cn: %wheel\n" " sudoUser: %wheel\n" " sudoHost: ALL\n" " sudoCommand: ALL\n" "\n" msgstr "" " dn: cn=%wheel,ou=SUDOers,dc=exemple,dc=com\n" " objectClass: top\n" " objectClass: sudoRole\n" " cn: %wheel\n" " sudoUser: %wheel\n" " sudoHost: ALL\n" " sudoCommand: ALL\n" "\n" #. type: =head2 #: C/sudoers.ldap.pod:207 msgid "Anatomy of LDAP sudoers lookup" msgstr "Anatomie d'une recherche sudoers LDAP" #. type: textblock #: C/sudoers.ldap.pod:209 msgid "" "When looking up a sudoer using LDAP there are only two or three LDAP queries " "per invocation. The first query is to parse the global options. The second " "is to match against the user's name and the groups that the user belongs " "to. (The special ALL tag is matched in this query too.) If no match is " "returned for the user's name and groups, a third query returns all entries " "containing user netgroups and checks to see if the user belongs to any of " "them." msgstr "" "Lorsque vous cherchez un sudoer utilisant LDAP, il y a seulement deux ou " "trois requêtes LDAP par appel. La première requête consiste à analyser les " "options globales. La seconde est la correspondance entre le nom " "d'utilisateur et les groupes auxquels l'utilisateur appartient (la balise " "spéciale ALL correspond à cette requête aussi). Si aucune correspondance " "n'est retournée pour le nom d'utilisateur et les groupes, une troisième " "requête renvoie toutes les entrées contenant des « netgroups » utilisateurs " "et vérifie si l'utilisateur appartient à l'un d'eux." #. type: textblock #: C/sudoers.ldap.pod:217 msgid "" "If timed entries are enabled with the B<SUDOERS_TIMED> configuration " "directive, the LDAP queries include a subfilter that limits retrieval to " "entries that satisfy the time constraints, if any." msgstr "" "Si les entrées datées sont activées avec la directive de configuration " "B<SUDOERS_TIMED>, les requêtes LDAP incluent un filtre qui limite la " "récupération aux entrées satisfaisant les contraintes de temps, si elles " "existent." #. type: =head2 #: C/sudoers.ldap.pod:221 msgid "Differences between LDAP and non-LDAP sudoers" msgstr "Différences entre les sudoers LDAP et non-LDAP" #. type: textblock #: C/sudoers.ldap.pod:223 msgid "" "There are some subtle differences in the way sudoers is handled once in " "LDAP. Probably the biggest is that according to the RFC, LDAP ordering is " "arbitrary and you cannot expect that Attributes and Entries are returned in " "any specific order." msgstr "" "Il existe de subtiles différences dans la manière dont les sudoers sont " "manipulés une fois dans LDAP. La plus importante est probablement que, " "conformément à la RFC, le classement fait par LDAP est arbitraire et que " "vous ne pouvez pas vous attendre à ce que les attributs et les entrées " "soient retournés dans un ordre spécifique." #. type: textblock #: C/sudoers.ldap.pod:228 msgid "" "The order in which different entries are applied can be controlled using the " "C<sudoOrder> attribute, but there is no way to guarantee the order of " "attributes within a specific entry. If there are conflicting command rules " "in an entry, the negative takes precedence. This is called paranoid " "behavior (not necessarily the most specific match)." msgstr "" "L'ordre dans lequel les différentes entrées sont appliquées peut être " "contrôlé au moyen de l'attribut C<sudoOrder>, mais il n'est pas possible de " "garantir l'ordre des attributs dans une entrée donnée. S'il y a des règles " "de gestion en conflit sur une entrée, celle négative passe en priorité. Ceci " "est appelé le comportement paranoïaque (pas nécessairement la correspondance " "la plus spécifique)." #. type: textblock #: C/sudoers.ldap.pod:235 msgid "Here is an example:" msgstr "Voici un exemple :" #. type: verbatim #: C/sudoers.ldap.pod:237 #, no-wrap msgid "" " # /etc/sudoers:\n" " # Allow all commands except shell\n" " johnny ALL=(root) ALL,!/bin/sh\n" " # Always allows all commands because ALL is matched last\n" " puddles ALL=(root) !/bin/sh,ALL\n" "\n" msgstr "" " # /etc/sudoers:\n" " # Autorise toutes les commandes sauf l'interpréteur\n" " johnny ALL=(root) ALL,!/bin/sh\n" " # Autorise toutes les commandes parce que la correspondance sur ALL est faite en dernier\n" " puddles ALL=(root) !/bin/sh,ALL\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:243 #, no-wrap msgid "" " # LDAP equivalent of johnny\n" " # Allows all commands except shell\n" " dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com\n" " objectClass: sudoRole\n" " objectClass: top\n" " cn: role1\n" " sudoUser: johnny\n" " sudoHost: ALL\n" " sudoCommand: ALL\n" " sudoCommand: !/bin/sh\n" "\n" msgstr "" " # Ã?quivalence LDAP pour johnny\n" " # Autorise toutes les commandes sauf l'interpréteur\n" " dn: cn=role1,ou=Sudoers,dc=mon-domaine,dc=com\n" " objectClass: sudoRole\n" " objectClass: top\n" " cn: role1\n" " sudoUser: johnny\n" " sudoHost: ALL\n" " sudoCommand: ALL\n" " sudoCommand: !/bin/sh\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:254 #, no-wrap msgid "" " # LDAP equivalent of puddles\n" " # Notice that even though ALL comes last, it still behaves like\n" " # role1 since the LDAP code assumes the more paranoid configuration\n" " dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com\n" " objectClass: sudoRole\n" " objectClass: top\n" " cn: role2\n" " sudoUser: puddles\n" " sudoHost: ALL\n" " sudoCommand: !/bin/sh\n" " sudoCommand: ALL\n" "\n" msgstr "" " # Ã?quivalence LDAP pour puddles\n" " # Ã? noter que même si ALL vient en dernier, il se comporte toujours comme\n" " # role1 étant donné que le code de LDAP suppose la configuration la plus paranoïaque\n" " dn: cn=role2,ou=Sudoers,dc=mon-domaine,dc=com\n" " objectClass: sudoRole\n" " objectClass: top\n" " cn: role2\n" " sudoUser: puddles\n" " sudoHost: ALL\n" " sudoCommand: !/bin/sh\n" " sudoCommand: ALL\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:266 msgid "" "Another difference is that negations on the Host, User or Runas are " "currently ignored. For example, the following attributes do not behave the " "way one might expect." msgstr "" "Une autre différence est que les négations sur les directives Host, User, ou " "bien RunAs sont actuellement ignorées. Par exemple, les attributs suivants " "ne se comportent pas de la manière à laquelle il faut s'attendre." #. type: verbatim #: C/sudoers.ldap.pod:270 #, no-wrap msgid "" " # does not match all but joe\n" " # rather, does not match anyone\n" " sudoUser: !joe\n" "\n" msgstr "" " # ne correspond pas à « Tout le monde sauf joe »\n" " # mais plutôt à « ne correspond à personne »\n" " sudoUser: !joe\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:274 #, no-wrap msgid "" " # does not match all but joe\n" " # rather, matches everyone including Joe\n" " sudoUser: ALL\n" " sudoUser: !joe\n" "\n" msgstr "" " # ne correspond pas à « tout le monde sauf joe »\n" " # mais plutôt à « tout le monde y compris joe »\n" " sudoUser: ALL\n" " sudoUser: !joe\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:279 #, no-wrap msgid "" " # does not match all but web01\n" " # rather, matches all hosts including web01\n" " sudoHost: ALL\n" " sudoHost: !web01\n" "\n" msgstr "" " # ne correspond pas à « Tout le monde sauf web01 »\n" " # mais plutôt à « Tous les hôtes y compris web01 »\n" " sudoHost: ALL\n" " sudoHost: !web01\n" "\n" #. type: =head2 #: C/sudoers.ldap.pod:284 msgid "Sudoers Schema" msgstr "Schéma Sudoers" #. type: textblock #: C/sudoers.ldap.pod:286 msgid "" "In order to use B<sudo>'s LDAP support, the B<sudo> schema must be installed " "on your LDAP server. In addition, be sure to index the 'sudoUser' attribute." msgstr "" "Afin d'utiliser la gestion LDAP de B<sudo>, le schéma B<sudo> doit être " "installé sur votre serveur LDAP. De plus, soyez sûr d'indexer l'attribut " "« sudoUser »." #. type: textblock #: C/sudoers.ldap.pod:290 msgid "" "Three versions of the schema: one for OpenLDAP servers (F<schema.OpenLDAP>), " "one for Netscape-derived servers (F<schema.iPlanet>), and one for Microsoft " "Active Directory (F<schema.ActiveDirectory>) may be found in the B<sudo> " "distribution." msgstr "" "Trois versions du schéma : une pour les serveurs OpenLDAP (<schema." "OpenLDAP>), une pour les serveurs dérivés de celui de Netscape (F<schema." "iPlanet>), et une pour Microsoft Active Directory (<schema.ActiveDirectory>) " "peuvent êtres trouvées dans la distribution de B<sudo>." #. type: textblock #: C/sudoers.ldap.pod:295 msgid "" "The schema for B<sudo> in OpenLDAP form is included in the L<EXAMPLES> " "section." msgstr "" "Le schéma pour B<sudo> sous la forme OpenLDAP est inclus dans la section " "L<EXEMPLES>." #. type: =head2 #: C/sudoers.ldap.pod:298 msgid "Configuring ldap.conf" msgstr "Configuration de ldap.conf" #. type: textblock #: C/sudoers.ldap.pod:300 msgid "" "Sudo reads the F<@ldap_conf@> file for LDAP-specific configuration. " "Typically, this file is shared amongst different LDAP-aware clients. As " "such, most of the settings are not B<sudo>-specific. Note that B<sudo> " "parses F<@ldap_conf@> itself and may support options that differ from those " "described in the L<ldap.conf(5)> manual." msgstr "" "Sudo lit le fichier <@ldap_conf@> pour la configuration spécifique LDAP. " "Typiquement, ce fichier est partagé parmi les différents clients utilisant " "LDAP. Ainsi, la plupart des réglages ne sont pas spécifiques à B<sudo>. Ã? " "noter que B<sudo> analyse F<@ldap_conf@> lui-même et peut prendre en charge " "des options qui diffèrent de celles décrites dans le manuel de L<ldap.conf(5)" ">." #. type: textblock #: C/sudoers.ldap.pod:306 msgid "" "Also note that on systems using the OpenLDAP libraries, default values " "specified in F</etc/openldap/ldap.conf> or the user's F<.ldaprc> files are " "not used." msgstr "" "Veuillez également noter que sur des systèmes utilisant les bibliothèques " "OpenLDAP, les valeurs précisées par défaut dans F</etc/openldap/ldap.conf> " "ou dans le fichier F<.ldaprc> de l'utilisateur ne sont pas utilisées." #. type: textblock #: C/sudoers.ldap.pod:310 msgid "" "Only those options explicitly listed in F<@ldap_conf@> as being supported by " "B<sudo> are honored. Configuration options are listed below in upper case " "but are parsed in a case-independent manner." msgstr "" "Seules ces options explicitement listées dans F<@ldap_conf@> comme étant " "prises en charge par B<sudo> sont honorées. Les options de configuration " "sont listées ci-dessous en majuscules mais sont analysées de manière " "insensible à la casse." #. type: =item #: C/sudoers.ldap.pod:316 msgid "B<URI> ldap[s]://[hostname[:port]] ..." msgstr "B<URI> ldap[s]://[nom d'hôte[:port]] ..." #. type: textblock #: C/sudoers.ldap.pod:318 msgid "" "Specifies a whitespace-delimited list of one or more URIs describing the " "LDAP server(s) to connect to. The I<protocol> may be either B<ldap> or " "B<ldaps>, the latter being for servers that support TLS (SSL) encryption. " "If no I<port> is specified, the default is port 389 for C<ldap://> or port " "636 for C<ldaps://>. If no I<hostname> is specified, B<sudo> will connect " "to B<localhost>. Multiple B<URI> lines are treated identically to a B<URI> " "line containing multiple entries. Only systems using the OpenSSL libraries " "support the mixing of C<ldap://> and C<ldaps://> URIs. The Netscape-derived " "libraries used on most commercial versions of Unix are only capable of " "supporting one or the other." msgstr "" "Spécifie une liste avec un espace blanc comme délimiteur d'une ou plusieurs " "URIs décrivant le(s) serveur(s) au(x)quel(s) se connecter. Le I<protocole> " "peut être soit B<ldap> soit B<ldaps>, ce dernier étant pour les serveurs qui " "gèrent le chiffrement TLS(SSL). Si aucun port n'est précisé, le port par " "défaut est 389 pour C<ldap://> ou 636 pour C<ldaps://>. Si aucun nom d'hôte " "n'est précisé, B<sudo> se connectera à B<localhost>. Les lignes B<URI> " "multiples sont traitées identiquement à une seule ligne B<URI> contenant de " "multiples entrées. Seuls les systèmes utilisant les bibliothèques OpenSSL " "gèrent le mélange d'URIs C<ldap://> et C<ldaps://>. Les bibliothèques " "dérivées de Netscape utilisées sur la plupart des versions commerciales " "d'Unix sont uniquement capables de gérer l'un ou l'autre." #. type: =item #: C/sudoers.ldap.pod:330 msgid "B<HOST> name[:port] ..." msgstr "B<HOST> nom[:port] ..." #. type: textblock #: C/sudoers.ldap.pod:332 msgid "" "If no B<URI> is specified, the B<HOST> parameter specifies a whitespace-" "delimited list of LDAP servers to connect to. Each host may include an " "optional I<port> separated by a colon (':'). The B<HOST> parameter is " "deprecated in favor of the B<URI> specification and is included for " "backwards compatibility." msgstr "" "Si aucune B<URI> n'est précisée, le paramètre B<HOST> précise une liste avec " "un espace blanc comme délimiteur de serveurs LDAP auxquels se connecter. " "Chaque hôte peut inclure un I<port> optionnel séparé par deux-points " "(« : »). Le paramètre B<HOST> est déconseillé en faveur de la spécification " "B<URI> et est inclus pour des raisons de compatibilité descendante." #. type: =item #: C/sudoers.ldap.pod:338 msgid "B<PORT> port_number" msgstr "B<PORT> numéro de port" #. type: textblock #: C/sudoers.ldap.pod:340 msgid "" "If no B<URI> is specified, the B<PORT> parameter specifies the default port " "to connect to on the LDAP server if a B<HOST> parameter does not specify the " "port itself. If no B<PORT> parameter is used, the default is port 389 for " "LDAP and port 636 for LDAP over TLS (SSL). The B<PORT> parameter is " "deprecated in favor of the B<URI> specification and is included for " "backwards compatibility." msgstr "" "Si aucune B<URI> n'est précisée, le paramètre B précise le port par défaut " "pour se connecter à un serveur LDAP si un paramètre B<HOST> ne précise pas " "lui-même le port. Si aucun paramètre B<PORT> n'est précisé, le port par " "défaut est 389 pour LDAP et 636 pour LDAP au-dessus de TLS (SSL). Le " "paramètre B<PORT> est déconseillé en faveur de la spécification B<URI> et est " "inclus pour des raisons de compatibilité descendante." #. type: =item #: C/sudoers.ldap.pod:347 msgid "B<BIND_TIMELIMIT> seconds" msgstr "B<BIND_TIMELIMIT> secondes" #. type: textblock #: C/sudoers.ldap.pod:349 msgid "" "The B<BIND_TIMELIMIT> parameter specifies the amount of time, in seconds, to " "wait while trying to connect to an LDAP server. If multiple B<URI>s or " "B<HOST>s are specified, this is the amount of time to wait before trying the " "next one in the list." msgstr "" "Le paramètre B<BIND_TIMELIMIT> précise la durée, en secondes, à attendre " "pour se connecter à un serveur LDAP. Si de multiples B<URI> ou B<HOST> sont " "définis, ceci est la durée à attendre avant d'essayer de se connecter au " "prochain dans la liste." #. type: =item #: C/sudoers.ldap.pod:354 msgid "B<NETWORK_TIMEOUT> seconds" msgstr "B<NETWORK_TIMEOUT> secondes" #. type: textblock #: C/sudoers.ldap.pod:356 msgid "An alias for B<BIND_TIMELIMIT> for OpenLDAP compatibility." msgstr "" "Alias du paramètre B<BIND_TIMELIMIT> destiné à la compatibilité OpenLDAP." #. type: =item #: C/sudoers.ldap.pod:358 msgid "B<TIMELIMIT> seconds" msgstr "B<TIMELIMIT> secondes" #. type: textblock #: C/sudoers.ldap.pod:360 msgid "" "The B<TIMELIMIT> parameter specifies the amount of time, in seconds, to wait " "for a response to an LDAP query." msgstr "" "Le paramètre B<TIMELIMIT> définit la durée, en secondes, à attendre pour une " "réponse à une requête LDAP." #. type: =item #: C/sudoers.ldap.pod:363 msgid "B<TIMEOUT> seconds" msgstr "B<TIMEOUT> secondes" #. type: textblock #: C/sudoers.ldap.pod:365 msgid "" "The B<TIMEOUT> parameter specifies the amount of time, in seconds, to wait " "for a response from the various LDAP APIs." msgstr "" "Le paramètre B<TIMEOUT> définit la durée, en secondes, à attendre pour une " "réponse à une requête LDAP." #. type: =item #: C/sudoers.ldap.pod:368 msgid "B<SUDOERS_BASE> base" msgstr "B<SUDOERS_BASE> base" #. type: textblock #: C/sudoers.ldap.pod:370 msgid "" "The base DN to use when performing B<sudo> LDAP queries. Typically this is " "of the form C<ou=SUDOers,dc=example,dc=com> for the domain C<example.com>. " "Multiple B<SUDOERS_BASE> lines may be specified, in which case they are " "queried in the order specified." msgstr "" "Le DN de base à utiliser lors de la réalisation des requêtes LDAP de " "B<sudo>. Typiquement, ceci est de la forme C<ou=SUDOers,dc=exemple,dc=com> " "pour le domaine C<exemple.com>. Plusieurs lignes B<SUDOERS_BASE> peuvent " "être précisées, ce qui fait que dans ce cas, ils seront interrogés dans " "l'ordre précisé." #. type: =item #: C/sudoers.ldap.pod:375 msgid "B<SUDOERS_SEARCH_FILTER> ldap_filter" msgstr "B<SUDOERS_SEARCH_FILTER> filtre_ldap" #. type: textblock #: C/sudoers.ldap.pod:377 msgid "" "An LDAP filter which is used to restrict the set of records returned when " "performing a B<sudo> LDAP query. Typically, this is of the form " "C<attribute=value> or C<(&(attribute=value)(attribute2=value2))>." msgstr "" "Un filtre LDAP utilisé pour restreindre l'ensemble des enregistrements " "renvoyés lors d'une requête LDAP B<sudo>. Typiquement, c'est de la forme " "C<attribute=value> ou C<(&(attribute=value)(attribute2=value2))>." #. type: =item #: C/sudoers.ldap.pod:381 msgid "B<SUDOERS_TIMED> on/true/yes/off/false/no" msgstr "B<SUDOERS_TIMED> on/true/yes/off/false/no" #. type: textblock #: C/sudoers.ldap.pod:383 msgid "" "Whether or not to evaluate the C<sudoNotBefore> and C<sudoNotAfter> " "attributes that implement time-dependent sudoers entries." msgstr "" "Ã?valuer ou non les attributs C<sudoNotBefore> et C<sudoNotAfter> qui " "implémentent les entrées sudoers dépendant du temps." #. type: =item #: C/sudoers.ldap.pod:386 msgid "B<SUDOERS_DEBUG> debug_level" msgstr "B<SUDOERS_DEBUG> niveau de débogage" #. type: textblock #: C/sudoers.ldap.pod:388 msgid "" "This sets the debug level for B<sudo> LDAP queries. Debugging information " "is printed to the standard error. A value of 1 results in a moderate amount " "of debugging information. A value of 2 shows the results of the matches " "themselves. This parameter should not be set in a production environment as " "the extra information is likely to confuse users." msgstr "" "Cela définit le niveau de débogage pour les requêtes LDAP de B<sudo>. " "L'information de débogage est affichée sur l'erreur standard. Une valeur de " "1 a pour résultat une quantité d'information de débogage modérée. Une valeur " "de 2 montre les résultats des correspondances. Ce paramètre ne devrait pas " "être défini dans un environnement de production vu que l'information " "supplémentaire a tendance à troubler les utilisateurs." #. type: =item #: C/sudoers.ldap.pod:395 msgid "B<BINDDN> DN" msgstr "B<BINDDN> DN" #. type: textblock #: C/sudoers.ldap.pod:397 msgid "" "The B<BINDDN> parameter specifies the identity, in the form of a " "Distinguished Name (DN), to use when performing LDAP operations. If not " "specified, LDAP operations are performed with an anonymous identity. By " "default, most LDAP servers will allow anonymous access." msgstr "" "Le paramètre B<BINDDN> spécifie, sous la forme d'un nom distinctif " "(« Distinguished Name » ou DN), l'identité à utiliser pour effectuer des " "opérations LDAP. Si ce n'est pas précisé, les opérations LDAP seront " "réalisées avec une identité anonyme. Par défaut, la plupart des serveurs " "LDAP autorisent l'accès anonyme." #. type: =item #: C/sudoers.ldap.pod:402 msgid "B<BINDPW> secret" msgstr "B<BINDPW> secret" #. type: textblock #: C/sudoers.ldap.pod:404 msgid "" "The B<BINDPW> parameter specifies the password to use when performing LDAP " "operations. This is typically used in conjunction with the B<BINDDN> " "parameter." msgstr "" "Le paramètre B<BINDPW> spécifie le mot de passe à utiliser lors des " "opérations LDAP. Il est typiquement utilisé conjointement avec le paramètre " "B<BINDDN>." #. type: =item #: C/sudoers.ldap.pod:408 msgid "B<ROOTBINDDN> DN" msgstr "B<ROOTBINDDN> DN" #. type: textblock #: C/sudoers.ldap.pod:410 msgid "" "The B<ROOTBINDDN> parameter specifies the identity, in the form of a " "Distinguished Name (DN), to use when performing privileged LDAP operations, " "such as I<sudoers> queries. The password corresponding to the identity " "should be stored in F<@ldap_secret@>. If not specified, the B<BINDDN> " "identity is used (if any)." msgstr "" "Le paramètre B<ROOTBINDDN> spécifie l'identité à utiliser, sous la forme " "d'un nom distinctif (« Distinguished Name » ou DN), afin d'effectuer des " "opérations LDAP privilégiées, telles que des requêtes I<sudoers>. Le mot de " "passe correspondant à cette identité doit être stocké dans F<@ldap_secret@>. " "S'il n'est pas spécifié, l'identité B<BINDDN> est utilisée (si elle existe)." #. type: =item #: C/sudoers.ldap.pod:416 msgid "B<LDAP_VERSION> number" msgstr "B<LDAP_VERSION> numéro" #. type: textblock #: C/sudoers.ldap.pod:418 msgid "" "The version of the LDAP protocol to use when connecting to the server. The " "default value is protocol version 3." msgstr "" "La version du protocole LDAP à utiliser lors de la connexion au serveur. La " "valeur par défaut est le protocole en version 3." #. type: =item #: C/sudoers.ldap.pod:421 msgid "B<SSL> on/true/yes/off/false/no" msgstr "B<SSL> on/true/yes/off/false/no" #. type: textblock #: C/sudoers.ldap.pod:423 msgid "" "If the B<SSL> parameter is set to C<on>, C<true> or C<yes>, TLS (SSL) " "encryption is always used when communicating with the LDAP server. " "Typically, this involves connecting to the server on port 636 (ldaps)." msgstr "" "Si le paramètre B<SSL> est défini à C<on>, C<true> ou C<yes>, le chiffrement " "TLS (SSL) sera toujours utilisé pour communiquer avec le serveur LDAP. " "Typiquement, cela implique de se connecter au serveur sur le port 636 " "(ldaps)." #. type: =item #: C/sudoers.ldap.pod:428 msgid "B<SSL> start_tls" msgstr "B<SSL> start_tls" #. type: textblock #: C/sudoers.ldap.pod:430 msgid "" "If the B<SSL> parameter is set to C<start_tls>, the LDAP server connection " "is initiated normally and TLS encryption is begun before the bind " "credentials are sent. This has the advantage of not requiring a dedicated " "port for encrypted communications. This parameter is only supported by LDAP " "servers that honor the C<start_tls> extension, such as the OpenLDAP server." msgstr "" "Si le paramètre B<SSL> est défini à C<start_tls>, la connexion au serveur " "LDAP est initiée normalement et le chiffrement TLS est démarré avant que les " "paramètres d'accès ne soient envoyés. Ceci présente l'avantage de ne pas " "requérir un port dédié pour les communications chiffrées. Ce paramètre est " "uniquement pris en charge par les serveurs LDAP qui honorent l'extension " "C<start_tls>, comme le serveur OpenLDAP." #. type: =item #: C/sudoers.ldap.pod:437 msgid "B<TLS_CHECKPEER> on/true/yes/off/false/no" msgstr "B<TLS_CHECKPEER> on/true/yes/off/false/no" #. type: textblock #: C/sudoers.ldap.pod:439 msgid "" "If enabled, B<TLS_CHECKPEER> will cause the LDAP server's TLS certificated " "to be verified. If the server's TLS certificate cannot be verified (usually " "because it is signed by an unknown certificate authority), B<sudo> will be " "unable to connect to it. If B<TLS_CHECKPEER> is disabled, no check is " "made. Note that disabling the check creates an opportunity for man-in-the-" "middle attacks since the server's identity will not be authenticated. If " "possible, the CA's certificate should be installed locally so it can be " "verified." msgstr "" "Si activé, B<TLS_CHECKPEER> provoquera la vérification du certificat TLS du " "serveur LDAP. Si le certificat TLS du serveur ne peut être vérifié " "(généralement parce qu'il est signé avec un certificat d'une autorité " "inconnue), B<sudo> sera incapable de s'y connecter. Si B<TLS_CHECKPEER> est " "désactivé, aucune contrôle n'est fait. Ã? noter que désactiver ce contrôle " "crée une opportunité pour des attaques de type « Man-in-the-middle » (Homme " "du milieu) étant donné que l'identité du serveur ne sera pas authentifiée. " "Si possible, le certificat de l'AC devrait être installé localement afin que " "cette identité puisse être vérifiée." #. type: =item #: C/sudoers.ldap.pod:448 msgid "B<TLS_CACERT> file name" msgstr "B<TLS_CACERT> nom du fichier" #. type: textblock #: C/sudoers.ldap.pod:450 msgid "An alias for B<TLS_CACERTFILE> for OpenLDAP compatibility." msgstr "Un alias pour B<TLS_CACERTFILE> pour la compatibilité avec OpenLDAP." #. type: =item #: C/sudoers.ldap.pod:452 msgid "B<TLS_CACERTFILE> file name" msgstr "B<TLS_CACERTFILE> nom du fichier" #. type: textblock #: C/sudoers.ldap.pod:454 msgid "" "The path to a certificate authority bundle which contains the certificates " "for all the Certificate Authorities the client knows to be valid, e.g. F</" "etc/ssl/ca-bundle.pem>. This option is only supported by the OpenLDAP " "libraries. Netscape-derived LDAP libraries use the same certificate " "database for CA and client certificates (see B<TLS_CERT>)." msgstr "" "Le chemin vers un fichier paquet de certificats d'autorité qui contient les " "certificats pour toutes les autorités de certification (CA) que le client " "reconnaît comme valide comme par exemple F</etc/ssl/ca-bundle.pem>. Cette " "option est uniquement prise en charge par les bibliothèques OpenLDAP. Les " "bibliothèques LDAP dérivées de Netscape utilisent la même base de données de " "certificats pour les AC et les certificats clients (voir B<TLS_CERT>)." #. type: =item #: C/sudoers.ldap.pod:461 msgid "B<TLS_CACERTDIR> directory" msgstr "B<TLS_CACERTDIR> répertoire" #. type: textblock #: C/sudoers.ldap.pod:463 msgid "" "Similar to B<TLS_CACERTFILE> but instead of a file, it is a directory " "containing individual Certificate Authority certificates, e.g. F</etc/ssl/" "certs>. The directory specified by B<TLS_CACERTDIR> is checked after " "B<TLS_CACERTFILE>. This option is only supported by the OpenLDAP libraries." msgstr "" "Semblable à B<TLS_CACERTFILE> mais au lieu d'un fichier, il s'agit d'un " "répertoire contenant les certificats individuels des autorités de " "certification (CA), comme par exemple F</etc/ssl/certs>. Le répertoire " "spécifié par B<TLS_CACERTDIR> est vérifié après B<TLS_CACERTFILE>. Cette " "option est prise en charge uniquement par les bibliothèques OpenLDAP." #. type: =item #: C/sudoers.ldap.pod:470 msgid "B<TLS_CERT> file name" msgstr "B<TLS_CERT> nom du fichier" #. type: textblock #: C/sudoers.ldap.pod:472 msgid "" "The path to a file containing the client certificate which can be used to " "authenticate the client to the LDAP server. The certificate type depends on " "the LDAP libraries used." msgstr "" "Le chemin vers un fichier contenant le certificat client pouvant être " "utilisé pour authentifier le client sur le serveur LDAP. Le type du " "certificat dépend des bibliothèques LDAP utilisées." #. type: verbatim #: C/sudoers.ldap.pod:476 #, no-wrap msgid "" "OpenLDAP:\n" " C<tls_cert /etc/ssl/client_cert.pem>\n" "\n" msgstr "" "OpenLDAP :\n" " C<tls_cert /etc/ssl/client_cert.pem>\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:479 #, no-wrap msgid "" "Netscape-derived:\n" " C<tls_cert /var/ldap/cert7.db>\n" "\n" msgstr "" "Dérivé Netscape :\n" " C<tls_cert /var/ldap/cert7.db>\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:482 msgid "" "When using Netscape-derived libraries, this file may also contain " "Certificate Authority certificates." msgstr "" "Lors de l'utilisation des bibliothèques dérivées de Netscape, ce fichier " "peut également contenir les certificats des autorités de certification." #. type: =item #: C/sudoers.ldap.pod:485 msgid "B<TLS_KEY> file name" msgstr "B<TLS_KEY> nom du fichier" #. type: textblock #: C/sudoers.ldap.pod:487 msgid "" "The path to a file containing the private key which matches the certificate " "specified by B<TLS_CERT>. The private key must not be password-protected. " "The key type depends on the LDAP libraries used." msgstr "" "Le chemin vers un fichier contenant la clé privée correspondant au " "certificat spécifié par B<TLS_CERT>. La clé privée ne doit pas être protégée " "par un mot de passe. Le type de la clé dépend des bibliothèques LDAP " "utilisées." #. type: verbatim #: C/sudoers.ldap.pod:492 #, no-wrap msgid "" "OpenLDAP:\n" " C<tls_key /etc/ssl/client_key.pem>\n" "\n" msgstr "" "OpenLDAP:\n" " C<tls_key /etc/ssl/client_key.pem>\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:495 #, no-wrap msgid "" "Netscape-derived:\n" " C<tls_key /var/ldap/key3.db>\n" "\n" msgstr "" "Dérivé Netscape :\n" " C<tls_key /var/ldap/key3.db>\n" "\n" #. type: =item #: C/sudoers.ldap.pod:498 msgid "B<TLS_RANDFILE> file name" msgstr "B<TLS_RANDFILE> nom du fichier" #. type: textblock #: C/sudoers.ldap.pod:500 msgid "" "The B<TLS_RANDFILE> parameter specifies the path to an entropy source for " "systems that lack a random device. It is generally used in conjunction with " "I<prngd> or I<egd>. This option is only supported by the OpenLDAP libraries." msgstr "" "Le paramètre B<TLS_RANDFILE> spécifie le chemin vers une source d'entropie " "pour les systèmes ne disposant pas d'un générateur de nombres aléatoires. Il " "est généralement utilisé conjointement avec I<prngd> ou I<egd>. Cette option " "est uniquement prise en charge par les bibliothèques OpenLDAP." #. type: =item #: C/sudoers.ldap.pod:505 msgid "B<TLS_CIPHERS> cipher list" msgstr "B<TLS_CIPHERS> liste de chiffrements" #. type: textblock #: C/sudoers.ldap.pod:507 msgid "" "The B<TLS_CIPHERS> parameter allows the administer to restrict which " "encryption algorithms may be used for TLS (SSL) connections. See the " "OpenSSL manual for a list of valid ciphers. This option is only supported " "by the OpenLDAP libraries." msgstr "" "Le paramètre <TLS_CIPHERS> permet à l'administrateur de restreindre les " "algorithmes de chiffrement qui peuvent être utilisés pour les connexions TLS " "(SSL). Voir le manuel OpenSSL pour une liste des chiffres valides. Cette " "option est uniquement prise en charge par les bibliothèques OpenLDAP." #. type: =item #: C/sudoers.ldap.pod:512 msgid "B<USE_SASL> on/true/yes/off/false/no" msgstr "B<USE_SASL> on/true/yes/off/false/no" #. type: textblock #: C/sudoers.ldap.pod:514 msgid "Enable B<USE_SASL> for LDAP servers that support SASL authentication." msgstr "" "Activer B<USE_SASL> pour les serveurs LDAP prenant en charge " "l'authentification SASL." #. type: =item #: C/sudoers.ldap.pod:516 msgid "B<SASL_AUTH_ID> identity" msgstr "B<SASL_AUTH_ID> identité" #. type: textblock #: C/sudoers.ldap.pod:518 msgid "" "The SASL user name to use when connecting to the LDAP server. By default, " "B<sudo> will use an anonymous connection." msgstr "" "L'utilisateur SASL à utiliser lors de la connexion au serveur LDAP. Par " "défaut, B<sudo> utilisera une connexion anonyme." #. type: =item #: C/sudoers.ldap.pod:521 msgid "B<ROOTUSE_SASL> on/true/yes/off/false/no" msgstr "B<ROOTUSE_SASL> on/true/yes/off/false/no" #. type: textblock #: C/sudoers.ldap.pod:523 msgid "" "Enable B<ROOTUSE_SASL> to enable SASL authentication when connecting to an " "LDAP server from a privileged process, such as B<sudo>." msgstr "" "Activer B<ROOTUSE_SASL> pour activer l'authentification SASL lors de la " "connexion au serveur LDAP depuis un utilisateur avec privilèges, tel que " "B<sudo>. " #. type: =item #: C/sudoers.ldap.pod:526 msgid "B<ROOTSASL_AUTH_ID> identity" msgstr "B<ROOTSASL_AUTH_ID> identité" #. type: textblock #: C/sudoers.ldap.pod:528 msgid "The SASL user name to use when B<ROOTUSE_SASL> is enabled." msgstr "Le nom d'utilisateur SASL à utiliser quand B<ROOTUSE_SASL> est activé." #. type: =item #: C/sudoers.ldap.pod:530 msgid "B<SASL_SECPROPS> none/properties" msgstr "B<SASL_SECPROPS> none/<propriétés>" #. type: textblock #: C/sudoers.ldap.pod:532 msgid "" "SASL security properties or I<none> for no properties. See the SASL " "programmer's manual for details." msgstr "" "Propriétés de sécurité SASL ou I<none> pour aucune propriété. Voir le manuel " "du dévelopeur SASL pour plus de détails." #. type: =item #: C/sudoers.ldap.pod:535 msgid "B<KRB5_CCNAME> file name" msgstr "B<KRB5_CCNAME> nom de fichier" #. type: textblock #: C/sudoers.ldap.pod:537 msgid "" "The path to the Kerberos 5 credential cache to use when authenticating with " "the remote server." msgstr "" "Le chemin du cache des autorisations d'accès de Kerberos 5 à utiliser lors " "d'une authentification avec un serveur distant." #. type: =item #: C/sudoers.ldap.pod:540 msgid "B<DEREF> never/searching/finding/always" msgstr "B<DEREF> never/searching/finding/always" #. type: textblock #: C/sudoers.ldap.pod:542 msgid "" "How alias dereferencing is to be performed when searching. See the L<ldap." "conf(5)> manual for a full description of this option." msgstr "" "Manière dont le déréférencement d'alias doit être effectué lors de la " "recherche. Voir le manuel L<ldap.conf(5)> pour une description complète de " "cette option." #. type: textblock #: C/sudoers.ldap.pod:547 msgid "See the C<ldap.conf> entry in the L<EXAMPLES> section." msgstr "Voir l'entrée C<ldap.conf> dans la section L<EXEMPLES>." #. type: =head2 #: C/sudoers.ldap.pod:549 msgid "Configuring nsswitch.conf" msgstr "Configuration de nsswitch.conf" #. type: textblock #: C/sudoers.ldap.pod:551 msgid "" "Unless it is disabled at build time, B<sudo> consults the Name Service " "Switch file, F<@nsswitch_conf@>, to specify the I<sudoers> search order. " "Sudo looks for a line beginning with C<sudoers>: and uses this to determine " "the search order. Note that B<sudo> does not stop searching after the first " "match and later matches take precedence over earlier ones." msgstr "" "Ã? moins d'être désactivé lors de la phase de compilation, B<sudo> consulte " "le fichier du service de nom (« Name Service Switch ») F<@nsswitch_conf@>, " "afin de préciser l'ordre de recherche de I<sudoers>. Sudo cherche une ligne " "commençant avec C<sudoers> et l'utilise pour déterminer l'ordre de " "recherche. Ã? noter que B<sudo> ne s'arrête pas de chercher après la première " "correspondance et que la dernière correspondance prévaut sur toutes les " "précédentes. " #. type: textblock #: C/sudoers.ldap.pod:558 msgid "The following sources are recognized:" msgstr "Les sources suivantes sont reconnues :" #. type: verbatim #: C/sudoers.ldap.pod:560 #, no-wrap msgid "" " files\tread sudoers from F<@sysconfdir@/sudoers>\n" " ldap\tread sudoers from LDAP\n" "\n" msgstr "" " files\trecherche les sudoers depuis F<@sysconfdir@/sudoers>\n" " ldap\trecherche les sudoers depuis LDAP\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:563 msgid "" "In addition, the entry C<[NOTFOUND=return]> will short-circuit the search if " "the user was not found in the preceding source." msgstr "" "De plus, l'entrée C<[NOTFOUND=return]> court-circuitera la recherche si " "l'utilisateur n'a pas été trouvé dans la source précédente." #. type: textblock #: C/sudoers.ldap.pod:566 C/sudoers.ldap.pod:590 msgid "" "To consult LDAP first followed by the local sudoers file (if it exists), use:" msgstr "" "Pour consulter l'annuaire LDAP en premier suivi par le fichier sudoers local " "(s'il existe), il faut utiliser :" #. type: verbatim #: C/sudoers.ldap.pod:569 #, no-wrap msgid "" " sudoers: ldap files\n" "\n" msgstr "" " sudoers: ldap files\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:571 C/sudoers.ldap.pod:595 msgid "The local I<sudoers> file can be ignored completely by using:" msgstr "Le fichier I<sudoers> peut être ignoré complètement en utilisant :" #. type: verbatim #: C/sudoers.ldap.pod:573 #, no-wrap msgid "" " sudoers: ldap\n" "\n" msgstr "" " sudoers: ldap\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:575 msgid "" "If the F<@nsswitch_conf@> file is not present or there is no sudoers line, " "the following default is assumed:" msgstr "" "Si le fichier F<@nsswitch_conf@> n'est pas présent ou s'il n'y a aucune " "ligne sudoers, la configuration par défaut suivante est supposée :" #. type: verbatim #: C/sudoers.ldap.pod:578 #, no-wrap msgid "" " sudoers: files\n" "\n" msgstr "" " sudoers: files\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:580 msgid "" "Note that F<@nsswitch_conf@> is supported even when the underlying operating " "system does not use an nsswitch.conf file." msgstr "" "Ã? noter que F<@nsswitch_conf@> est pris en charge même si le système " "d'exploitation sous-jacent n'utilise pas de fichier nsswitch.conf." #. type: =head2 #: C/sudoers.ldap.pod:583 msgid "Configuring netsvc.conf" msgstr "Configuration de netsvc.conf" #. type: textblock #: C/sudoers.ldap.pod:585 msgid "" "On AIX systems, the F<@netsvc_conf@> file is consulted instead of " "F<@nsswitch_conf@>. B<sudo> simply treats I<netsvc.conf> as a variant of " "I<nsswitch.conf>; information in the previous section unrelated to the file " "format itself still applies." msgstr "" "Sur les systèmes AIX, le fichier F<@netsvc_conf@> est consulté au lieu de " "F<@nsswitch_conf@>. B<sudo> traite simplement I<netsvc.conf> comme une " "variante de I<nsswitch.conf> ; les informations de la section précédente " "sans rapport avec le format du fichier restent applicables." #. type: verbatim #: C/sudoers.ldap.pod:593 #, no-wrap msgid "" " sudoers = ldap, files\n" "\n" msgstr "" " sudoers = ldap, files\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:597 #, no-wrap msgid "" " sudoers = ldap\n" "\n" msgstr "" " sudoers = ldap\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:599 msgid "" "To treat LDAP as authoratative and only use the local sudoers file if the " "user is not present in LDAP, use:" msgstr "" "Pour considérer l'annuaire LDAP comme autoritaire et uniquement utiliser le " "fichier sudoers local si l'utilisateur n'est pas présent dans LDAP, " "utiliser :" #. type: verbatim #: C/sudoers.ldap.pod:602 #, no-wrap msgid "" " sudoers = ldap = auth, files\n" "\n" msgstr "" " sudoers = ldap = auth, files\n" "\n" #. type: textblock #: C/sudoers.ldap.pod:604 msgid "" "Note that in the above example, the C<auth> qualfier only affects user " "lookups; both LDAP and I<sudoers> will be queried for C<Defaults> entries." msgstr "" "Ã? noter que dans l'exemple ci-dessus, le qualificatif C<auth> affecte " "uniquement les recherches d'utilisateurs ; les deux ressources LDAP et " "I<sudoers> seront consultées pour les entrées C<Defaults>." #. type: textblock #: C/sudoers.ldap.pod:608 msgid "" "If the F<@netsvc_conf@> file is not present or there is no sudoers line, the " "following default is assumed:" msgstr "" "Si le fichier F<@netsvc_conf@> n'est pas présent ou s'il n'y a aucune ligne " "sudoers, la configuration par défaut suivante est supposée :" #. type: verbatim #: C/sudoers.ldap.pod:611 #, no-wrap msgid "" " sudoers = files\n" "\n" msgstr "" " sudoers = files\n" "\n" #. type: =head1 #: C/sudoers.ldap.pod:613 C/sudoers.pod:1757 C/sudo.pod:703 #: C/sudoreplay.pod:266 C/visudo.pod:131 msgid "FILES" msgstr "FICHIERS" #. type: =item #: C/sudoers.ldap.pod:617 msgid "F<@ldap_conf@>" msgstr "F<@ldap_conf@>" #. type: textblock #: C/sudoers.ldap.pod:619 msgid "LDAP configuration file" msgstr "Fichier de configuration LDAP" #. type: =item #: C/sudoers.ldap.pod:621 msgid "F<@nsswitch_conf@>" msgstr "F<@nsswitch_conf@>" #. type: textblock #: C/sudoers.ldap.pod:623 msgid "determines sudoers source order" msgstr "détermine l'ordre des sources sudoers" #. type: =item #: C/sudoers.ldap.pod:625 msgid "F<@netsvc_conf@>" msgstr "F<@netsvc_conf@>" #. type: textblock #: C/sudoers.ldap.pod:627 msgid "determines sudoers source order on AIX" msgstr "détermine l'ordre des sources sudoers sur AIX" #. type: =head1 #: C/sudoers.ldap.pod:631 C/sudoers.pod:1791 C/sudo.pod:713 #: C/sudoreplay.pod:308 msgid "EXAMPLES" msgstr "EXEMPLES" #. type: =head2 #: C/sudoers.ldap.pod:633 msgid "Example ldap.conf" msgstr "Exemple de fichier ldap.conf" #. type: verbatim #: C/sudoers.ldap.pod:635 #, no-wrap msgid "" " # Either specify one or more URIs or one or more host:port pairs.\n" " # If neither is specified sudo will default to localhost, port 389.\n" " #\n" " #host ldapserver\n" " #host ldapserver1 ldapserver2:390\n" " #\n" " # Default port if host is specified without one, defaults to 389.\n" " #port 389\n" " #\n" " # URI will override the host and port settings.\n" " uri ldap://ldapserver\n" " #uri ldaps://secureldapserver\n" " #uri ldaps://secureldapserver ldap://ldapserver\n" " #\n" " # The amount of time, in seconds, to wait while trying to connect to\n" " # an LDAP server.\n" " bind_timelimit 30\n" " #\n" " # The amount of time, in seconds, to wait while performing an LDAP query.\n" " timelimit 30\n" " #\n" " # Must be set or sudo will ignore LDAP; may be specified multiple times.\n" " sudoers_base ou=SUDOers,dc=example,dc=com\n" " #\n" " # verbose sudoers matching from ldap\n" " #sudoers_debug 2\n" " #\n" " # Enable support for time-based entries in sudoers.\n" " #sudoers_timed yes\n" " #\n" " # optional proxy credentials\n" " #binddn <who to search as>\n" " #bindpw <password>\n" " #rootbinddn <who to search as, uses /etc/ldap.secret for bindpw>\n" " #\n" " # LDAP protocol version, defaults to 3\n" " #ldap_version 3\n" " #\n" " # Define if you want to use an encrypted LDAP connection.\n" " # Typically, you must also set the port to 636 (ldaps).\n" " #ssl on\n" " #\n" " # Define if you want to use port 389 and switch to\n" " # encryption before the bind credentials are sent.\n" " # Only supported by LDAP servers that support the start_tls\n" " # extension such as OpenLDAP.\n" " #ssl start_tls\n" " #\n" " # Additional TLS options follow that allow tweaking of the\n" " # SSL/TLS connection.\n" " #\n" " #tls_checkpeer yes # verify server SSL certificate\n" " #tls_checkpeer no # ignore server SSL certificate\n" " #\n" " # If you enable tls_checkpeer, specify either tls_cacertfile\n" " # or tls_cacertdir. Only supported when using OpenLDAP.\n" " #\n" " #tls_cacertfile /etc/certs/trusted_signers.pem\n" " #tls_cacertdir /etc/certs\n" " #\n" " # For systems that don't have /dev/random\n" " # use this along with PRNGD or EGD.pl to seed the\n" " # random number pool to generate cryptographic session keys.\n" " # Only supported when using OpenLDAP.\n" " #\n" " #tls_randfile /etc/egd-pool\n" " #\n" " # You may restrict which ciphers are used. Consult your SSL\n" " # documentation for which options go here.\n" " # Only supported when using OpenLDAP.\n" " #\n" " #tls_ciphers <cipher-list>\n" " #\n" " # Sudo can provide a client certificate when communicating to\n" " # the LDAP server.\n" " # Tips:\n" " # * Enable both lines at the same time.\n" " # * Do not password protect the key file.\n" " # * Ensure the keyfile is only readable by root.\n" " #\n" " # For OpenLDAP:\n" " #tls_cert /etc/certs/client_cert.pem\n" " #tls_key /etc/certs/client_key.pem\n" " #\n" " # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either\n" " # a directory, in which case the files in the directory must have the\n" " # default names (e.g. cert8.db and key4.db), or the path to the cert\n" " # and key files themselves. However, a bug in version 5.0 of the LDAP\n" " # SDK will prevent specific file names from working. For this reason\n" " # it is suggested that tls_cert and tls_key be set to a directory,\n" " # not a file name.\n" " #\n" " # The certificate database specified by tls_cert may contain CA certs\n" " # and/or the client's cert. If the client's cert is included, tls_key\n" " # should be specified as well.\n" " # For backward compatibility, \"sslpath\" may be used in place of tls_cert.\n" " #tls_cert /var/ldap\n" " #tls_key /var/ldap\n" " #\n" " # If using SASL authentication for LDAP (OpenSSL)\n" " # use_sasl yes\n" " # sasl_auth_id <SASL user name>\n" " # rootuse_sasl yes\n" " # rootsasl_auth_id <SASL user name for root access>\n" " # sasl_secprops none\n" " # krb5_ccname /etc/.ldapcache\n" "\n" msgstr "" " # Spécifier soit une ou plusieurs URI soit un ou plusieurs couples hôte:port.\n" " # Si aucun des deux n'est spécifié, sudo utilisera comme valeur par défaut localhost, port 389.\n" " #\n" " #host serveurldap\n" " #host serveurldap1 serveurldap2:390\n" " #\n" " # Port par défaut si la directive host est spécifiée sans. La valeur par défaut est 389\n" " #port 389\n" " #\n" " # Le paramètre URI écrasera les réglages host et port.\n" " uri ldap://serveurldap\n" " #uri ldaps://serveurldapsecurise\n" " #uri ldaps://serveurldapsecurise ldap://serveurldap\n" " #\n" " # Le temps, en secondes, à attendre pour essayer de se connecter à \n" " # un serveur LDAP.\n" " bind_timelimit 30\n" " #\n" " # Le temps, en secondes, à attendre pour exécuter une requête LDAP\n" " timelimit 30\n" " #\n" " # Doit être défini, sinon sudo ignorera LDAP ; peut être spécifié plusieurs fois.\n" " sudoers_base ou=SUDOers,dc=exemple,dc=com\n" " #\n" " # sudoers bavard si correspondance depuis ldap\n" " #sudoers_debug 2\n" " #\n" " # Activer la gestion des entrées basées sur le temps dans sudoers.\n" " #sudoers_timed yes\n" " #\n" " # Autorisations d'accès mandataires optionnelles\n" " #binddn <celui qui fait la recherche>\n" " #bindpw <mot de passe>\n" " #rootbinddn <celui qui fait la recherche, utilise /etc/ldap.secret pour renseigner bindpw>\n" " #\n" " # Version du protocole LDAP. Valeur par défaut : 3.\n" " #ldap_version 3\n" " #\n" " # Ã? définir si vous voulez une connexion LDAP chiffrée.\n" " # Typiquement, vous devez également définir le port à 636 (ldaps).\n" " #ssl on\n" " #\n" " # Ã? définir si vous voulez utiliser le port 389 et basculer sur\n" " # le chiffrement avant que les paramètres d'authentification soient envoyés.\n" " # Uniquement pris en charge par les serveurs LDAP gérant l'extension\n" " # start_tls comme OpenLDAP.\n" " #ssl start_tls\n" " #\n" " # Les options TLS supplémentaires qui suivent permettent de régler la\n" " # connexion SSL/TLS.\n" " #\n" " #tls_checkpeer yes # Vérifie le certificat SSL serveur\n" " #tls_checkpeer no # Ignore le certificat SSL serveur\n" " #\n" " # Si vous activez tls_checkpeer, précisez soit tls_cacertfile, \n" " # soit tls_cacertdir. Uniquement pris en charge par OpenLDAP.\n" " #\n" " #tls_cacertfile /etc/certs/signataires_de_confiance.pem\n" " #tls_cacertdir /etc/certs\n" " #\n" " # Pour les systèmes ne disposant pas de /dev/random\n" " # utilisez l'option suivante accompagnée de PRNGD ou EGD.pl pour fournir\n" " # une réserve de nombres aléatoires afin de générer les clés de session cryptographiques.\n" " # Uniquement géré par OpenLDAP.\n" " #\n" " #tls_randfile /etc/egd-pool\n" " #\n" " # Vous pouvez restreindre les méthodes de chiffrement utilisables.\n" " # Consultez votre documentation SSL pour les options pouvant convenir ici.\n" " # Uniquement géré par OpenLDAP.\n" " #\n" " #tls_ciphers <liste des méthodes de chiffrement>\n" " #\n" " # Sudo peut fournir un certificat client lors de la communication avec\n" " # le serveur LDAP.\n" " # Astuces :\n" " # * Activer les 2 lignes de configuration en même temps.\n" " # * Ne pas protéger le fichier de la clé par mot de passe.\n" " # * S'assurer que le fichier de la clé soit uniquement lisible par le superutilisateur.\n" " #\n" " # Pour OpenLDAP :\n" " #tls_cert /etc/certs/certificat_client.pem\n" " #tls_key /etc/certs/cle_client.pem\n" " #\n" " # Pour les LDAP SunONE ou iPlanet, tls_cert and tls_key peuvent spécifier soit\n" " # un répertoire, auquel cas les fichiers dans le répertoire doivent avoir leur\n" " # nom par défaut (par exemple : cert8.db et key4.db), soit le chemin vers les fichiers\n" " # certificat et clé eux-mêmes. Cependant, un bogue en version 5.0 du kit de développement \n" " # logiciel (« SDK ») LDAP empêchera les noms de fichiers spécifiques de fonctionner.\n" " # Pour cette raison, il est suggéré que tls_cert et tls_key soient définis avec un répertoire,\n" " # et non un nom de fichier.\n" " #\n" " # La base de données de certificats spécifiée par tls_cert peut contenir les certificats des AC\n" " # et/ou le certificat du client. Si le certificat du client est inclus, tls_key\n" " # devrait être précisé également.\n" " # Pour des raisons de compatibilité descendante, « sslpath » peut être utilisé à la place de tls_cert.\n" " #tls_cert /var/ldap\n" " #tls_key /var/ldap\n" " #\n" " # Si l'authentification SASL est utilisée pour LDAP (OpenSSL)\n" " # use_sasl yes\n" " # sasl_auth_id <nom d'utilisateur SASL>\n" " # rootuse_sasl yes\n" " # rootsasl_auth_id <nom d'utilisateur SASL pour l'accès superutilisateur>\n" " # sasl_secprops none\n" " # krb5_ccname /etc/.ldapcache\n" "\n" #. type: =head2 #: C/sudoers.ldap.pod:742 msgid "Sudo schema for OpenLDAP" msgstr "Schéma sudo pour OpenLDAP" #. type: textblock #: C/sudoers.ldap.pod:744 msgid "" "The following schema, in OpenLDAP format, is included with B<sudo> source " "and binary distributions as F<schema.OpenLDAP>. Simply copy it to the " "schema directory (e.g. F</etc/openldap/schema>), add the proper C<include> " "line in C<slapd.conf> and restart B<slapd>." msgstr "" "Le schéma suivant est au format OpenLDAP, disponible dans les sources de " "B<sudo> et dans le fichier F<schema.OpenLDAP> des distributions binaires. " "Copier simplement celui-ci dans le répertoire des schémas (par exemple, F</" "etc/openldap/schema>), ajouter la ligne C<include> appropriée dans C<slapd." "conf> et redémarrer B<slapd>." #. type: verbatim #: C/sudoers.ldap.pod:749 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.1\n" " NAME 'sudoUser'\n" " DESC 'User(s) who may run sudo'\n" " EQUALITY caseExactIA5Match\n" " SUBSTR caseExactIA5SubstringsMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.1\n" " NAME 'sudoUser'\n" " DESC 'Utilisateur(s) qui peuvent exécuter sudo'\n" " EQUALITY caseExactIA5Match\n" " SUBSTR caseExactIA5SubstringsMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:756 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.2\n" " NAME 'sudoHost'\n" " DESC 'Host(s) who may run sudo'\n" " EQUALITY caseExactIA5Match\n" " SUBSTR caseExactIA5SubstringsMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.2\n" " NAME 'sudoHost'\n" " DESC 'Hôte(s) qui peuvent exécuter sudo'\n" " EQUALITY caseExactIA5Match\n" " SUBSTR caseExactIA5SubstringsMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:763 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.3\n" " NAME 'sudoCommand'\n" " DESC 'Command(s) to be executed by sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.3\n" " NAME 'sudoCommand'\n" " DESC 'Commande(s) à exécuter par sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:769 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.4\n" " NAME 'sudoRunAs'\n" " DESC 'User(s) impersonated by sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.4\n" " NAME 'sudoRunAs'\n" " DESC 'Utilisateur(s) personnifiés par sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:775 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.5\n" " NAME 'sudoOption'\n" " DESC 'Options(s) followed by sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.5\n" " NAME 'sudoOption'\n" " DESC 'Options(s) suivies par sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:781 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.6\n" " NAME 'sudoRunAsUser'\n" " DESC 'User(s) impersonated by sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.6\n" " NAME 'sudoRunAsUser'\n" " DESC 'Utilisateur(s) personnifiés par sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:787 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.7\n" " NAME 'sudoRunAsGroup'\n" " DESC 'Group(s) impersonated by sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.7\n" " NAME 'sudoRunAsGroup'\n" " DESC 'Groupe(s) personnifiés par sudo'\n" " EQUALITY caseExactIA5Match\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:793 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.8\n" " NAME 'sudoNotBefore'\n" " DESC 'Start of time interval for which the entry is valid'\n" " EQUALITY generalizedTimeMatch\n" " ORDERING generalizedTimeOrderingMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.8\n" " NAME 'sudoNotBefore'\n" " DESC 'Début de la période de validité de l'entrée'\n" " EQUALITY generalizedTimeMatch\n" " ORDERING generalizedTimeOrderingMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:800 #, no-wrap msgid "" " attributetype ( 1.3.6.1.4.1.15953.9.1.9\n" " NAME 'sudoNotAfter'\n" " DESC 'End of time interval for which the entry is valid'\n" " EQUALITY generalizedTimeMatch\n" " ORDERING generalizedTimeOrderingMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.9\n" " NAME 'sudoNotAfter'\n" " DESC 'Fin de la période de validité de l'entrée'\n" " EQUALITY generalizedTimeMatch\n" " ORDERING generalizedTimeOrderingMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:807 #, no-wrap msgid "" " attributeTypes ( 1.3.6.1.4.1.15953.9.1.10\n" " NAME 'sudoOrder'\n" " DESC 'an integer to order the sudoRole entries'\n" " EQUALITY integerMatch\n" " ORDERING integerOrderingMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )\n" "\n" msgstr "" " attributetype ( 1.3.6.1.4.1.15953.9.1.10\n" " NAME 'sudoOrder'\n" " DESC 'Entier pour ordonner les entrées sudoRole'\n" " EQUALITY integerMatch\n" " ORDERING integerOrderingMatch\n" " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )\n" "\n" #. type: verbatim #: C/sudoers.ldap.pod:814 #, no-wrap msgid "" " objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL\n" " DESC 'Sudoer Entries'\n" " MUST ( cn )\n" " MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $\n" "\t sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $\n" "\t sudoOrder $ description )\n" " )\n" "\n" msgstr "" " objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL\n" " DESC 'Entrée sudoer'\n" " MUST ( cn )\n" " MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $\n" "\t sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $\n" "\t sudoOrder $ description )\n" " )\n" "\n" #. type: =head1 #: C/sudoers.ldap.pod:822 C/sudoers.pod:2120 C/sudo.pod:748 #: C/sudoreplay.pod:326 C/visudo.pod:184 msgid "SEE ALSO" msgstr "VOIR AUSSI" #. type: textblock #: C/sudoers.ldap.pod:824 msgid "L<ldap.conf(5)>, L<sudoers(5)>" msgstr "L<ldap.conf(5)>, L<sudoers(5)>" #. type: =head1 #: C/sudoers.ldap.pod:826 C/sudoers.pod:2125 C/sudo.pod:770 C/visudo.pod:199 msgid "CAVEATS" msgstr "AVERTISSEMENTS" #. type: textblock #: C/sudoers.ldap.pod:828 msgid "" "Note that there are differences in the way that LDAP-based I<sudoers> is " "parsed compared to file-based I<sudoers>. See the L<Differences between " "LDAP and non-LDAP sudoers> section for more information." msgstr "" "Veuillez noter qu'il y a des différences dans la façon dont I<sudoers> basé " "sur LDAP est analysé comparé à I<sudoers> dans un fichier plat. Voir la " "section L<Différences entre les sudoers LDAP et non LDAP>." #. type: =head1 #: C/sudoers.ldap.pod:832 C/sudoers.pod:2138 C/sudo.pod:790 #: C/sudoreplay.pod:334 C/visudo.pod:204 msgid "BUGS" msgstr "BOGUES" #. type: textblock #: C/sudoers.ldap.pod:834 C/sudoers.pod:2140 C/sudo.pod:792 msgid "" "If you feel you have found a bug in B<sudo>, please submit a bug report at " "http://www.sudo.ws/sudo/bugs/" msgstr "" "Si vous pensez avoir trouvé un bogue dans B<sudo>, merci de soumettre un " "rapport de bogue à l'adresse http://www.sudo.ws/sudo/bugs/" #. type: =head1 #: C/sudoers.ldap.pod:837 C/sudoers.pod:2143 C/sudo.pod:795 #: C/sudoreplay.pod:339 C/visudo.pod:209 msgid "SUPPORT" msgstr "ASSISTANCE" #. type: textblock #: C/sudoers.ldap.pod:839 C/sudoers.pod:2145 C/sudo.pod:797 #: C/sudoreplay.pod:341 C/visudo.pod:211 msgid "" "Limited free support is available via the sudo-users mailing list, see " "http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the " "archives." msgstr "" "Une assistance limitée gratuite est offerte par la liste de diffusion sudo-" "users. http://www.sudo.ws/mailman/listinfo/sudo-users permet de vous " "inscrire et de consultez les archives." #. type: =head1 #: C/sudoers.ldap.pod:843 C/sudoers.pod:2149 C/sudo.pod:801 #: C/sudoreplay.pod:345 C/visudo.pod:215 msgid "DISCLAIMER" msgstr "AVERTISSEMENT" #. type: textblock #: C/sudoers.ldap.pod:845 C/sudoers.pod:2151 C/sudo.pod:803 msgid "" "B<sudo> is provided ``AS IS'' and any express or implied warranties, " "including, but not limited to, the implied warranties of merchantability and " "fitness for a particular purpose are disclaimed. See the LICENSE file " "distributed with B<sudo> or http://www.sudo.ws/sudo/license.html for " "complete details." msgstr "" "B<sudo> est fourni « EN L'Ã?TAT » et sans aucune garantie de quelque nature " "que ce soit expresse ou implicite, y compris, mais sans y être limité les " "garanties d'aptitude à la vente ou à un but particulier. Voir le fichier " "LICENSE distribué avec B<sudo> ou http://www.sudo.ws/sudo/license.html pour " "les détails complets." #. type: textblock #: C/sudoers.pod:25 msgid "sudoers - default sudo security policy module" msgstr "sudoers - module de politique de sécurité sudo par défaut" #. type: textblock #: C/sudoers.pod:29 msgid "" "The I<sudoers> policy module determines a user's B<sudo> privileges. It is " "the default B<sudo> policy plugin. The policy is driven by the " "F<@sysconfdir@/sudoers> file or, optionally in LDAP. The policy format is " "described in detail in the L<\"SUDOERS FILE FORMAT\"> section. For " "information on storing I<sudoers> policy information in LDAP, please see " "L<sudoers.ldap(5)>." msgstr "" "Le module de politique de I<sudoers> détermine les droits B<sudo> d'un " "utilisateur. Il s'agit du greffon de politique B<sudo> par défaut. La " "politique est menée par le fichier F<@sysconfdir@/sudoers> ou, " "facultativement, dans LDAP. Le format de politique est décrit en détail dans " "la section L<\"FORMAT DE FICHIERS SUDOERS\">. Pour en savoir plus sur la " "façon de stocker les informations de politique I<sudoers> dans LDAP, " "veuillez consulter L<sudoers.ldap(5)>." #. type: =head2 #: C/sudoers.pod:36 msgid "Authentication and Logging" msgstr "Authentification et connexion" #. type: textblock #: C/sudoers.pod:38 msgid "" "The I<sudoers> security policy requires that most users authenticate " "themselves before they can use B<sudo>. A password is not required if the " "invoking user is root, if the target user is the same as the invoking user, " "or if the policy has disabled authentication for the user or command. " "Unlike L<su(1)>, when I<sudoers> requires authentication, it validates the " "invoking user's credentials, not the target user's (or root's) credentials. " "This can be changed via the I<rootpw>, I<targetpw> and I<runaspw> flags, " "described later." msgstr "" "La politique de sécurité de I<sudoers> nécessite que la plupart des " "utilisateurs s'authentifient eux-mêmes avant de pouvoir utiliser B<sudo>. " "Aucun mot de passe n'est requis si l'utilisateur est le superutilisateur, si " "l'utilisateur cible est l'utilisateur appelant ou si la politique a " "désactivé l'authentification pour l'utilisateur ou la commande. " "Contrairement à L<su(1)>, quand I<sudoers> nécessite une authentification, " "il valide les identifiants de l'utilisateur appelant mais pas ceux de " "l'utilisateur cible (ou du superutilisateur). Cela peut être modifié grâce " "aux marqueurs I<rootpw>, I<targetpw> et I<runaspw> décrits plus loin." #. type: textblock #: C/sudoers.pod:47 msgid "" "If a user who is not listed in the policy tries to run a command via " "B<sudo>, mail is sent to the proper authorities. The address used for such " "mail is configurable via the I<mailto> Defaults entry (described later) and " "defaults to C<@mailto@>." msgstr "" "Si un utilisateur non listé par la politique essaie de lancer une commande " "grâce à B<sudo>, un message est envoyé aux responsables. L'adresse utilisée " "pour ce message est configurable grâce à l'entrée par défaut I<mailto> " "(décrite plus loin) et vaut C<@mailto@> par défaut." #. type: textblock #: C/sudoers.pod:52 msgid "" "Note that mail will not be sent if an unauthorized user tries to run B<sudo> " "with the B<-l> or B<-v> option. This allows users to determine for " "themselves whether or not they are allowed to use B<sudo>." msgstr "" "Ã? noter que ce mail ne sera pas envoyé si un utilisateur non autorisé essaye " "d'exécuter B<sudo> avec les options B<-l> ou B<-v>. Ceci permet aux " "utilisateurs de savoir s'ils sont autorisés à utiliser B<sudo>." #. type: textblock #: C/sudoers.pod:57 msgid "" "If B<sudo> is run by root and the C<SUDO_USER> environment variable is set, " "the I<sudoers> policy will use this value to determine who the actual user " "is. This can be used by a user to log commands through sudo even when a " "root shell has been invoked. It also allows the B<-e> option to remain " "useful even when invoked via a sudo-run script or program. Note, however, " "that the I<sudoers> lookup is still done for root, not the user specified by " "C<SUDO_USER>." msgstr "" "Si B<sudo> est exécuté par root et que la variable d'environnement " "C<SUDO_USER> est définie, la politique de I<sudoers> utilisera cette valeur " "pour déterminer qui est l'utilisateur courant. Ceci peut être utilisé par un " "utilisateur pour enregistrer les commandes lancées par le biais de sudo " "lorsqu'un interpréteur de commande superutilisateur a été lancé. Cela permet " "aussi à l'option B<-e> de rester utile lorsque invoquée par un script ou un " "programme exécuté avec sudo. Ã? noter cependant que cette recherche de " "I<sudoers> est toujours faite pour le superutilisateur, pas pour " "l'utilisateur spécifié par C<SUDO_USER>." #. type: textblock #: C/sudoers.pod:65 msgid "" "I<sudoers> uses time stamp files for credential caching. Once a user has " "been authenticated, a time stamp is updated and the user may then use sudo " "without a password for a short period of time (C<@timeout@> minutes unless " "overridden by the I<timeout> option. By default, I<sudoers> uses a tty-" "based time stamp which means that there is a separate time stamp for each of " "a user's login sessions. The I<tty_tickets> option can be disabled to force " "the use of a single time stamp for all of a user's sessions." msgstr "" "I<sudoers> utilise des fichiers d'horodatage pour mettre les droits en " "cache. Quand un utilisateur est authentifié, un horodatage est mis à jour et " "l'utilisateur peut utiliser sudo sans mot de passe pour une courte période " "de temps (C<@timeout@> minutes, sauf surcharge par l'option I<timeout>).Par " "défaut, I<sudoers> utilise un horodatage basé sur tty, ce qui signifie qu'il " "y a un horodatage séparé pour chaque session d'un même utilisateur. L'option " "I<tty_tickets> peut être désactivée pour forcer l'utilisation d'un " "horodatage unique pour toutes les sessions d'un utilisateur." #. type: textblock #: C/sudoers.pod:74 msgid "" "I<sudoers> can log both successful and unsuccessful attempts (as well as " "errors) to syslog(3), a log file, or both. By default, I<sudoers> will log " "via syslog(3) but this is changeable via the I<syslog> and I<logfile> " "Defaults settings." msgstr "" "B<sudoers> peut enregistrer les tentatives réussies ou échouées (ainsi que " "les erreurs) vers syslog(3), un fichier journal, ou les deux. Par défaut " "B<sudoers> enregistrera via syslog(3) mais cela est modifiable grâce aux " "paramètres par défaut de I<syslog> et I<logfile>" #. type: textblock #: C/sudoers.pod:79 msgid "" "I<sudoers> also supports logging a command's input and output streams. I/O " "logging is not on by default but can be enabled using the I<log_input> and " "I<log_output> Defaults flags as well as the C<LOG_INPUT> and C<LOG_OUTPUT> " "command tags." msgstr "" "I<sudoers> prend également en charge l'enregistrement des flux d'entrée et " "de sortie d'une commande. L'enregistrement des E/S ne se fait pas par défaut " "mais peut être activé grâce aux marqueurs par défaut I<log_input> et " "I<log_output> ainsi que les étiquettes de commande C<LOG_INPUT> et " "C<LOG_OUTPUT>." #. type: =head2 #: C/sudoers.pod:84 msgid "Command Environment" msgstr "Environnement de commandes" #. type: textblock #: C/sudoers.pod:86 msgid "" "Since environment variables can influence program behavior, I<sudoers> " "provides a means to restrict which variables from the user's environment are " "inherited by the command to be run. There are two distinct ways I<sudoers> " "can deal with environment variables." msgstr "" "Puisque les variables d'environnement peuvent influencer le comportement des " "programmes, I<sudoers> fournit un moyen de restreindre la liste des " "variables de l'environnement de l'utilisateur qui seront héritées par la " "commande à lancer. Il y a deux façons dont I<sudoers> peut gérer les " "variables d'environnement." #. type: textblock #: C/sudoers.pod:91 msgid "" "By default, the I<env_reset> option is enabled. This causes commands to be " "executed with a new, minimal environment. On AIX (and Linux systems without " "PAM), the environment is initialized with the contents of the F</etc/" "environment> file. On BSD systems, if the I<use_loginclass> option is " "enabled, the environment is initialized based on the I<path> and I<setenv> " "settings in F</etc/login.conf>. The new environment contains the C<TERM>, " "C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER>, C<USERNAME> and " "C<SUDO_*> variables in addition to variables from the invoking process " "permitted by the I<env_check> and I<env_keep> options. This is effectively " "a whitelist for environment variables." msgstr "" "Par défaut. l'option I<env_reset> est activée. Ceci fait que les commandes " "sont à exécuter avec un environnement minimal. Sur AIX (et les systèmes " "Linux sans PAM), l'environnement est initialisé avec le contenu du fichier " "F</etc/environment>. Sur les systèmes BSD, si l'option I<use_loginclass> est " "activée, l'environnement est initialisé en se basant sur les réglages " "I<path> et I<setenv> de F</etc/login.conf>. Le nouvel environnement contient " "C<TERM>, C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER>, " "C<USERNAME> et C<SUDO_*> en plus des variables du processus appelant " "autorisées par les options I<env_check> et I<env_keep>. Il s'agit " "effectivement d'une liste blanche des variables d'environnement." #. type: textblock #: C/sudoers.pod:103 msgid "" "If, however, the I<env_reset> option is disabled, any variables not " "explicitly denied by the I<env_check> and I<env_delete> options are " "inherited from the invoking process. In this case, I<env_check> and " "I<env_delete> behave like a blacklist. Since it is not possible to " "blacklist all potentially dangerous environment variables, use of the " "default I<env_reset> behavior is encouraged." msgstr "" "Si, cependant, l'option I<env_reset> est désactivée, toutes les variables " "non explicitement refusées par les options I<env_check> et I<env_delete> " "sont héritées du processus appelant. Dans ce cas, I<env_check> et " "I<env_delete> se comportent comme une liste noire. Dans la mesure où il " "n'est pas possible de mettre en liste noire toutes les variables " "d'environnement potentiellement dangereuses, l'utilisation du comportement " "par défaut de I<env_reset> est encouragé." #. type: textblock #: C/sudoers.pod:110 msgid "" "In all cases, environment variables with a value beginning with C<()> are " "removed as they could be interpreted as B<bash> functions. The list of " "environment variables that B<sudo> allows or denies is contained in the " "output of C<sudo -V> when run as root." msgstr "" "Dans tous les cas, les variables d'environnement avec une valeur commençant " "par C<()> sont supprimées étant donné qu'elles pourraient être interprétées " "comme des fonctions B<bash>. La liste des variables d'environnement que " "B<sudo> accepte ou refuse est contenue dans la sortie de C<sudo -V> lorsque " "exécuté en tant que superutilisateur." #. type: textblock #: C/sudoers.pod:115 msgid "" "Note that the dynamic linker on most operating systems will remove variables " "that can control dynamic linking from the environment of setuid executables, " "including B<sudo>. Depending on the operating system this may include " "C<_RLD*>, C<DYLD_*>, C<LD_*>, C<LDR_*>, C<LIBPATH>, C<SHLIB_PATH>, and " "others. These type of variables are removed from the environment before " "B<sudo> even begins execution and, as such, it is not possible for B<sudo> " "to preserve them." msgstr "" "Veuillez noter que les éditeurs de liens sur la plupart des systèmes " "d'exploitation supprimeront les variables qui peuvent contrôler l'édition " "dynamique de liens depuis l'environnement des exécutables setuid incluant " "B<sudo>. Selon le système d'exploitation, cela peut inclure C<_RLD*>, " "C<DYLD_*>, C<LD_*>, C<LDR_*>, C<LIBPATH>, C<SHLIB_PATH> et autres. Ces types " "de variables sont supprimés de l'environnement avant même que B<sudo> " "commence l'exécution et, comme tel, il n'est pas possible pour B<sudo> de " "les préserver." #. type: textblock #: C/sudoers.pod:123 msgid "" "As a special case, if B<sudo>'s B<-i> option (initial login) is specified, " "I<sudoers> will initialize the environment regardless of the value of " "I<env_reset>. The I<DISPLAY>, I<PATH> and I<TERM> variables remain " "unchanged; I<HOME>, I<MAIL>, I<SHELL>, I<USER>, and I<LOGNAME> are set based " "on the target user. On AIX (and Linux systems without PAM), the contents of " "F</etc/environment> are also included. On BSD systems, if the " "I<use_loginclass> option is enabled, the I<path> and I<setenv> variables in " "F</etc/login.conf> are also applied. All other environment variables are " "removed." msgstr "" "Exceptionnellement, si l'option B<-i> (login initial) de B<sudo> est " "spécifiée, I<sudoers> initialisera l'environnement sans tenir compte de la " "valeur de I<env_reset>. Les variables I<DISPLAY>, I<PATH> et I<TERM> restent " "inchangées : I<HOME>, I<MAIL>, I<SHELL>, I<USER>, et I<LOGNAME> sont réglées " "en fonction de l'utilisateur cible. Sur AIX (et les systèmes Linux sans " "PAM), le contenu de F</etc/environment> est également inclus. Sur les " "systèmes BSD, si l'option I<use_loginclass> est activée, les variables " "I<path> et I<setenv> de F</etc/login.conf> sont également appliquées. Toutes " "les autres variables d'environnement sont supprimées." #. type: textblock #: C/sudoers.pod:133 msgid "" "Finally, if the I<env_file> option is defined, any variables present in that " "file will be set to their specified values as long as they would not " "conflict with an existing environment variable." msgstr "" "Enfin, si l'option I<env_file> est définie, toutes les variables présentes " "dans ce fichier seront réglées aux valeurs spécifiées tant qu'elles " "n'entrent pas en conflit avec une variable d'environnement existante." #. type: =head1 #: C/sudoers.pod:137 msgid "SUDOERS FILE FORMAT" msgstr "FORMAT DU FICHIER SUDOERS" #. type: textblock #: C/sudoers.pod:139 msgid "" "The I<sudoers> file is composed of two types of entries: aliases (basically " "variables) and user specifications (which specify who may run what)." msgstr "" "Le fichier I<sudoers> est composé de deux types d'entrées : les alias " "(essentiellement, des variables) et les spécifications d'utilisateurs (qui " "indiquent qui peut lancer quoi)." #. type: textblock #: C/sudoers.pod:143 msgid "" "When multiple entries match for a user, they are applied in order. Where " "there are multiple matches, the last match is used (which is not necessarily " "the most specific match)." msgstr "" "Quand plusieurs entrées correspondent à un utilisateur, elles sont " "appliquées dans l'ordre. S'il y a plusieurs correspondances, la dernière est " "utilisée (ce n'est pas nécessairement la plus spécifique)." #. type: textblock #: C/sudoers.pod:147 msgid "" "The I<sudoers> grammar will be described below in Extended Backus-Naur Form " "(EBNF). Don't despair if you don't know what EBNF is; it is fairly simple, " "and the definitions below are annotated." msgstr "" "La grammaire de I<sudoers> est décrite ci-dessous en forme Backus-Naur " "étendue (« Extended Backus-Naur Form » â?? EBNF). Ne vous inquiétez pas si " "vous ne savez pas ce qu'est EBNF ; c'est relativement simple et les " "définitions sont annotées." #. type: =head2 #: C/sudoers.pod:151 msgid "Quick guide to EBNF" msgstr "Guide rapide pour EBNF" #. type: textblock #: C/sudoers.pod:153 msgid "" "EBNF is a concise and exact way of describing the grammar of a language. " "Each EBNF definition is made up of I<production rules>. E.g.," msgstr "" "EBNF est une façon concise et exacte de décrire la grammaire d'un langage. " "Chaque définition EBNF est faite à partir de I<règles de production>. Par " "exemple, " #. type: verbatim #: C/sudoers.pod:156 #, no-wrap msgid "" " symbol ::= definition | alternate1 | alternate2 ...\n" "\n" msgstr "" " symbole ::= définition | alternative1 | alternative2 â?¦\n" "\n" #. type: textblock #: C/sudoers.pod:158 msgid "" "Each I<production rule> references others and thus makes up a grammar for " "the language. EBNF also contains the following operators, which many " "readers will recognize from regular expressions. Do not, however, confuse " "them with \"wildcard\" characters, which have different meanings." msgstr "" "Chaque I<règle de production> fait référence à d'autres règles et forme " "ainsi une grammaire pour le langage. EBNF contient aussi les opérateurs " "suivants, que de nombreux lecteurs pourraient prendre pour des opérateurs " "d'expressions rationnelles. Ne les confondez pas avec les caractères " "« joker » qui ont des significations différentes." #. type: =item #: C/sudoers.pod:166 C/sudoers.pod:592 msgid "C<?>" msgstr "C<?>" #. type: textblock #: C/sudoers.pod:168 msgid "" "Means that the preceding symbol (or group of symbols) is optional. That is, " "it may appear once or not at all." msgstr "" "Signifie que le symbole (ou groupe de symboles) précédent est optionnel, " "c'est-à -dire qu'il peut apparaître une fois ou pas du tout." #. type: =item #: C/sudoers.pod:171 C/sudoers.pod:588 msgid "C<*>" msgstr "C<*>" #. type: textblock #: C/sudoers.pod:173 msgid "" "Means that the preceding symbol (or group of symbols) may appear zero or " "more times." msgstr "" "Signifie que le symbole (ou groupe de symboles) précédent peut apparaître " "zéro ou plusieurs fois." #. type: =item #: C/sudoers.pod:176 msgid "C<+>" msgstr "C<+>" #. type: textblock #: C/sudoers.pod:178 msgid "" "Means that the preceding symbol (or group of symbols) may appear one or more " "times." msgstr "" "Signifie que le symbole (ou groupe de symboles) précédent peut apparaître " "une ou plusieurs fois." #. type: textblock #: C/sudoers.pod:183 msgid "" "Parentheses may be used to group symbols together. For clarity, we will use " "single quotes ('') to designate what is a verbatim character string (as " "opposed to a symbol name)." msgstr "" "Les parenthèses peuvent être utilisées pour regrouper les symboles. Pour " "plus de clarté, nous utiliserons les guillemets simples anglais ('') pour " "désigner les chaînes de caractères à laisser telles quelles (par opposition " "avec les noms de symboles)." #. type: =head2 #: C/sudoers.pod:187 msgid "Aliases" msgstr "Alias" #. type: textblock #: C/sudoers.pod:189 msgid "" "There are four kinds of aliases: C<User_Alias>, C<Runas_Alias>, " "C<Host_Alias> and C<Cmnd_Alias>." msgstr "" "Il y a quatre types d'alias : C<User_Alias>, C<Runas_Alias>, C<Host_Alias> " "et C<Cmnd_Alias>." #. type: verbatim #: C/sudoers.pod:192 #, no-wrap msgid "" " Alias ::= 'User_Alias' User_Alias (':' User_Alias)* |\n" "\t 'Runas_Alias' Runas_Alias (':' Runas_Alias)* |\n" "\t 'Host_Alias' Host_Alias (':' Host_Alias)* |\n" "\t 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)*\n" "\n" msgstr "" " Alias ::= 'User_Alias' User_Alias (':' User_Alias)* |\n" "\t 'Runas_Alias' Runas_Alias (':' Runas_Alias)* |\n" "\t 'Host_Alias' Host_Alias (':' Host_Alias)* |\n" "\t 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)*\n" "\n" #. type: verbatim #: C/sudoers.pod:197 #, no-wrap msgid "" " User_Alias ::= NAME '=' User_List\n" "\n" msgstr "" " User_Alias ::= NOM '=' User_List\n" "\n" #. type: verbatim #: C/sudoers.pod:199 #, no-wrap msgid "" " Runas_Alias ::= NAME '=' Runas_List\n" "\n" msgstr "" " Runas_Alias ::= NOM '=' Runas_List\n" "\n" #. type: verbatim #: C/sudoers.pod:201 #, no-wrap msgid "" " Host_Alias ::= NAME '=' Host_List\n" "\n" msgstr "" " Host_Alias ::= NOM '=' Host_List\n" "\n" #. type: verbatim #: C/sudoers.pod:203 #, no-wrap msgid "" " Cmnd_Alias ::= NAME '=' Cmnd_List\n" "\n" msgstr "" " Cmnd_Alias ::= NOM '=' Cmnd_List\n" "\n" #. type: verbatim #: C/sudoers.pod:205 #, no-wrap msgid "" " NAME ::= [A-Z]([A-Z][0-9]_)*\n" "\n" msgstr "" " NOM ::= [A-Z]([A-Z][0-9]_)*\n" "\n" #. type: textblock #: C/sudoers.pod:207 msgid "Each I<alias> definition is of the form" msgstr "Chaque définition d'I<alias> est de la forme :" #. type: verbatim #: C/sudoers.pod:209 #, no-wrap msgid "" " Alias_Type NAME = item1, item2, ...\n" "\n" msgstr "" " Alias_Type NOM = item1, item2, ...\n" "\n" #. type: textblock #: C/sudoers.pod:211 msgid "" "where I<Alias_Type> is one of C<User_Alias>, C<Runas_Alias>, C<Host_Alias>, " "or C<Cmnd_Alias>. A C<NAME> is a string of uppercase letters, numbers, and " "underscore characters ('_'). A C<NAME> B<must> start with an uppercase " "letter. It is possible to put several alias definitions of the same type on " "a single line, joined by a colon (':'). E.g.," msgstr "" "où I<Alias_Type> est C<User_Alias>, C<Runas_Alias>, C<Host_Alias> ou " "C<Cmnd_Alias>. Un C<NOM> est une chaîne de caractères formée de lettres " "capitales, de nombres et de caractères « underscore » ('_'). Un C<NOM> " "B<doit> commencer par une lettre capitale. Il est possible de mettre " "plusieurs définitions d'alias du même type sur une seule ligne, séparées par " "deux-points (« : »). Par exemple, " #. type: verbatim #: C/sudoers.pod:217 #, no-wrap msgid "" " Alias_Type NAME = item1, item2, item3 : NAME = item4, item5\n" "\n" msgstr "" " Alias_Type NOM = item1, item2, item3 : NOM = item4, item5\n" "\n" #. type: textblock #: C/sudoers.pod:219 msgid "The definitions of what constitutes a valid I<alias> member follow." msgstr "" "Les définitions de ce qui constitue un élément possible d'I<alias> suivent." #. type: verbatim #: C/sudoers.pod:221 #, no-wrap msgid "" " User_List ::= User |\n" "\t User ',' User_List\n" "\n" msgstr "" " Liste_Utilisateurs ::= Utilisateur |\n" "\t Utilisateur ',' Liste_Utilisateurs\n" "\n" #. type: verbatim #: C/sudoers.pod:224 #, no-wrap msgid "" " User ::= '!'* user name |\n" "\t '!'* #uid |\n" "\t '!'* %group |\n" "\t '!'* %#gid |\n" "\t '!'* +netgroup |\n" "\t '!'* %:nonunix_group |\n" "\t '!'* %:#nonunix_gid |\n" "\t '!'* User_Alias\n" "\n" msgstr "" " Utilisateur ::= '!'* nom utilisateur |\n" "\t '!'* #uid |\n" "\t '!'* %group |\n" "\t '!'* %#gid |\n" "\t '!'* +netgroup |\n" "\t '!'* %:nonunix_group |\n" "\t '!'* %:#nonunix_gid |\n" "\t '!'* User_Alias\n" "\n" #. type: textblock #: C/sudoers.pod:233 msgid "" "A C<User_List> is made up of one or more user names, user ids (prefixed with " "'#'), system group names and ids (prefixed with '%' and '%#' respectively), " "netgroups (prefixed with '+'), non-Unix group names and IDs (prefixed with " "'%:' and '%:#' respectively) and C<User_Alias>es. Each list item may be " "prefixed with zero or more '!' operators. An odd number of '!' operators " "negate the value of the item; an even number just cancel each other out." msgstr "" "Une C<Liste_Utilisateurs> est faite à partir d'un ou plusieurs noms " "d'utilisateurs, des identifiants utilisateurs (préfixés avec « # »), des " "noms et identifiants de groupes système (respectivement préfixés par « % » " "et « %# »), des groupes réseau (préfixés par « + »), des identifiants et " "noms non-Unix (respectivement préfixés par « %: » et « %:# ») et des " "C<Alias_Utilisateur>. Chaque élément de liste peut être préfixé par zéro ou " "plusieurs opérateurs « ! ». Un nombre impair d'opérateurs « ! » inverse la " "valeur de l'élément ; ces opérateurs s'annulent par paire." #. type: textblock #: C/sudoers.pod:241 msgid "" "A C<user name>, C<uid>, C<group>, C<gid>, C<netgroup>, C<nonunix_group> or " "C<nonunix_gid> may be enclosed in double quotes to avoid the need for " "escaping special characters. Alternately, special characters may be " "specified in escaped hex mode, e.g. \\x20 for space. When using double " "quotes, any prefix characters must be included inside the quotes." msgstr "" "Un C<nom_utilisateur>, C<uid>, C<groupe>, C<gid>, C<groupe_réseau>, " "C<groupe_nonunix> ou C<gid_nonunix> peuvent être inclus entre des guillemets " "doubles « \" » pour ne pas avoir à échapper les caractères spéciaux. " "Autrement, les caractères spéciaux peuvent être échappés en mode " "hexadécimal, par exemple \\x20 pour l'espace. Quand les guillemets doubles " "sont utilisés, tous les caractères préfixes doivent se trouver entre les " "guillemets." #. type: textblock #: C/sudoers.pod:248 msgid "" "The actual C<nonunix_group> and C<nonunix_gid> syntax depends on the " "underlying group provider plugin (see the I<group_plugin> description " "below). For instance, the QAS AD plugin supports the following formats:" msgstr "" "La syntaxe de C<groupe_nonunix> et C<gid_nonunix> dépend du greffon " "fournissant le groupe sous-jacent (voir la description I<greffon_groupe> " "plus loin). Par exemple, le plugin QAS AD gère les formats suivants :" #. type: textblock #: C/sudoers.pod:257 msgid "Group in the same domain: \"Group Name\"" msgstr "Groupe dans le même domaine : \"nom du groupe\"" #. type: textblock #: C/sudoers.pod:261 msgid "Group in any domain: \"Group Name@FULLY.QUALIFIED.DOMAIN\"" msgstr "" "Groupe dans n'importe quel domaine : \"nom du groupe@DOMAINE.TOTALEMENT." "QUALIFIÃ?\"" #. type: textblock #: C/sudoers.pod:265 msgid "Group SID: \"S-1-2-34-5678901234-5678901234-5678901234-567\"" msgstr "SID du groupe : \"S-1-2-34-5678901234-5678901234-5678901234-567\"" #. type: textblock #: C/sudoers.pod:269 msgid "" "Note that quotes around group names are optional. Unquoted strings must use " "a backslash (\\) to escape spaces and special characters. See L<\"Other " "special characters and reserved words\"> for a list of characters that need " "to be escaped." msgstr "" "Veuillez noter que les guillemets autour des noms de groupes sont " "optionnels. Les chaînes sans guillemets doivent utiliser un backslash (\\) " "pour échapper les espaces et les caractères spéciaux. Voir L<\"Autres " "caractères spéciaux et mots réservés\"> pour une liste de caractères devant " "être échappés." #. type: verbatim #: C/sudoers.pod:274 #, no-wrap msgid "" " Runas_List ::= Runas_Member |\n" "\t\tRunas_Member ',' Runas_List\n" "\n" msgstr "" " Liste_Runas ::= Membre_Runas |\n" "\t\tMembre_Runas ',' Liste_Runas\n" "\n" #. type: verbatim #: C/sudoers.pod:277 #, no-wrap msgid "" " Runas_Member ::= '!'* user name |\n" "\t '!'* #uid |\n" "\t '!'* %group |\n" "\t '!'* %#gid |\n" "\t '!'* %:nonunix_group |\n" "\t '!'* %:#nonunix_gid |\n" "\t '!'* +netgroup |\n" "\t '!'* Runas_Alias\n" "\n" msgstr "" " Membre_Runas ::= '!'* nom utilisateur |\n" "\t '!'* #uid |\n" "\t '!'* %groupe |\n" "\t '!'* %#gid |\n" "\t '!'* %:groupe_nonunix |\n" "\t '!'* %:#gid_nonunix |\n" "\t '!'* +netgroup |\n" "\t '!'* Alias_Runas\n" "\n" #. type: textblock #: C/sudoers.pod:286 msgid "" "A C<Runas_List> is similar to a C<User_List> except that instead of " "C<User_Alias>es it can contain C<Runas_Alias>es. Note that user names and " "groups are matched as strings. In other words, two users (groups) with the " "same uid (gid) are considered to be distinct. If you wish to match all user " "names with the same uid (e.g.E<nbsp>root and toor), you can use a uid " "instead (#0 in the example given)." msgstr "" "Une C<Liste_Runas> est similaire à une C<Liste_Utilisateurs> sauf qu'elle " "contient des C<Alias_Runas> au lieu d'C<Alias_utilisateurs>. Veuillez noter " "que les noms d'utilisateurs et de groupes sont comparés en tant que " "chaînes de caractères. Autrement dit, deux utilisateurs (groupes) ayant le " "même uid (gid) sont considérés distincts. Si vous souhaitez faire " "correspondre tous les noms d'utilisateurs avec le même uid (par exemple root " "et toor), vous pouvez utiliser un uid à la place (#0 dans l'exemple donné)." #. type: verbatim #: C/sudoers.pod:293 #, no-wrap msgid "" " Host_List ::= Host |\n" "\t Host ',' Host_List\n" "\n" msgstr "" " Liste_Hôtes ::= Hôte |\n" "\t Hôte ',' Liste_Hôtes\n" "\n" #. type: verbatim #: C/sudoers.pod:296 #, no-wrap msgid "" " Host ::= '!'* host name |\n" "\t '!'* ip_addr |\n" "\t '!'* network(/netmask)? |\n" "\t '!'* +netgroup |\n" "\t '!'* Host_Alias\n" "\n" msgstr "" " Hôte ::= '!'* nom de l'hôte |\n" "\t '!'* adresse_ip |\n" "\t '!'* réseau(/netmask)? |\n" "\t '!'* +netgroup |\n" "\t '!'* Host_Alias\n" "\n" #. type: textblock #: C/sudoers.pod:302 msgid "" "A C<Host_List> is made up of one or more host names, IP addresses, network " "numbers, netgroups (prefixed with '+') and other aliases. Again, the value " "of an item may be negated with the '!' operator. If you do not specify a " "netmask along with the network number, B<sudo> will query each of the local " "host's network interfaces and, if the network number corresponds to one of " "the hosts's network interfaces, the corresponding netmask will be used. The " "netmask may be specified either in standard IP address notation (e.g." "E<nbsp>255.255.255.0 or ffff:ffff:ffff:ffff::), or CIDR notation (number of " "bits, e.g.E<nbsp>24 or 64). A host name may include shell-style wildcards " "(see the L<Wildcards> section below), but unless the C<host name> command on " "your machine returns the fully qualified host name, you'll need to use the " "I<fqdn> option for wildcards to be useful. Note B<sudo> only inspects " "actual network interfaces; this means that IP address 127.0.0.1 (localhost) " "will never match. Also, the host name \"localhost\" will only match if that " "is the actual host name, which is usually only the case for non-networked " "systems." msgstr "" "Une C<Liste_Hôtes> est faite d'un ou plusieurs noms d'hôtes, d'adresses IP, " "de numéros de réseau, de groupes réseau (préfixés par « + ») et d'autres " "alias. Ã? nouveau, la valeur d'un élément peut être inversée avec l'opérateur " "« ! ». Si vous n'indiquez pas un masque de sous-réseau avec l'adresse du " "réseau, B<sudo> fera une requête à chacune des interfaces réseau de l'hôte " "et, si l'adresse correspond à une de ces interfaces, le masque correspondant " "sera utilisé. Le masque de réseau peut être indiqué soit avec la notation IP " "standard (par exemple 255.255.255.0 ou ffff:ffff:ffff:ffff::) ou la notation " "CIDR (en nombre de bits, comme 24 ou 64). Un nom d'hôte peut contenir des " "jokers d'interpréteur de commandes (voir la section L<Jokers> plus loin), " "mais à moins que la commande C<host name> de votre machine ne renvoie le nom " "d'hôte totalement qualifié, vous aurez besoin d'utiliser l'option I<fqdn> " "pour que les jokers soient utiles. Veuillez noter que B<sudo> n'inspecte que " "les vraies interfaces réseau ; cela signifie que l'adresse 127.0.0.1 " "(localhost) ne correspondra jamais. De plus, le nom d'hôte « localhost » ne " "correspondra que si c'est le nom d'hôte de la machine, ce qui n'est " "généralement le cas que pour les systèmes coupés de tout réseau." #. type: verbatim #: C/sudoers.pod:321 #, no-wrap msgid "" " Cmnd_List ::= Cmnd |\n" "\t Cmnd ',' Cmnd_List\n" "\n" msgstr "" " Liste_Commandes ::= Commande |\n" "\n" " Commande ',' Liste_Commandes\n" "\n" #. type: verbatim #: C/sudoers.pod:324 #, no-wrap msgid "" " commandname ::= file name |\n" "\t file name args |\n" "\t file name '\"\"'\n" "\n" msgstr "" " nom de commande ::= nom de fichier |\n" "\t arguments du nom de fichier |\n" "\t nom de fichier'\"\"'\n" "\n" #. type: verbatim #: C/sudoers.pod:328 #, no-wrap msgid "" " Cmnd ::= '!'* commandname |\n" "\t '!'* directory |\n" "\t '!'* \"sudoedit\" |\n" "\t '!'* Cmnd_Alias\n" "\n" msgstr "" " Commande ::= '!'* nom de commande |\n" "\t '!'* répertoire |\n" "\t '!'* \"sudoedit\" |\n" "\t '!'* Alias_Commande\n" "\n" #. type: textblock #: C/sudoers.pod:333 msgid "" "A C<Cmnd_List> is a list of one or more commandnames, directories, and other " "aliases. A commandname is a fully qualified file name which may include " "shell-style wildcards (see the L<Wildcards> section below). A simple file " "name allows the user to run the command with any arguments he/she wishes. " "However, you may also specify command line arguments (including wildcards). " "Alternately, you can specify C<\"\"> to indicate that the command may only " "be run B<without> command line arguments. A directory is a fully qualified " "path name ending in a '/'. When you specify a directory in a C<Cmnd_List>, " "the user will be able to run any file within that directory (but not in any " "subdirectories therein)." msgstr "" "Une C<Liste_Commandes> est une liste d'un ou plusieurs noms de commandes, " "répertoires et autres alias. Un nom de commande est un nom de fichier " "totalement qualifié qui peut inclure des jokers dans le style des " "interpréteurs de commandes (voir la section L<Jokers> plus loin). Un nom de " "fichier simple permet à l'utilisateur de lancer la commande avec tous les " "arguments qu'il souhaite. Cependant, vous pouvez également indiquer des " "arguments en ligne de commande (y-compris des jokers). Autrement, vous " "pouvez utiliser C<\"\"> pour indiquer que la commande ne peut être lancée " "que sans argument. Un répertoire est un nom de chemin totalement qualifié " "se terminant par « / ». Quand vous indiquez un répertoire dans une " "C<Liste_Commandes>, l'utilisateur peut exécuter tous les fichiers du " "répertoire (mais pas les fichiers de ses sous-répertoires)." #. type: textblock #: C/sudoers.pod:344 msgid "" "If a C<Cmnd> has associated command line arguments, then the arguments in " "the C<Cmnd> must match exactly those given by the user on the command line " "(or match the wildcards if there are any). Note that the following " "characters must be escaped with a '\\' if they are used in command " "arguments: ',', ':', '=', '\\'. The special command C<\"sudoedit\"> is used " "to permit a user to run B<sudo> with the B<-e> option (or as B<sudoedit>). " "It may take command line arguments just as a normal command does." msgstr "" "Si une C<Commande> a des arguments de ligne de commande associés, alors les " "arguments de la C<Commande> doivent exactement correspondre à ceux donnés " "par l'utilisateur dans la ligne de commande (ou correspondre aux jokers le " "cas échéant). Veuillez noter que les caractères suivants doivent être " "échappés avec un « \\ » s'ils sont utilisés dans les arguments d'une " "commande : « , », « : », « = », « \\ ». La commande spéciale C<\"sudoedit\"> " "est utilisée pour permettre à l'utilisateur de lancer B<sudo> avec l'option " "B<-e> (ou en tant que B<sudoedit>). Les arguments sont gérés comme avec une " "commande normale." #. type: =head2 #: C/sudoers.pod:353 msgid "Defaults" msgstr "Paramètres par défaut" #. type: textblock #: C/sudoers.pod:355 msgid "" "Certain configuration options may be changed from their default values at " "runtime via one or more C<Default_Entry> lines. These may affect all users " "on any host, all users on a specific host, a specific user, a specific " "command, or commands being run as a specific user. Note that per-command " "entries may not include command line arguments. If you need to specify " "arguments, define a C<Cmnd_Alias> and reference that instead." msgstr "" "Certaines options de configuration peuvent avoir leur valeurs par " "défaut changées à l'exécution grâce à une ou plusieurs lignes C<Entrée_Défaut>. Cela " "peut affecter tous les utilisateurs sur n'importe quel hôte, tous les " "utilisateurs d'un hôte donné, un utilisateur spécifique, une commande " "spécifique ou des commandes exécutées par un utilisateur particulier. " "Veuillez noter que les entrées par commande ne doivent pas inclure " "d'argument de ligne de commande. Si vous avez besoin d'indiquer des " "arguments, définissez un C<Alias_Commande> et référencez-le à la place." #. type: verbatim #: C/sudoers.pod:363 #, no-wrap msgid "" " Default_Type ::= 'Defaults' |\n" "\t\t 'Defaults' '@' Host_List |\n" "\t\t 'Defaults' ':' User_List |\n" "\t\t 'Defaults' '!' Cmnd_List |\n" "\t\t 'Defaults' '>' Runas_List\n" "\n" msgstr "" " Type_Défaut ::= 'Défauts' |\n" "\t\t 'Défauts' '@' Liste_Hôtes |\n" "\t\t 'Défauts' ':' Liste_Utilisateurs |\n" "\t\t 'Défauts' '!' Liste_Commandes |\n" "\t\t 'Défauts' '>' Liste_Runas\n" "\n" #. type: verbatim #: C/sudoers.pod:369 #, no-wrap msgid "" " Default_Entry ::= Default_Type Parameter_List\n" "\n" msgstr "" " Entrée_Défaut ::= Type_Défaut Liste_Paramètres\n" "\n" #. type: verbatim #: C/sudoers.pod:371 #, no-wrap msgid "" " Parameter_List ::= Parameter |\n" "\t\t Parameter ',' Parameter_List\n" "\n" msgstr "" " Liste_Paramètres ::= Paramètre |\n" "\t\t Paramètre ',' Liste_Paramètres\n" "\n" #. type: verbatim #: C/sudoers.pod:374 #, no-wrap msgid "" " Parameter ::= Parameter '=' Value |\n" "\t Parameter '+=' Value |\n" "\t Parameter '-=' Value |\n" "\t '!'* Parameter\n" "\n" msgstr "" " Paramètre ::= Paramètre '=' Valeur |\n" "\t Paramètre '+=' Valeur |\n" "\t Paramètre '-=' Valeur |\n" "\t '!'* Paramètre\n" "\n" #. type: textblock #: C/sudoers.pod:379 msgid "" "Parameters may be B<flags>, B<integer> values, B<strings>, or B<lists>. " "Flags are implicitly boolean and can be turned off via the '!' operator. " "Some integer, string and list parameters may also be used in a boolean " "context to disable them. Values may be enclosed in double quotes (C<\">) " "when they contain multiple words. Special characters may be escaped with a " "backslash (C<\\>)." msgstr "" "Les paramètres peuvent être des B<drapeaux>, des B<entiers>, des B<chaînes> " "ou des B<listes>. Les drapeaux sont des booléens et peuvent être désactivés " "grâce à l'opérateur « ! ». Des paramètres entiers, chaînes et listes peuvent " "également être utilisés dans un contexte booléen pour les désactiver. Les " "valeurs peuvent être incluses entre des guillemets anglais doubles (C<\">) " "quand ils contiennent plusieurs mots. Les caractères spéciaux peuvent être " "échappés avec un backslash (C<\\>)." #. type: textblock #: C/sudoers.pod:386 msgid "" "Lists have two additional assignment operators, C<+=> and C<-=>. These " "operators are used to add to and delete from a list respectively. It is not " "an error to use the C<-=> operator to remove an element that does not exist " "in a list." msgstr "" "Les listes ont deux opérateurs d'assignation additionnels, C<+=> et C<-=>. " "Ces opérateurs sont respectivement utilisés pour ajouter et supprimer dans " "une liste. Utiliser l'opérateur C<-=> pour retirer un élément n'existant pas " "dans la liste n'est pas une erreur." #. type: textblock #: C/sudoers.pod:391 msgid "" "Defaults entries are parsed in the following order: generic, host and user " "Defaults first, then runas Defaults and finally command defaults." msgstr "" "Les entrées par défaut sont traitées dans l'ordre suivant : générique, hôte " "et utilisateur. D'abord les défauts, puis les runas par défaut et enfin les " "commandes par défaut." #. type: textblock #: C/sudoers.pod:395 msgid "See L<\"SUDOERS OPTIONS\"> for a list of supported Defaults parameters." msgstr "" "Consultez L<\"OPTIONS SUDOERS\"> pour une liste des paramètres par défaut " "gérés." #. type: =head2 #: C/sudoers.pod:397 msgid "User Specification" msgstr "Spécification utilisateur" #. type: verbatim #: C/sudoers.pod:399 #, no-wrap msgid "" " User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \\\n" "\t (':' Host_List '=' Cmnd_Spec_List)*\n" "\n" msgstr "" " Spec_Utilisateur ::= List_Utilisateurs Liste_Hôtes '=' Liste_Spec_Commande\\\n" "\t (':' Liste_Hôtes '=' Liste_Spec_Commande)*\n" "\n" #. type: verbatim #: C/sudoers.pod:402 #, no-wrap msgid "" " Cmnd_Spec_List ::= Cmnd_Spec |\n" "\t\t Cmnd_Spec ',' Cmnd_Spec_List\n" "\n" msgstr "" " Liste_Spec_Commande ::= Spec_Commande |\n" "\t\t Spec_Commande ',' Liste_Spec_Commande\n" "\n" #. type: verbatim #: C/sudoers.pod:405 #, no-wrap msgid "" " Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd\n" "\n" msgstr "" " Spec_Commande ::= Spec_Runas? Spec_SELinux? Spec_Tag* Commande\n" "\n" #. type: verbatim #: C/sudoers.pod:407 #, no-wrap msgid "" " Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'\n" "\n" msgstr "" " Spec_Runas ::= '(' Liste_Runas? (':' Liste_Runas)? ')'\n" "\n" #. type: verbatim #: C/sudoers.pod:409 #, no-wrap msgid "" " SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')\n" "\n" msgstr "" " Spec_SELinux ::= ('ROLE=role' | 'TYPE=type')\n" "\n" #. type: verbatim #: C/sudoers.pod:411 #, no-wrap msgid "" " Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |\n" "\t 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |\n" " 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')\n" "\n" msgstr "" " Spec_Tag ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |\n" "\t 'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |\n" " 'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')\n" "\n" #. type: textblock #: C/sudoers.pod:415 msgid "" "A B<user specification> determines which commands a user may run (and as " "what user) on specified hosts. By default, commands are run as B<root>, but " "this can be changed on a per-command basis." msgstr "" "Une B<spécification utilisateur> détermine quelles commandes un utilisateur " "peut lancer (et en tant que tel utilisateur) sur les hôtes indiqués. Par " "défaut, les commandes sont lancées en tant que B<root> mais cela peut être " "changé au niveau de chaque commande." #. type: textblock #: C/sudoers.pod:419 msgid "" "The basic structure of a user specification is `who where = (as_whom) " "what'. Let's break that down into its constituent parts:" msgstr "" "La structure basique d'une spécification utilisateur est « qui où = " "(en_tant_que_qui) quoi ». Examinons chaque partie en détail :" #. type: =head2 #: C/sudoers.pod:422 msgid "Runas_Spec" msgstr "Runas_Spec" #. type: textblock #: C/sudoers.pod:424 msgid "" "A C<Runas_Spec> determines the user and/or the group that a command may be " "run as. A fully-specified C<Runas_Spec> consists of two C<Runas_List>s (as " "defined above) separated by a colon (':') and enclosed in a set of " "parentheses. The first C<Runas_List> indicates which users the command may " "be run as via B<sudo>'s B<-u> option. The second defines a list of groups " "that can be specified via B<sudo>'s B<-g> option. If both C<Runas_List>s " "are specified, the command may be run with any combination of users and " "groups listed in their respective C<Runas_List>s. If only the first is " "specified, the command may be run as any user in the list but no B<-g> " "option may be specified. If the first C<Runas_List> is empty but the second " "is specified, the command may be run as the invoking user with the group set " "to any listed in the C<Runas_List>. If no C<Runas_Spec> is specified the " "command may be run as B<root> and no group may be specified." msgstr "" "Une C<Spec_Runas> détermine en tant que quel utilisateur et/ou groupe une " "commande peut être lancée. Une C<Spec_Runas> totalement spécifiée consiste " "en deux C<Listes_Runas> (telles que définies plus tôt) séparées par « : » et " "encadrées de parenthèses. La première C<Liste_Runas> indique en tant que " "quels utilisateurs la commande peut être lancée avec l'option B<-u> de " "B<sudo>. La seconde fait de même pour les groupes avec l'option B<-g> de " "B<sudo>. Si les deux listes sont données, la commande peut être lancée avec " "n'importe quelle combinaison d'utilisateurs et groupes listés dans leur " "C<Listes_Runas> respectives. Si seule la première liste est donnée, la " "commande peut être lancée en tant que n'importe quel utilisateur de la liste " "mais aucune option B<-g> n'est indiquée. Si seule la seconde liste est " "donnée, la commande est lancée en tant que l'utilisateur l'invoquant avec " "n'importe quel groupe appartenant à la liste. Si aucune <Spec_Runas> n'est " "indiquée, la commande est lancée en tant que B<root> et aucun groupe n'est " "spécifié." #. type: textblock #: C/sudoers.pod:440 msgid "" "A C<Runas_Spec> sets the default for the commands that follow it. What this " "means is that for the entry:" msgstr "" "Une C<Spec_Runas> règle la valeur par défaut pour les commandes qui la " "suivent. Cela signifie que pour l'entrée :" #. type: verbatim #: C/sudoers.pod:443 #, no-wrap msgid "" " dgb\tboulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm\n" "\n" msgstr "" " dgb\tboulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm\n" "\n" #. type: textblock #: C/sudoers.pod:445 msgid "" "The user B<dgb> may run F</bin/ls>, F</bin/kill>, and F</usr/bin/lprm> -- " "but only as B<operator>. E.g.," msgstr "" "L'utilisateur B<dgb> peut lancer F</bin/ls>, F</bin/kill>, et F</usr/bin/" "lprm> mais seulement en tant que B<operator>. Par exemple," #. type: verbatim #: C/sudoers.pod:448 #, no-wrap msgid "" " $ sudo -u operator /bin/ls\n" "\n" msgstr "" " $ sudo -u operator /bin/ls\n" "\n" #. type: textblock #: C/sudoers.pod:450 msgid "" "It is also possible to override a C<Runas_Spec> later on in an entry. If we " "modify the entry like so:" msgstr "" "Il est également possible de surcharger une C<Spec_Runas> plus tard dans une " "entrée. Si nous modifions l'entrée ainsi :" #. type: verbatim #: C/sudoers.pod:453 #, no-wrap msgid "" " dgb\tboulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm\n" "\n" msgstr "" " dgb\tboulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm\n" "\n" #. type: textblock #: C/sudoers.pod:455 msgid "" "Then user B<dgb> is now allowed to run F</bin/ls> as B<operator>, but F</bin/" "kill> and F</usr/bin/lprm> as B<root>." msgstr "" "Alors l'utilisateur B<dgb> est maintenant capable de lancer F</bin/ls> en " "tant que B<operator>, mais F</bin/kill> et F</usr/bin/lprm> en tant que " "B<root>." #. type: textblock #: C/sudoers.pod:458 msgid "" "We can extend this to allow B<dgb> to run C</bin/ls> with either the user or " "group set to B<operator>:" msgstr "" "Nous pouvons étendre cela en permettant à B<dgb> de lancer C</bin/ls> avec " "l'utilisateur ou le groupe réglé sur B<operator> :" #. type: verbatim #: C/sudoers.pod:461 #, no-wrap msgid "" " dgb\tboulder = (operator : operator) /bin/ls, (root) /bin/kill, \\\n" "\t/usr/bin/lprm\n" "\n" msgstr "" " dgb\tboulder = (operator : operator) /bin/ls, (root) /bin/kill, \\\n" "\t/usr/bin/lprm\n" "\n" #. type: textblock #: C/sudoers.pod:464 msgid "" "Note that while the group portion of the C<Runas_Spec> permits the user to " "run as command with that group, it does not force the user to do so. If no " "group is specified on the command line, the command will run with the group " "listed in the target user's password database entry. The following would " "all be permitted by the sudoers entry above:" msgstr "" "Veuillez noter que bien que la partie du groupe de la C<Spec_Runas> permet à " "l'utilisateur de lancer une commande avec ce groupe, il n'impose pas à l'utilisateur " "de le faire. Si aucun groupe n'est indiqué dans la ligne de commande, la " "commande est lancée avec le groupe listé dans l'entrée de la base de mots de " "passe de l'utilisateur cible. Les commandes suivantes sont toutes permises " "par l'entrée sudoers précédente :" #. type: verbatim #: C/sudoers.pod:470 #, no-wrap msgid "" " $ sudo -u operator /bin/ls\n" " $ sudo -u operator -g operator /bin/ls\n" " $ sudo -g operator /bin/ls\n" "\n" msgstr "" " $ sudo -u operator /bin/ls\n" " $ sudo -u operator -g operator /bin/ls\n" " $ sudo -g operator /bin/ls\n" "\n" #. type: textblock #: C/sudoers.pod:474 msgid "" "In the following example, user B<tcm> may run commands that access a modem " "device file with the dialer group." msgstr "" "Dans l'exemple suivant, l'utilisateur B<tcm> peut lancer les commandes ayant " "accès au fichier du périphérique modem avec le groupe « dialer »." #. type: verbatim #: C/sudoers.pod:477 #, no-wrap msgid "" " tcm\tboulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \\\n" "\t/usr/local/bin/minicom\n" "\n" msgstr "" " tcm\tboulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \\\n" "\t/usr/local/bin/minicom\n" "\n" #. type: textblock #: C/sudoers.pod:480 msgid "" "Note that in this example only the group will be set, the command still runs " "as user B<tcm>. E.g." msgstr "" "Veuillez noter que seul le groupe est réglé par cet exemple, la commande est " "toujours lancée en tant que B<tcm>. Par exemple :" #. type: verbatim #: C/sudoers.pod:483 #, no-wrap msgid "" " $ sudo -g dialer /usr/bin/cu\n" "\n" msgstr "" " $ sudo -g dialer /usr/bin/cu\n" "\n" #. type: textblock #: C/sudoers.pod:485 msgid "" "Multiple users and groups may be present in a C<Runas_Spec>, in which case " "the user may select any combination of users and groups via the B<-u> and B<-" "g> options. In this example:" msgstr "" "Plusieurs utilisateurs et groupes peuvent se trouver dans une C<Spec_Runas>, " "auquel cas l'utilisateur peut choisir toute combinaison d'utilisateurs et " "groupes avec les options B<-u> et B<-g>. Dans cet exemple :" #. type: verbatim #: C/sudoers.pod:489 #, no-wrap msgid "" " alan\tALL = (root, bin : operator, system) ALL\n" "\n" msgstr "" " alan\tALL = (root, bin : operator, system) ALL\n" "\n" #. type: textblock #: C/sudoers.pod:491 msgid "" "user B<alan> may run any command as either user root or bin, optionally " "setting the group to operator or system." msgstr "" "l'utilisateur B<alan> peut lancer n'importe quelle commande, soit en tant " "que root, soit en tant que bin, tout en réglant le groupe de façon " "optionnelle à operator ou system." #. type: =head2 #: C/sudoers.pod:494 msgid "SELinux_Spec" msgstr "SELinux_Spec" #. type: textblock #: C/sudoers.pod:496 msgid "" "On systems with SELinux support, I<sudoers> entries may optionally have an " "SELinux role and/or type associated with a command. If a role or type is " "specified with the command it will override any default values specified in " "I<sudoers>. A role or type specified on the command line, however, will " "supercede the values in I<sudoers>." msgstr "" "Sur les systèmes gérant SELinux, les entrées I<sudoers> peuvent " "facultativement avoir un rôle et/ou type SELinux associé à une commande. Si " "un rôle ou type est indiqué avec la commande, il surchargera toute valeur " "par défaut indiquée dans I<sudoers>. Un rôle ou type indiqué sur la ligne de " "commande, en revanche, remplace les valeurs dans I<sudoers>." #. type: =head2 #: C/sudoers.pod:502 msgid "Tag_Spec" msgstr "Tag_Spec" #. type: textblock #: C/sudoers.pod:504 msgid "" "A command may have zero or more tags associated with it. There are eight " "possible tag values, C<NOPASSWD>, C<PASSWD>, C<NOEXEC>, C<EXEC>, C<SETENV>, " "C<NOSETENV>, C<LOG_INPUT>, C<NOLOG_INPUT>, C<LOG_OUTPUT> and " "C<NOLOG_OUTPUT>. Once a tag is set on a C<Cmnd>, subsequent C<Cmnd>s in the " "C<Cmnd_Spec_List>, inherit the tag unless it is overridden by the opposite " "tag (i.e.: C<PASSWD> overrides C<NOPASSWD> and C<NOEXEC> overrides C<EXEC>)." msgstr "" "Une commande peut avoir zéro ou plusieurs étiquettes associées. Il existe " "huit valeurs possibles : C<NOPASSWD>, C<PASSWD>, C<NOEXEC>, C<EXEC>, " "C<SETENV>, C<NOSETENV>, C<LOG_INPUT>, C<NOLOG_INPUT>, C<LOG_OUTPUT> et " "C<NOLOG_OUTPUT>. Quand une étiquette est associée à une C<Commande>, les " "C<Commande>s suivantes dans la C<Liste_Spec_Commande> en héritent à moins " "qu'elle ne soit surchargée par l'étiquette opposée (par exemple, C<PASSWD> " "surcharge C<NOPASSWD> et C<NOEXEC> surcharge C<EXEC>)." #. type: =head3 #: C/sudoers.pod:512 msgid "NOPASSWD and PASSWD" msgstr "NOPASSWD et PASSWD" #. type: textblock #: C/sudoers.pod:514 msgid "" "By default, B<sudo> requires that a user authenticate him or herself before " "running a command. This behavior can be modified via the C<NOPASSWD> tag. " "Like a C<Runas_Spec>, the C<NOPASSWD> tag sets a default for the commands " "that follow it in the C<Cmnd_Spec_List>. Conversely, the C<PASSWD> tag can " "be used to reverse things. For example:" msgstr "" "Par défaut, B<sudo> nécessite que l'utilisateur s'authentifie avant de " "lancer une commande. Ce comportement peut être modifié avec l'étiquette " "C<NOPASSWD>. Comme pour une C<Spec_Runas>, l'étiquette C<NOPASSWD> définit " "une valeur par défaut pour les commandes la suivant dans la " "C<Liste_Spec_Commande>. Au contraire, l'étiquette C<PASSWD> peut être " "utilisée pour inverser les choses. Par exemple :" #. type: verbatim #: C/sudoers.pod:521 #, no-wrap msgid "" " ray\trushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm\n" "\n" msgstr "" " ray\trushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm\n" "\n" #. type: textblock #: C/sudoers.pod:523 msgid "" "would allow the user B<ray> to run F</bin/kill>, F</bin/ls>, and F</usr/bin/" "lprm> as B<root> on the machine rushmore without authenticating himself. If " "we only want B<ray> to be able to run F</bin/kill> without a password the " "entry would be:" msgstr "" "permet à l'utilisateur B<ray> de lancer F</bin/kill>, F</bin/ls> et F</usr/" "bin/lprm> en tant que B<root> sur la machine rushmore sans avoir à " "s'authentifier. Si nous voulions que B<ray> ne soit capable de lancer que " "F</bin/kill> sans mot de passe, l'entrée serait :" #. type: verbatim #: C/sudoers.pod:528 #, no-wrap msgid "" " ray\trushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm\n" "\n" msgstr "" " ray\trushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm\n" "\n" #. type: textblock #: C/sudoers.pod:530 msgid "" "Note, however, that the C<PASSWD> tag has no effect on users who are in the " "group specified by the I<exempt_group> option." msgstr "" "Veuillez noter, en revanche, que l'étiquette C<PASSWD> n'a aucun effet sur " "les utilisateurs se trouvant dans le groupe indiqué par l'option " "I<exempt_group>." #. type: textblock #: C/sudoers.pod:533 msgid "" "By default, if the C<NOPASSWD> tag is applied to any of the entries for a " "user on the current host, he or she will be able to run C<sudo -l> without a " "password. Additionally, a user may only run C<sudo -v> without a password " "if the C<NOPASSWD> tag is present for all a user's entries that pertain to " "the current host. This behavior may be overridden via the verifypw and " "listpw options." msgstr "" "Par défaut, si l'étiquette C<NOPASSWD> est appliquée à une des entrées pour " "un utilisateur sur l'hôte actuel, cet utilisateur sera capable de lancer C<sudo -l> sans " "mot de passe. De plus, un utilisateur ne peut exécuter C<sudo -v> sans mot " "de passe que si C<NOPASSWD> est présent pour chaque entrée de l'utilisateur " "qui concerne l'hôte actuel. Ce comportement peut être surchargé grâce aux " "options verifypw et listpw." #. type: =head3 #: C/sudoers.pod:540 msgid "NOEXEC and EXEC" msgstr "NOEXEC et EXEC" #. type: textblock #: C/sudoers.pod:542 msgid "" "If B<sudo> has been compiled with I<noexec> support and the underlying " "operating system supports it, the C<NOEXEC> tag can be used to prevent a " "dynamically-linked executable from running further commands itself." msgstr "" "Si B<sudo> a été compilé avec la prise en charge de I<noexec> et que le " "système d'exploitation le gère, l'étiquette C<NOEXEC> peut être utilisée " "pour empêcher un exécutable lié dynamiquement de lancer d'autres commandes " "lui-même." #. type: textblock #: C/sudoers.pod:546 msgid "" "In the following example, user B<aaron> may run F</usr/bin/more> and F</usr/" "bin/vi> but shell escapes will be disabled." msgstr "" "Dans l'exemple suivant, l'utilisateur B<aaron> peut lancer F</usr/bin/more> " "et F</usr/bin/vi> mais les échappements de l'interpréteur sont désactivés." #. type: verbatim #: C/sudoers.pod:549 C/sudoers.pod:2061 #, no-wrap msgid "" " aaron\tshanty = NOEXEC: /usr/bin/more, /usr/bin/vi\n" "\n" msgstr "" " aaron\tshanty = NOEXEC: /usr/bin/more, /usr/bin/vi\n" "\n" #. type: textblock #: C/sudoers.pod:551 msgid "" "See the L<Preventing Shell Escapes> section below for more details on how " "C<NOEXEC> works and whether or not it will work on your system." msgstr "" "Veuillez consulter la section L<Empêcher les protections de l'interpréteur> " "si vous voulez plus de détails sur la façon dont C<NOEXEC> fonctionne et " "s'il fonctionnera ou non sur votre système." #. type: =head3 #: C/sudoers.pod:554 msgid "SETENV and NOSETENV" msgstr "SETENV et NOSETENV" #. type: textblock #: C/sudoers.pod:556 msgid "" "These tags override the value of the I<setenv> option on a per-command " "basis. Note that if C<SETENV> has been set for a command, the user may " "disable the I<env_reset> option from the command line via the B<-E> option. " "Additionally, environment variables set on the command line are not subject " "to the restrictions imposed by I<env_check>, I<env_delete>, or I<env_keep>. " "As such, only trusted users should be allowed to set variables in this " "manner. If the command matched is B<ALL>, the C<SETENV> tag is implied for " "that command; this default may be overridden by use of the C<NOSETENV> tag." msgstr "" #. type: =head3 #: C/sudoers.pod:566 msgid "LOG_INPUT and NOLOG_INPUT" msgstr "LOG_INPUT et NOLOG_INPUT" #. type: textblock #: C/sudoers.pod:568 msgid "" "These tags override the value of the I<log_input> option on a per-command " "basis. For more information, see the description of I<log_input> in the L<" "\"SUDOERS OPTIONS\"> section below." msgstr "" #. type: =head3 #: C/sudoers.pod:572 msgid "LOG_OUTPUT and NOLOG_OUTPUT" msgstr "LOG_OUTPUT et NOLOG_OUTPUT" #. type: textblock #: C/sudoers.pod:574 msgid "" "These tags override the value of the I<log_output> option on a per-command " "basis. For more information, see the description of I<log_output> in the L<" "\"SUDOERS OPTIONS\"> section below." msgstr "" #. type: =head2 #: C/sudoers.pod:578 msgid "Wildcards" msgstr "" #. type: textblock #: C/sudoers.pod:580 msgid "" "B<sudo> allows shell-style I<wildcards> (aka meta or glob characters) to be " "used in host names, path names and command line arguments in the I<sudoers> " "file. Wildcard matching is done via the B<POSIX> L<glob(3)> and L<fnmatch(3)" "> routines. Note that these are I<not> regular expressions." msgstr "" #. type: textblock #: C/sudoers.pod:590 msgid "Matches any set of zero or more characters." msgstr "" #. type: textblock #: C/sudoers.pod:594 msgid "Matches any single character." msgstr "" #. type: =item #: C/sudoers.pod:596 msgid "C<[...]>" msgstr "C<[...]>" #. type: textblock #: C/sudoers.pod:598 msgid "Matches any character in the specified range." msgstr "" #. type: =item #: C/sudoers.pod:600 msgid "C<[!...]>" msgstr "C<[!...]>" #. type: textblock #: C/sudoers.pod:602 msgid "Matches any character B<not> in the specified range." msgstr "" #. type: =item #: C/sudoers.pod:604 msgid "C<\\x>" msgstr "C<\\x>" #. type: textblock #: C/sudoers.pod:606 msgid "" "For any character \"x\", evaluates to \"x\". This is used to escape special " "characters such as: \"*\", \"?\", \"[\", and \"}\"." msgstr "" #. type: textblock #: C/sudoers.pod:611 msgid "" "POSIX character classes may also be used if your system's L<glob(3)> and " "L<fnmatch(3)> functions support them. However, because the C<':'> character " "has special meaning in I<sudoers>, it must be escaped. For example:" msgstr "" #. type: verbatim #: C/sudoers.pod:616 #, no-wrap msgid "" " /bin/ls [[\\:alpha\\:]]*\n" "\n" msgstr "" " /bin/ls [[\\:alpha\\:]]*\n" "\n" #. type: textblock #: C/sudoers.pod:618 msgid "Would match any file name beginning with a letter." msgstr "" #. type: textblock #: C/sudoers.pod:620 msgid "" "Note that a forward slash ('/') will B<not> be matched by wildcards used in " "the path name. When matching the command line arguments, however, a slash " "B<does> get matched by wildcards. This is to make a path like:" msgstr "" #. type: verbatim #: C/sudoers.pod:625 #, no-wrap msgid "" " /usr/bin/*\n" "\n" msgstr "" " /usr/bin/*\n" "\n" #. type: textblock #: C/sudoers.pod:627 msgid "match F</usr/bin/who> but not F</usr/bin/X11/xterm>." msgstr "" #. type: =head2 #: C/sudoers.pod:629 msgid "Exceptions to wildcard rules" msgstr "" #. type: textblock #: C/sudoers.pod:631 msgid "The following exceptions apply to the above rules:" msgstr "" #. type: =item #: C/sudoers.pod:635 msgid "C<\"\">" msgstr "C<\"\">" #. type: textblock #: C/sudoers.pod:637 msgid "" "If the empty string C<\"\"> is the only command line argument in the " "I<sudoers> entry it means that command is not allowed to be run with B<any> " "arguments." msgstr "" #. type: =head2 #: C/sudoers.pod:643 msgid "Including other files from within sudoers" msgstr "" #. type: textblock #: C/sudoers.pod:645 msgid "" "It is possible to include other I<sudoers> files from within the I<sudoers> " "file currently being parsed using the C<#include> and C<#includedir> " "directives." msgstr "" #. type: textblock #: C/sudoers.pod:649 msgid "" "This can be used, for example, to keep a site-wide I<sudoers> file in " "addition to a local, per-machine file. For the sake of this example the " "site-wide I<sudoers> will be F</etc/sudoers> and the per-machine one will be " "F</etc/sudoers.local>. To include F</etc/sudoers.local> from within F</etc/" "sudoers> we would use the following line in F</etc/sudoers>:" msgstr "" #. type: textblock #: C/sudoers.pod:658 msgid "C<#include /etc/sudoers.local>" msgstr "C<#include /etc/sudoers.local>" #. type: textblock #: C/sudoers.pod:662 msgid "" "When B<sudo> reaches this line it will suspend processing of the current " "file (F</etc/sudoers>) and switch to F</etc/sudoers.local>. Upon reaching " "the end of F</etc/sudoers.local>, the rest of F</etc/sudoers> will be " "processed. Files that are included may themselves include other files. A " "hard limit of 128 nested include files is enforced to prevent include file " "loops." msgstr "" #. type: textblock #: C/sudoers.pod:669 msgid "" "If the path to the include file is not fully-qualified (does not begin with " "a F</>), it must be located in the same directory as the sudoers file it was " "included from. For example, if F</etc/sudoers> contains the line:" msgstr "" #. type: textblock #: C/sudoers.pod:676 msgid "C<#include sudoers.local>" msgstr "C<#include sudoers.local>" #. type: textblock #: C/sudoers.pod:680 msgid "the file that will be included is F</etc/sudoers.local>." msgstr "Le fichier F</etc/sudoers.local> sera inclus." #. type: textblock #: C/sudoers.pod:682 msgid "" "The file name may also include the C<%h> escape, signifying the short form " "of the host name. I.e., if the machine's host name is \"xerxes\", then" msgstr "" #. type: textblock #: C/sudoers.pod:685 msgid "C<#include /etc/sudoers.%h>" msgstr "C<#include /etc/sudoers.%h>" #. type: textblock #: C/sudoers.pod:687 msgid "will cause B<sudo> to include the file F</etc/sudoers.xerxes>." msgstr "" #. type: textblock #: C/sudoers.pod:689 msgid "" "The C<#includedir> directive can be used to create a F<sudo.d> directory " "that the system package manager can drop I<sudoers> rules into as part of " "package installation. For example, given:" msgstr "" #. type: textblock #: C/sudoers.pod:693 msgid "C<#includedir /etc/sudoers.d>" msgstr "C<#includedir /etc/sudoers.d>" #. type: textblock #: C/sudoers.pod:695 msgid "" "B<sudo> will read each file in F</etc/sudoers.d>, skipping file names that " "end in C<~> or contain a C<.> character to avoid causing problems with " "package manager or editor temporary/backup files. Files are parsed in " "sorted lexical order. That is, F</etc/sudoers.d/01_first> will be parsed " "before F</etc/sudoers.d/10_second>. Be aware that because the sorting is " "lexical, not numeric, F</etc/sudoers.d/1_whoops> would be loaded B<after> F</" "etc/sudoers.d/10_second>. Using a consistent number of leading zeroes in " "the file names can be used to avoid such problems." msgstr "" #. type: textblock #: C/sudoers.pod:706 msgid "" "Note that unlike files included via C<#include>, B<visudo> will not edit the " "files in a C<#includedir> directory unless one of them contains a syntax " "error. It is still possible to run B<visudo> with the C<-f> flag to edit " "the files directly." msgstr "" #. type: =head2 #: C/sudoers.pod:711 msgid "Other special characters and reserved words" msgstr "" #. type: textblock #: C/sudoers.pod:713 msgid "" "The pound sign ('#') is used to indicate a comment (unless it is part of a " "#include directive or unless it occurs in the context of a user name and is " "followed by one or more digits, in which case it is treated as a uid). Both " "the comment character and any text after it, up to the end of the line, are " "ignored." msgstr "" #. type: textblock #: C/sudoers.pod:719 msgid "" "The reserved word B<ALL> is a built-in I<alias> that always causes a match " "to succeed. It can be used wherever one might otherwise use a " "C<Cmnd_Alias>, C<User_Alias>, C<Runas_Alias>, or C<Host_Alias>. You should " "not try to define your own I<alias> called B<ALL> as the built-in alias will " "be used in preference to your own. Please note that using B<ALL> can be " "dangerous since in a command context, it allows the user to run B<any> " "command on the system." msgstr "" #. type: textblock #: C/sudoers.pod:727 msgid "" "An exclamation point ('!') can be used as a logical I<not> operator both in " "an I<alias> and in front of a C<Cmnd>. This allows one to exclude certain " "values. Note, however, that using a C<!> in conjunction with the built-in " "C<ALL> alias to allow a user to run \"all but a few\" commands rarely works " "as intended (see SECURITY NOTES below)." msgstr "" #. type: textblock #: C/sudoers.pod:734 msgid "" "Long lines can be continued with a backslash ('\\') as the last character on " "the line." msgstr "" #. type: textblock #: C/sudoers.pod:737 msgid "" "Whitespace between elements in a list as well as special syntactic " "characters in a I<User Specification> ('=', ':', '(', ')') is optional." msgstr "" #. type: textblock #: C/sudoers.pod:740 msgid "" "The following characters must be escaped with a backslash ('\\') when used " "as part of a word (e.g.E<nbsp>a user name or host name): '!', '=', ':', ',', " "'(', ')', '\\'." msgstr "" #. type: =head1 #: C/sudoers.pod:744 msgid "SUDOERS OPTIONS" msgstr "" #. type: textblock #: C/sudoers.pod:746 msgid "" "B<sudo>'s behavior can be modified by C<Default_Entry> lines, as explained " "earlier. A list of all supported Defaults parameters, grouped by type, are " "listed below." msgstr "" #. type: textblock #: C/sudoers.pod:750 msgid "B<Boolean Flags>:" msgstr "" #. type: =item #: C/sudoers.pod:754 msgid "always_set_home" msgstr "always_set_home" #. type: textblock #: C/sudoers.pod:756 msgid "" "If enabled, B<sudo> will set the C<HOME> environment variable to the home " "directory of the target user (which is root unless the B<-u> option is " "used). This effectively means that the B<-H> option is always implied. " "Note that C<HOME> is already set when the the I<env_reset> option is " "enabled, so I<always_set_home> is only effective for configurations where " "either I<env_reset> is disabled or C<HOME> is present in the I<env_keep> " "list. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:765 msgid "authenticate" msgstr "authenticate" #. type: textblock #: C/sudoers.pod:767 msgid "" "If set, users must authenticate themselves via a password (or other means of " "authentication) before they may run commands. This default may be " "overridden via the C<PASSWD> and C<NOPASSWD> tags. This flag is I<on> by " "default." msgstr "" #. type: =item #: C/sudoers.pod:772 msgid "closefrom_override" msgstr "closefrom_override" #. type: textblock #: C/sudoers.pod:774 msgid "" "If set, the user may use B<sudo>'s B<-C> option which overrides the default " "starting point at which B<sudo> begins closing open file descriptors. This " "flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:778 msgid "compress_io" msgstr "compress_io" #. type: textblock #: C/sudoers.pod:780 msgid "" "If set, and B<sudo> is configured to log a command's input or output, the I/" "O logs will be compressed using B<zlib>. This flag is I<on> by default when " "B<sudo> is compiled with B<zlib> support." msgstr "" #. type: =item #: C/sudoers.pod:784 msgid "env_editor" msgstr "env_editor" #. type: textblock #: C/sudoers.pod:786 msgid "" "If set, B<visudo> will use the value of the EDITOR or VISUAL environment " "variables before falling back on the default editor list. Note that this " "may create a security hole as it allows the user to run any arbitrary " "command as root without logging. A safer alternative is to place a colon-" "separated list of editors in the C<editor> variable. B<visudo> will then " "only use the EDITOR or VISUAL if they match a value specified in C<editor>. " "This flag is I<@env_editor@> by default." msgstr "" #. type: =item #: C/sudoers.pod:795 msgid "env_reset" msgstr "env_reset" #. type: textblock #: C/sudoers.pod:797 msgid "" "If set, B<sudo> will run the command in a minimal environment containing the " "C<TERM>, C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER>, " "C<USERNAME> and C<SUDO_*> variables. Any variables in the caller's " "environment that match the C<env_keep> and C<env_check> lists are then " "added, followed by any variables present in the file specified by the " "I<env_file> option (if any). The default contents of the C<env_keep> and " "C<env_check> lists are displayed when B<sudo> is run by root with the I<-V> " "option. If the I<secure_path> option is set, its value will be used for the " "C<PATH> environment variable. This flag is I<@env_reset@> by default." msgstr "" #. type: =item #: C/sudoers.pod:809 msgid "fast_glob" msgstr "fast_glob" #. type: textblock #: C/sudoers.pod:811 msgid "" "Normally, B<sudo> uses the L<glob(3)> function to do shell-style globbing " "when matching path names. However, since it accesses the file system, L<glob" "(3)> can take a long time to complete for some patterns, especially when the " "pattern references a network file system that is mounted on demand " "(automounted). The I<fast_glob> option causes B<sudo> to use the L<fnmatch" "(3)> function, which does not access the file system to do its matching. " "The disadvantage of I<fast_glob> is that it is unable to match relative path " "names such as F<./ls> or F<../bin/ls>. This has security implications when " "path names that include globbing characters are used with the negation " "operator, C<'!'>, as such rules can be trivially bypassed. As such, this " "option should not be used when I<sudoers> contains rules that contain " "negated path names which include globbing characters. This flag is I<off> " "by default." msgstr "" #. type: =item #: C/sudoers.pod:826 msgid "fqdn" msgstr "fqdn" #. type: textblock #: C/sudoers.pod:828 msgid "" "Set this flag if you want to put fully qualified host names in the " "I<sudoers> file. I.e., instead of myhost you would use myhost.mydomain." "edu. You may still use the short form if you wish (and even mix the two). " "Beware that turning on I<fqdn> requires B<sudo> to make DNS lookups which " "may make B<sudo> unusable if DNS stops working (for example if the machine " "is not plugged into the network). Also note that you must use the host's " "official name as DNS knows it. That is, you may not use a host alias " "(C<CNAME> entry) due to performance issues and the fact that there is no way " "to get all aliases from DNS. If your machine's host name (as returned by " "the C<hostname> command) is already fully qualified you shouldn't need to " "set I<fqdn>. This flag is I<@fqdn@> by default." msgstr "" #. type: =item #: C/sudoers.pod:841 msgid "ignore_dot" msgstr "ignore_dot" #. type: textblock #: C/sudoers.pod:843 msgid "" "If set, B<sudo> will ignore '.' or '' (current dir) in the C<PATH> " "environment variable; the C<PATH> itself is not modified. This flag is " "I<@ignore_dot@> by default." msgstr "" #. type: =item #: C/sudoers.pod:847 msgid "ignore_local_sudoers" msgstr "ignore_local_sudoers" #. type: textblock #: C/sudoers.pod:849 msgid "" "If set via LDAP, parsing of F<@sysconfdir@/sudoers> will be skipped. This " "is intended for Enterprises that wish to prevent the usage of local sudoers " "files so that only LDAP is used. This thwarts the efforts of rogue " "operators who would attempt to add roles to F<@sysconfdir@/sudoers>. When " "this option is present, F<@sysconfdir@/sudoers> does not even need to exist. " "Since this option tells B<sudo> how to behave when no specific LDAP entries " "have been matched, this sudoOption is only meaningful for the C<cn=defaults> " "section. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:858 msgid "insults" msgstr "insults" #. type: textblock #: C/sudoers.pod:860 msgid "" "If set, B<sudo> will insult users when they enter an incorrect password. " "This flag is I<@insults@> by default." msgstr "" #. type: =item #: C/sudoers.pod:863 msgid "log_host" msgstr "log_host" #. type: textblock #: C/sudoers.pod:865 msgid "" "If set, the host name will be logged in the (non-syslog) B<sudo> log file. " "This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:868 msgid "log_input" msgstr "log_input" #. type: textblock #: C/sudoers.pod:870 msgid "" "If set, B<sudo> will run the command in a I<pseudo tty> and log all user " "input. If the standard input is not connected to the user's tty, due to I/O " "redirection or because the command is part of a pipeline, that input is also " "captured and stored in a separate log file." msgstr "" #. type: textblock #: C/sudoers.pod:876 msgid "" "Input is logged to the directory specified by the I<iolog_dir> option " "(F<@iolog_dir@> by default) using a unique session ID that is included in " "the normal B<sudo> log line, prefixed with I<TSID=>. The I<iolog_file> " "option may be used to control the format of the session ID." msgstr "" #. type: textblock #: C/sudoers.pod:882 msgid "" "Note that user input may contain sensitive information such as passwords " "(even if they are not echoed to the screen), which will be stored in the log " "file unencrypted. In most cases, logging the command output via " "I<log_output> is all that is required." msgstr "" #. type: =item #: C/sudoers.pod:887 msgid "log_output" msgstr "log_output" #. type: textblock #: C/sudoers.pod:889 msgid "" "If set, B<sudo> will run the command in a I<pseudo tty> and log all output " "that is sent to the screen, similar to the script(1) command. If the " "standard output or standard error is not connected to the user's tty, due to " "I/O redirection or because the command is part of a pipeline, that output is " "also captured and stored in separate log files." msgstr "" #. type: textblock #: C/sudoers.pod:896 msgid "" "Output is logged to the directory specified by the I<iolog_dir> option " "(F<@iolog_dir@> by default) using a unique session ID that is included in " "the normal B<sudo> log line, prefixed with I<TSID=>. The I<iolog_file> " "option may be used to control the format of the session ID." msgstr "" #. type: textblock #: C/sudoers.pod:902 msgid "" "Output logs may be viewed with the L<sudoreplay(8)> utility, which can also " "be used to list or search the available logs." msgstr "" #. type: =item #: C/sudoers.pod:905 msgid "log_year" msgstr "log_year" #. type: textblock #: C/sudoers.pod:907 msgid "" "If set, the four-digit year will be logged in the (non-syslog) B<sudo> log " "file. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:910 msgid "long_otp_prompt" msgstr "long_otp_prompt" #. type: textblock #: C/sudoers.pod:912 msgid "" "When validating with a One Time Password (OTP) scheme such as B<S/Key> or " "B<OPIE>, a two-line prompt is used to make it easier to cut and paste the " "challenge to a local window. It's not as pretty as the default but some " "people find it more convenient. This flag is I<@long_otp_prompt@> by " "default." msgstr "" #. type: =item #: C/sudoers.pod:918 msgid "mail_always" msgstr "mail_always" #. type: textblock #: C/sudoers.pod:920 msgid "" "Send mail to the I<mailto> user every time a users runs B<sudo>. This flag " "is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:923 msgid "mail_badpass" msgstr "mail_badpass" #. type: textblock #: C/sudoers.pod:925 msgid "" "Send mail to the I<mailto> user if the user running B<sudo> does not enter " "the correct password. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:928 msgid "mail_no_host" msgstr "mail_no_host" #. type: textblock #: C/sudoers.pod:930 msgid "" "If set, mail will be sent to the I<mailto> user if the invoking user exists " "in the I<sudoers> file, but is not allowed to run commands on the current " "host. This flag is I<@mail_no_host@> by default." msgstr "" #. type: =item #: C/sudoers.pod:934 msgid "mail_no_perms" msgstr "mail_no_perms" #. type: textblock #: C/sudoers.pod:936 msgid "" "If set, mail will be sent to the I<mailto> user if the invoking user is " "allowed to use B<sudo> but the command they are trying is not listed in " "their I<sudoers> file entry or is explicitly denied. This flag is " "I<@mail_no_perms@> by default." msgstr "" #. type: =item #: C/sudoers.pod:941 msgid "mail_no_user" msgstr "mail_no_user" #. type: textblock #: C/sudoers.pod:943 msgid "" "If set, mail will be sent to the I<mailto> user if the invoking user is not " "in the I<sudoers> file. This flag is I<@mail_no_user@> by default." msgstr "" #. type: =item #: C/sudoers.pod:947 C/sudoers.pod:2037 C/sudo.pod:474 msgid "noexec" msgstr "noexec" #. type: textblock #: C/sudoers.pod:949 msgid "" "If set, all commands run via B<sudo> will behave as if the C<NOEXEC> tag has " "been set, unless overridden by a C<EXEC> tag. See the description of " "I<NOEXEC and EXEC> below as well as the L<Preventing Shell Escapes> section " "at the end of this manual. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:954 msgid "path_info" msgstr "path_info" #. type: textblock #: C/sudoers.pod:956 msgid "" "Normally, B<sudo> will tell the user when a command could not be found in " "their C<PATH> environment variable. Some sites may wish to disable this as " "it could be used to gather information on the location of executables that " "the normal user does not have access to. The disadvantage is that if the " "executable is simply not in the user's C<PATH>, B<sudo> will tell the user " "that they are not allowed to run it, which can be confusing. This flag is " "I<@path_info@> by default." msgstr "" #. type: =item #: C/sudoers.pod:965 msgid "passprompt_override" msgstr "passprompt_override" #. type: textblock #: C/sudoers.pod:967 msgid "" "The password prompt specified by I<passprompt> will normally only be used if " "the password prompt provided by systems such as PAM matches the string " "\"Password:\". If I<passprompt_override> is set, I<passprompt> will always " "be used. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:972 msgid "preserve_groups" msgstr "preserve_groups" #. type: textblock #: C/sudoers.pod:974 #, fuzzy #| msgid "" #| "The B<-P> (I<preserve> I<group vector>) option causes B<sudo> to preserve " #| "the invoking user's group vector unaltered. By default, B<sudo> will " #| "initialize the group vector to the list of groups the target user is in. " #| "The real and effective group IDs, however, are still set to match the " #| "target user." msgid "" "By default, B<sudo> will initialize the group vector to the list of groups " "the target user is in. When I<preserve_groups> is set, the user's existing " "group vector is left unaltered. The real and effective group IDs, however, " "are still set to match the target user. This flag is I<off> by default." msgstr "" "L'option B<-P> (I<préserver> le I<vecteur de groupe>) fait que B<sudo> " "préserve le vecteur de groupe de l'utilisateur appelant inchangé. Par " "défault, B<sudo> initialisera le vecteur de groupe avec la liste de groupes " "dans lesquels est l'utilisateur. Les réels et effectifs identifiants de " "groupe, cependant, sont toujours définis pour correspondre à l'utilisateur " "cible." #. type: =item #: C/sudoers.pod:980 msgid "pwfeedback" msgstr "pwfeedback" #. type: textblock #: C/sudoers.pod:982 msgid "" "By default, B<sudo> reads the password like most other Unix programs, by " "turning off echo until the user hits the return (or enter) key. Some users " "become confused by this as it appears to them that B<sudo> has hung at this " "point. When I<pwfeedback> is set, B<sudo> will provide visual feedback when " "the user presses a key. Note that this does have a security impact as an " "onlooker may be able to determine the length of the password being entered. " "This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:991 msgid "requiretty" msgstr "requiretty" #. type: textblock #: C/sudoers.pod:993 msgid "" "If set, B<sudo> will only run when the user is logged in to a real tty. " "When this flag is set, B<sudo> can only be run from a login session and not " "via other means such as L<cron(8)> or cgi-bin scripts. This flag is I<off> " "by default." msgstr "" #. type: =item #: C/sudoers.pod:998 msgid "root_sudo" msgstr "root_sudo" #. type: textblock #: C/sudoers.pod:1000 msgid "" "If set, root is allowed to run B<sudo> too. Disabling this prevents users " "from \"chaining\" B<sudo> commands to get a root shell by doing something " "like C<\"sudo sudo /bin/sh\">. Note, however, that turning off I<root_sudo> " "will also prevent root from running B<sudoedit>. Disabling I<root_sudo> " "provides no real additional security; it exists purely for historical " "reasons. This flag is I<@root_sudo@> by default." msgstr "" #. type: =item #: C/sudoers.pod:1008 msgid "rootpw" msgstr "rootpw" #. type: textblock #: C/sudoers.pod:1010 msgid "" "If set, B<sudo> will prompt for the root password instead of the password of " "the invoking user. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1013 msgid "runaspw" msgstr "runaspw" #. type: textblock #: C/sudoers.pod:1015 msgid "" "If set, B<sudo> will prompt for the password of the user defined by the " "I<runas_default> option (defaults to C<@runas_default@>) instead of the " "password of the invoking user. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1019 msgid "set_home" msgstr "set_home" #. type: textblock #: C/sudoers.pod:1021 msgid "" "If enabled and B<sudo> is invoked with the B<-s> option the C<HOME> " "environment variable will be set to the home directory of the target user " "(which is root unless the B<-u> option is used). This effectively makes the " "B<-s> option imply B<-H>. Note that C<HOME> is already set when the the " "I<env_reset> option is enabled, so I<set_home> is only effective for " "configurations where either I<env_reset> is disabled or C<HOME> is present " "in the I<env_keep> list. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1030 msgid "set_logname" msgstr "set_logname" #. type: textblock #: C/sudoers.pod:1032 msgid "" "Normally, B<sudo> will set the C<LOGNAME>, C<USER> and C<USERNAME> " "environment variables to the name of the target user (usually root unless " "the B<-u> option is given). However, since some programs (including the RCS " "revision control system) use C<LOGNAME> to determine the real identity of " "the user, it may be desirable to change this behavior. This can be done by " "negating the set_logname option. Note that if the I<env_reset> option has " "not been disabled, entries in the I<env_keep> list will override the value " "of I<set_logname>. This flag is I<on> by default." msgstr "" #. type: =item #: C/sudoers.pod:1042 msgid "set_utmp" msgstr "set_utmp" #. type: textblock #: C/sudoers.pod:1044 msgid "" "When enabled, B<sudo> will create an entry in the utmp (or utmpx) file when " "a pseudo-tty is allocated. A pseudo-tty is allocated by B<sudo> when the " "I<log_input>, I<log_output> or I<use_pty> flags are enabled. By default, " "the new entry will be a copy of the user's existing utmp entry (if any), " "with the tty, time, type and pid fields updated. This flag is I<on> by " "default." msgstr "" #. type: =item #: C/sudoers.pod:1051 msgid "setenv" msgstr "setenv" #. type: textblock #: C/sudoers.pod:1053 msgid "" "Allow the user to disable the I<env_reset> option from the command line via " "the B<-E> option. Additionally, environment variables set via the command " "line are not subject to the restrictions imposed by I<env_check>, " "I<env_delete>, or I<env_keep>. As such, only trusted users should be " "allowed to set variables in this manner. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1060 msgid "shell_noargs" msgstr "shell_noargs" #. type: textblock #: C/sudoers.pod:1062 msgid "" "If set and B<sudo> is invoked with no arguments it acts as if the B<-s> " "option had been given. That is, it runs a shell as root (the shell is " "determined by the C<SHELL> environment variable if it is set, falling back " "on the shell listed in the invoking user's /etc/passwd entry if not). This " "flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1068 msgid "stay_setuid" msgstr "stay_setuid" #. type: textblock #: C/sudoers.pod:1070 msgid "" "Normally, when B<sudo> executes a command the real and effective UIDs are " "set to the target user (root by default). This option changes that behavior " "such that the real UID is left as the invoking user's UID. In other words, " "this makes B<sudo> act as a setuid wrapper. This can be useful on systems " "that disable some potentially dangerous functionality when a program is run " "setuid. This option is only effective on systems with either the setreuid() " "or setresuid() function. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1079 msgid "targetpw" msgstr "targetpw" #. type: textblock #: C/sudoers.pod:1081 msgid "" "If set, B<sudo> will prompt for the password of the user specified by the B<-" "u> option (defaults to C<root>) instead of the password of the invoking " "user. In addition, the timestamp file name will include the target user's " "name. Note that this flag precludes the use of a uid not listed in the " "passwd database as an argument to the B<-u> option. This flag is I<off> by " "default." msgstr "" #. type: =item #: C/sudoers.pod:1088 msgid "tty_tickets" msgstr "tty_tickets" #. type: textblock #: C/sudoers.pod:1090 msgid "" "If set, users must authenticate on a per-tty basis. With this flag enabled, " "B<sudo> will use a file named for the tty the user is logged in on in the " "user's time stamp directory. If disabled, the time stamp of the directory " "is used instead. This flag is I<@tty_tickets@> by default." msgstr "" #. type: =item #: C/sudoers.pod:1096 msgid "umask_override" msgstr "umask_override" #. type: textblock #: C/sudoers.pod:1098 msgid "" "If set, B<sudo> will set the umask as specified by I<sudoers> without " "modification. This makes it possible to specify a more permissive umask in " "I<sudoers> than the user's own umask and matches historical behavior. If " "I<umask_override> is not set, B<sudo> will set the umask to be the union of " "the user's umask and what is specified in I<sudoers>. This flag is " "I<@umask_override@> by default." msgstr "" #. type: =item #: C/sudoers.pod:1105 msgid "use_loginclass" msgstr "use_loginclass" #. type: textblock #: C/sudoers.pod:1107 msgid "" "If set, B<sudo> will apply the defaults specified for the target user's " "login class if one exists. Only available if B<sudo> is configured with the " "--with-logincap option. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1111 msgid "use_pty" msgstr "use_pty" #. type: textblock #: C/sudoers.pod:1113 msgid "" "If set, B<sudo> will run the command in a pseudo-pty even if no I/O logging " "is being gone. A malicious program run under B<sudo> could conceivably fork " "a background process that retains to the user's terminal device after the " "main program has finished executing. Use of this option will make that " "impossible. This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1119 msgid "utmp_runas" msgstr "utmp_runas" #. type: textblock #: C/sudoers.pod:1121 msgid "" "If set, B<sudo> will store the name of the runas user when updating the utmp " "(or utmpx) file. By default, B<sudo> stores the name of the invoking user. " "This flag is I<off> by default." msgstr "" #. type: =item #: C/sudoers.pod:1125 msgid "visiblepw" msgstr "visiblepw" #. type: textblock #: C/sudoers.pod:1127 msgid "" "By default, B<sudo> will refuse to run if the user must enter a password but " "it is not possible to disable echo on the terminal. If the I<visiblepw> " "flag is set, B<sudo> will prompt for a password even when it would be " "visible on the screen. This makes it possible to run things like C<\"rsh " "somehost sudo ls\"> since L<rsh(1)> does not allocate a tty. This flag is " "I<off> by default." msgstr "" #. type: textblock #: C/sudoers.pod:1136 msgid "B<Integers>:" msgstr "" #. type: =item #: C/sudoers.pod:1140 msgid "closefrom" msgstr "closefrom" #. type: textblock #: C/sudoers.pod:1142 msgid "" "Before it executes a command, B<sudo> will close all open file descriptors " "other than standard input, standard output and standard error (ie: file " "descriptors 0-2). The I<closefrom> option can be used to specify a " "different file descriptor at which to start closing. The default is C<3>." msgstr "" "Avant d'exécuter une commande, B<sudo> fermera tous les descripteurs de " "fichiers autres que l'entrée standard, la sortie standard et l'erreur " "standard (c'est-à -dire les descripteurs de fichiers 0 à 2). L'option " "I<closefrom> permet d'indiquer le seuil à partir duquel les descripteurs " "sont fermés (par défaut C<3>)." #. type: =item #: C/sudoers.pod:1148 msgid "passwd_tries" msgstr "passwd_tries" #. type: textblock #: C/sudoers.pod:1150 msgid "" "The number of tries a user gets to enter his/her password before B<sudo> " "logs the failure and exits. The default is C<@passwd_tries@>." msgstr "" #. type: textblock #: C/sudoers.pod:1155 msgid "B<Integers that can be used in a boolean context>:" msgstr "" #. type: =item #: C/sudoers.pod:1159 msgid "loglinelen" msgstr "loglinelen" #. type: textblock #: C/sudoers.pod:1161 msgid "" "Number of characters per line for the file log. This value is used to " "decide when to wrap lines for nicer log files. This has no effect on the " "syslog log file, only the file log. The default is C<@loglen@> (use 0 or " "negate the option to disable word wrap)." msgstr "" #. type: =item #: C/sudoers.pod:1166 msgid "passwd_timeout" msgstr "passwd_timeout" #. type: textblock #: C/sudoers.pod:1168 msgid "" "Number of minutes before the B<sudo> password prompt times out, or C<0> for " "no timeout. The timeout may include a fractional component if minute " "granularity is insufficient, for example C<2.5>. The default is " "C<@password_timeout@>." msgstr "" #. type: =item #: C/sudoers.pod:1173 msgid "timestamp_timeout" msgstr "timestamp_timeout" #. type: textblock #: C/sudoers.pod:1175 msgid "" "Number of minutes that can elapse before B<sudo> will ask for a passwd " "again. The timeout may include a fractional component if minute granularity " "is insufficient, for example C<2.5>. The default is C<@timeout@>. Set this " "to C<0> to always prompt for a password. If set to a value less than C<0> " "the user's timestamp will never expire. This can be used to allow users to " "create or delete their own timestamps via C<sudo -v> and C<sudo -k> " "respectively." msgstr "" #. type: =item #: C/sudoers.pod:1183 msgid "umask" msgstr "umask" #. type: textblock #: C/sudoers.pod:1185 msgid "" "Umask to use when running the command. Negate this option or set it to 0777 " "to preserve the user's umask. The actual umask that is used will be the " "union of the user's umask and the value of the I<umask> option, which " "defaults to C<@sudo_umask@>. This guarantees that B<sudo> never lowers the " "umask when running a command. Note on systems that use PAM, the default PAM " "configuration may specify its own umask which will override the value set in " "I<sudoers>." msgstr "" #. type: textblock #: C/sudoers.pod:1195 msgid "B<Strings>:" msgstr "" #. type: =item #: C/sudoers.pod:1199 msgid "badpass_message" msgstr "badpass_message" #. type: textblock #: C/sudoers.pod:1201 msgid "" "Message that is displayed if a user enters an incorrect password. The " "default is C<@badpass_message@> unless insults are enabled." msgstr "" #. type: =item #: C/sudoers.pod:1204 msgid "editor" msgstr "editor" #. type: textblock #: C/sudoers.pod:1206 msgid "" "A colon (':') separated list of editors allowed to be used with B<visudo>. " "B<visudo> will choose the editor that matches the user's EDITOR environment " "variable if possible, or the first editor in the list that exists and is " "executable. The default is C<\"@editor@\">." msgstr "" #. type: =item #: C/sudoers.pod:1211 msgid "iolog_dir" msgstr "iolog_dir" #. type: textblock #: C/sudoers.pod:1213 msgid "" "The top-level directory to use when constructing the path name for the input/" "output log directory. Only used if the I<log_input> or I<log_output> " "options are enabled or when the C<LOG_INPUT> or C<LOG_OUTPUT> tags are " "present for a command. The session sequence number, if any, is stored in " "the directory. The default is C<\"@iolog_dir@\">." msgstr "" #. type: textblock #: C/sudoers.pod:1220 msgid "The following percent (`C<%>') escape sequences are supported:" msgstr "" #. type: =item #: C/sudoers.pod:1224 msgid "C<%{seq}>" msgstr "C<%{seq}>" #. type: textblock #: C/sudoers.pod:1226 msgid "" "expanded to a monotonically increasing base-36 sequence number, such as " "0100A5, where every two digits are used to form a new directory, e.g. " "F<01/00/A5>" msgstr "" #. type: =item #: C/sudoers.pod:1229 msgid "C<%{user}>" msgstr "C<%{utilisateur}>" #. type: textblock #: C/sudoers.pod:1231 C/sudoers.pod:1319 C/sudo.pod:322 msgid "expanded to the invoking user's login name" msgstr "" #. type: =item #: C/sudoers.pod:1233 msgid "C<%{group}>" msgstr "C<%{groupe}>" #. type: textblock #: C/sudoers.pod:1235 msgid "expanded to the name of the invoking user's real group ID" msgstr "" #. type: =item #: C/sudoers.pod:1237 msgid "C<%{runas_user}>" msgstr "C<%{utilisateur_d_exécution}> (« Exécuté en tant que »)" #. type: textblock #: C/sudoers.pod:1239 msgid "" "expanded to the login name of the user the command will be run as (e.g. root)" msgstr "" #. type: =item #: C/sudoers.pod:1242 msgid "C<%{runas_group}>" msgstr "C<%{groupe_d_exécution}> (« Exécuté en tant que »)" #. type: textblock #: C/sudoers.pod:1244 msgid "" "expanded to the group name of the user the command will be run as (e.g. " "wheel)" msgstr "" #. type: =item #: C/sudoers.pod:1247 msgid "C<%{hostname}>" msgstr "" #. type: textblock #: C/sudoers.pod:1249 C/sudoers.pod:1305 C/sudo.pod:307 msgid "expanded to the local host name without the domain name" msgstr "" #. type: =item #: C/sudoers.pod:1251 msgid "C<%{command}>" msgstr "C<%{commande}>" #. type: textblock #: C/sudoers.pod:1253 msgid "expanded to the base name of the command being run" msgstr "" #. type: textblock #: C/sudoers.pod:1257 msgid "" "In addition, any escape sequences supported by the system's strftime() " "function will be expanded." msgstr "" #. type: textblock #: C/sudoers.pod:1260 msgid "" "To include a literal `C<%>' character, the string `C<%%>' should be used." msgstr "" #. type: =item #: C/sudoers.pod:1263 msgid "iolog_file" msgstr "iolog_file" #. type: textblock #: C/sudoers.pod:1265 msgid "" "The path name, relative to I<iolog_dir>, in which to store input/output logs " "when the I<log_input> or I<log_output> options are enabled or when the " "C<LOG_INPUT> or C<LOG_OUTPUT> tags are present for a command. Note that " "I<iolog_file> may contain directory components. The default is C<" "\"%{seq}\">." msgstr "" #. type: textblock #: C/sudoers.pod:1271 msgid "" "See the I<iolog_dir> option above for a list of supported percent (`C<%>') " "escape sequences." msgstr "" #. type: textblock #: C/sudoers.pod:1274 msgid "" "In addition to the escape sequences, path names that end in six or more " "C<X>s will have the C<X>s replaced with a unique combination of digits and " "letters, similar to the mktemp() function." msgstr "" #. type: =item #: C/sudoers.pod:1278 msgid "mailsub" msgstr "mailsub" #. type: textblock #: C/sudoers.pod:1280 msgid "" "Subject of the mail sent to the I<mailto> user. The escape C<%h> will expand " "to the host name of the machine. Default is C<@mailsub@>." msgstr "" #. type: =item #: C/sudoers.pod:1284 msgid "noexec_file" msgstr "noexec_file" #. type: textblock #: C/sudoers.pod:1286 msgid "" "This option is no longer supported. The path to the noexec file should now " "be set in the F<@sysconfdir@/sudo.conf> file." msgstr "" #. type: =item #: C/sudoers.pod:1289 msgid "passprompt" msgstr "passprompt" #. type: textblock #: C/sudoers.pod:1291 #, fuzzy #| msgid "" #| "The B<-p> (I<prompt>) option allows you to override the default password " #| "prompt and use a custom one. The following percent (`C<%>') escapes are " #| "supported:" msgid "" "The default prompt to use when asking for a password; can be overridden via " "the B<-p> option or the C<SUDO_PROMPT> environment variable. The following " "percent (`C<%>') escape sequences are supported:" msgstr "" "L'option B<-p> (« I<prompt> » ce qui signifie invite) vous permet de " "surcharger l'invite de mot passe par défaut par une personnalisée. Les " "échappements pour-cent (« C<%> ») suivants sont supportés :" #. type: =item #: C/sudoers.pod:1297 C/sudo.pod:299 msgid "C<%H>" msgstr "C<%H>" #. type: textblock #: C/sudoers.pod:1299 msgid "" "expanded to the local host name including the domain name (only if the " "machine's host name is fully qualified or the I<fqdn> option is set)" msgstr "" "élargi jusqu'au nom d' hôte local incluant le nom de domaine (uniquement si " "le nom d'hôte de la machine est pleinement qualifié ou si l'option I<fqdn> " "est définie)" #. type: =item #: C/sudoers.pod:1303 C/sudo.pod:305 msgid "C<%h>" msgstr "C<%h>" #. type: =item #: C/sudoers.pod:1307 C/sudo.pod:309 msgid "C<%p>" msgstr "C<%p>" #. type: textblock #: C/sudoers.pod:1309 msgid "" "expanded to the user whose password is being asked for (respects the " "I<rootpw>, I<targetpw> and I<runaspw> flags in I<sudoers>)" msgstr "" #. type: =item #: C/sudoers.pod:1312 C/sudo.pod:315 msgid "C<%U>" msgstr "C<%U>" #. type: textblock #: C/sudoers.pod:1314 msgid "" "expanded to the login name of the user the command will be run as (defaults " "to root)" msgstr "" #. type: =item #: C/sudoers.pod:1317 C/sudo.pod:320 msgid "C<%u>" msgstr "C<%u>" #. type: =item #: C/sudoers.pod:1321 C/sudo.pod:324 msgid "C<%%>" msgstr "C<%%>" #. type: textblock #: C/sudoers.pod:1323 C/sudo.pod:326 msgid "" "two consecutive C<%> characters are collapsed into a single C<%> character" msgstr "" #. type: textblock #: C/sudoers.pod:1327 msgid "The default value is C<@passprompt@>." msgstr "" #. type: =item #: C/sudoers.pod:1329 msgid "role" msgstr "role" #. type: textblock #: C/sudoers.pod:1331 msgid "" "The default SELinux role to use when constructing a new security context to " "run the command. The default role may be overridden on a per-command basis " "in I<sudoers> or via command line options. This option is only available " "whe B<sudo> is built with SELinux support." msgstr "" #. type: =item #: C/sudoers.pod:1336 msgid "runas_default" msgstr "runas_default" #. type: textblock #: C/sudoers.pod:1338 msgid "" "The default user to run commands as if the B<-u> option is not specified on " "the command line. This defaults to C<@runas_default@>." msgstr "" #. type: =item #: C/sudoers.pod:1341 msgid "syslog_badpri" msgstr "syslog_badpri" #. type: textblock #: C/sudoers.pod:1343 msgid "" "Syslog priority to use when user authenticates unsuccessfully. Defaults to " "C<@badpri@>." msgstr "" #. type: textblock #: C/sudoers.pod:1346 msgid "" "The following syslog priorities are supported: B<alert>, B<crit>, B<debug>, " "B<emerg>, B<err>, B<info>, B<notice>, and B<warning>." msgstr "" #. type: =item #: C/sudoers.pod:1349 msgid "syslog_goodpri" msgstr "syslog_goodpri" #. type: textblock #: C/sudoers.pod:1351 msgid "" "Syslog priority to use when user authenticates successfully. Defaults to " "C<@goodpri@>." msgstr "" #. type: textblock #: C/sudoers.pod:1354 msgid "See L<syslog_badpri> for the list of supported syslog priorities." msgstr "" #. type: =item #: C/sudoers.pod:1356 msgid "sudoers_locale" msgstr "sudoers_locale" #. type: textblock #: C/sudoers.pod:1358 msgid "" "Locale to use when parsing the sudoers file, logging commands, and sending " "email. Note that changing the locale may affect how sudoers is " "interpreted. Defaults to C<\"C\">." msgstr "" #. type: =item #: C/sudoers.pod:1362 msgid "timestampdir" msgstr "timestampdir" #. type: textblock #: C/sudoers.pod:1364 msgid "" "The directory in which B<sudo> stores its timestamp files. The default is " "F<@timedir@>." msgstr "" #. type: =item #: C/sudoers.pod:1367 msgid "timestampowner" msgstr "timestampowner" #. type: textblock #: C/sudoers.pod:1369 msgid "" "The owner of the timestamp directory and the timestamps stored therein. The " "default is C<root>." msgstr "" #. type: =item #: C/sudoers.pod:1372 msgid "type" msgstr "type" #. type: textblock #: C/sudoers.pod:1374 msgid "" "The default SELinux type to use when constructing a new security context to " "run the command. The default type may be overridden on a per-command basis " "in I<sudoers> or via command line options. This option is only available " "whe B<sudo> is built with SELinux support." msgstr "" #. type: textblock #: C/sudoers.pod:1381 msgid "B<Strings that can be used in a boolean context>:" msgstr "" #. type: =item #: C/sudoers.pod:1385 msgid "env_file" msgstr "env_file" #. type: textblock #: C/sudoers.pod:1387 msgid "" "The I<env_file> option specifies the fully qualified path to a file " "containing variables to be set in the environment of the program being run. " "Entries in this file should either be of the form C<VARIABLE=value> or " "C<export VARIABLE=value>. The value may optionally be surrounded by single " "or double quotes. Variables in this file are subject to other B<sudo> " "environment settings such as I<env_keep> and I<env_check>." msgstr "" #. type: =item #: C/sudoers.pod:1395 msgid "exempt_group" msgstr "exempt_group" #. type: textblock #: C/sudoers.pod:1397 msgid "" "Users in this group are exempt from password and PATH requirements. The " "group name specified should not include a C<%> prefix. This is not set by " "default." msgstr "" #. type: =item #: C/sudoers.pod:1401 msgid "group_plugin" msgstr "group_plugin" #. type: textblock #: C/sudoers.pod:1403 msgid "" "A string containing a I<sudoers> group plugin with optional arguments. This " "can be used to implement support for the C<nonunix_group> syntax described " "earlier. The string should consist of the plugin path, either fully-" "qualified or relative to the F<@prefix@/libexec> directory, followed by any " "configuration arguments the plugin requires. These arguments (if any) will " "be passed to the plugin's initialization function. If arguments are " "present, the string must be enclosed in double quotes (C<\">)." msgstr "" #. type: textblock #: C/sudoers.pod:1412 msgid "" "For example, given F</etc/sudo-group>, a group file in Unix group format, " "the sample group plugin can be used:" msgstr "" #. type: verbatim #: C/sudoers.pod:1415 #, no-wrap msgid "" " Defaults group_plugin=\"sample_group.so /etc/sudo-group\"\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1417 msgid "For more information see L<sudo_plugin(5)>." msgstr "" #. type: =item #: C/sudoers.pod:1419 msgid "lecture" msgstr "lecture" #. type: textblock #: C/sudoers.pod:1421 msgid "" "This option controls when a short lecture will be printed along with the " "password prompt. It has the following possible values:" msgstr "" #. type: =item #: C/sudoers.pod:1426 C/sudoers.pod:1462 C/sudoers.pod:1539 msgid "always" msgstr "always" #. type: textblock #: C/sudoers.pod:1428 msgid "Always lecture the user." msgstr "" #. type: =item #: C/sudoers.pod:1430 C/sudoers.pod:1471 C/sudoers.pod:1548 msgid "never" msgstr "never" #. type: textblock #: C/sudoers.pod:1432 msgid "Never lecture the user." msgstr "" #. type: =item #: C/sudoers.pod:1434 msgid "once" msgstr "once" #. type: textblock #: C/sudoers.pod:1436 msgid "Only lecture the user the first time they run B<sudo>." msgstr "" #. type: textblock #: C/sudoers.pod:1440 msgid "" "If no value is specified, a value of I<once> is implied. Negating the " "option results in a value of I<never> being used. The default value is " "I<@lecture@>." msgstr "" #. type: =item #: C/sudoers.pod:1444 msgid "lecture_file" msgstr "lecture_file" #. type: textblock #: C/sudoers.pod:1446 msgid "" "Path to a file containing an alternate B<sudo> lecture that will be used in " "place of the standard lecture if the named file exists. By default, B<sudo> " "uses a built-in lecture." msgstr "" #. type: =item #: C/sudoers.pod:1450 msgid "listpw" msgstr "listpw" #. type: textblock #: C/sudoers.pod:1452 msgid "" "This option controls when a password will be required when a user runs " "B<sudo> with the B<-l> option. It has the following possible values:" msgstr "" #. type: =item #: C/sudoers.pod:1457 C/sudoers.pod:1534 msgid "all" msgstr "all" #. type: textblock #: C/sudoers.pod:1459 C/sudoers.pod:1536 msgid "" "All the user's I<sudoers> entries for the current host must have the " "C<NOPASSWD> flag set to avoid entering a password." msgstr "" #. type: textblock #: C/sudoers.pod:1464 msgid "The user must always enter a password to use the B<-l> option." msgstr "" #. type: =item #: C/sudoers.pod:1466 C/sudoers.pod:1543 msgid "any" msgstr "any" #. type: textblock #: C/sudoers.pod:1468 C/sudoers.pod:1545 msgid "" "At least one of the user's I<sudoers> entries for the current host must have " "the C<NOPASSWD> flag set to avoid entering a password." msgstr "" #. type: textblock #: C/sudoers.pod:1473 msgid "The user need never enter a password to use the B<-l> option." msgstr "" #. type: textblock #: C/sudoers.pod:1477 msgid "" "If no value is specified, a value of I<any> is implied. Negating the option " "results in a value of I<never> being used. The default value is I<any>." msgstr "" #. type: =item #: C/sudoers.pod:1481 msgid "logfile" msgstr "logfile" #. type: textblock #: C/sudoers.pod:1483 msgid "" "Path to the B<sudo> log file (not the syslog log file). Setting a path " "turns on logging to a file; negating this option turns it off. By default, " "B<sudo> logs via syslog." msgstr "" #. type: =item #: C/sudoers.pod:1487 msgid "mailerflags" msgstr "mailerflags" #. type: textblock #: C/sudoers.pod:1489 msgid "Flags to use when invoking mailer. Defaults to B<-t>." msgstr "" #. type: =item #: C/sudoers.pod:1491 msgid "mailerpath" msgstr "mailerpath" #. type: textblock #: C/sudoers.pod:1493 msgid "" "Path to mail program used to send warning mail. Defaults to the path to " "sendmail found at configure time." msgstr "" #. type: =item #: C/sudoers.pod:1496 msgid "mailfrom" msgstr "mailfrom" #. type: textblock #: C/sudoers.pod:1498 msgid "" "Address to use for the \"from\" address when sending warning and error " "mail. The address should be enclosed in double quotes (C<\">) to protect " "against B<sudo> interpreting the C<@> sign. Defaults to the name of the " "user running B<sudo>." msgstr "" #. type: =item #: C/sudoers.pod:1503 msgid "mailto" msgstr "mailto" #. type: textblock #: C/sudoers.pod:1505 msgid "" "Address to send warning and error mail to. The address should be enclosed " "in double quotes (C<\">) to protect against B<sudo> interpreting the C<@> " "sign. Defaults to C<@mailto@>." msgstr "" #. type: =item #: C/sudoers.pod:1509 msgid "secure_path" msgstr "secure_path" #. type: textblock #: C/sudoers.pod:1511 msgid "" "Path used for every command run from B<sudo>. If you don't trust the people " "running B<sudo> to have a sane C<PATH> environment variable you may want to " "use this. Another use is if you want to have the \"root path\" be separate " "from the \"user path.\" Users in the group specified by the I<exempt_group> " "option are not affected by I<secure_path>. This option is @secure_path@ by " "default." msgstr "" #. type: =item #: C/sudoers.pod:1518 msgid "syslog" msgstr "syslog" #. type: textblock #: C/sudoers.pod:1520 msgid "" "Syslog facility if syslog is being used for logging (negate to disable " "syslog logging). Defaults to C<@logfac@>." msgstr "" #. type: textblock #: C/sudoers.pod:1523 msgid "" "The following syslog facilities are supported: B<authpriv> (if your OS " "supports it), B<auth>, B<daemon>, B<user>, B<local0>, B<local1>, B<local2>, " "B<local3>, B<local4>, B<local5>, B<local6>, and B<local7>." msgstr "" #. type: =item #: C/sudoers.pod:1527 msgid "verifypw" msgstr "verifypw" #. type: textblock #: C/sudoers.pod:1529 msgid "" "This option controls when a password will be required when a user runs " "B<sudo> with the B<-v> option. It has the following possible values:" msgstr "" #. type: textblock #: C/sudoers.pod:1541 msgid "The user must always enter a password to use the B<-v> option." msgstr "" #. type: textblock #: C/sudoers.pod:1550 msgid "The user need never enter a password to use the B<-v> option." msgstr "" #. type: textblock #: C/sudoers.pod:1554 msgid "" "If no value is specified, a value of I<all> is implied. Negating the option " "results in a value of I<never> being used. The default value is I<all>." msgstr "" #. type: textblock #: C/sudoers.pod:1560 msgid "B<Lists that can be used in a boolean context>:" msgstr "" #. type: =item #: C/sudoers.pod:1564 msgid "env_check" msgstr "env_check" #. type: textblock #: C/sudoers.pod:1566 msgid "" "Environment variables to be removed from the user's environment if the " "variable's value contains C<%> or C</> characters. This can be used to " "guard against printf-style format vulnerabilities in poorly-written " "programs. The argument may be a double-quoted, space-separated list or a " "single value without double-quotes. The list can be replaced, added to, " "deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and C<!> " "operators respectively. Regardless of whether the C<env_reset> option is " "enabled or disabled, variables specified by C<env_check> will be preserved " "in the environment if they pass the aforementioned check. The default list " "of environment variables to check is displayed when B<sudo> is run by root " "with the I<-V> option." msgstr "" #. type: =item #: C/sudoers.pod:1579 msgid "env_delete" msgstr "env_delete" #. type: textblock #: C/sudoers.pod:1581 msgid "" "Environment variables to be removed from the user's environment when the " "I<env_reset> option is not in effect. The argument may be a double-quoted, " "space-separated list or a single value without double-quotes. The list can " "be replaced, added to, deleted from, or disabled by using the C<=>, C<+=>, " "C<-=>, and C<!> operators respectively. The default list of environment " "variables to remove is displayed when B<sudo> is run by root with the I<-V> " "option. Note that many operating systems will remove potentially dangerous " "variables from the environment of any setuid process (such as B<sudo>)." msgstr "" #. type: =item #: C/sudoers.pod:1592 msgid "env_keep" msgstr "env_keep" #. type: textblock #: C/sudoers.pod:1594 msgid "" "Environment variables to be preserved in the user's environment when the " "I<env_reset> option is in effect. This allows fine-grained control over the " "environment B<sudo>-spawned processes will receive. The argument may be a " "double-quoted, space-separated list or a single value without double-" "quotes. The list can be replaced, added to, deleted from, or disabled by " "using the C<=>, C<+=>, C<-=>, and C<!> operators respectively. The default " "list of variables to keep is displayed when B<sudo> is run by root with the " "I<-V> option." msgstr "" #. type: =head1 #: C/sudoers.pod:1605 msgid "SUDO.CONF" msgstr "SUDO.CONF" #. type: textblock #: C/sudoers.pod:1607 msgid "" "The F<@sysconfdir@/sudo.conf> file determines which plugins the B<sudo> " "front end will load. If no F<@sysconfdir@/sudo.conf> file is present, or it " "contains no C<Plugin> lines, B<sudo> will use the I<sudoers> security policy " "and I/O logging, which corresponds to the following F<@sysconfdir@/sudo." "conf> file." msgstr "" #. type: verbatim #: C/sudoers.pod:1613 C/sudo.pod:420 #, no-wrap msgid "" " #\n" " # Default @sysconfdir@/sudo.conf file\n" " #\n" " # Format:\n" " # Plugin plugin_name plugin_path plugin_options ...\n" " # Path askpass /path/to/askpass\n" " # Path noexec /path/to/sudo_noexec.so\n" " # Debug sudo /var/log/sudo_debug all@warn\n" " # Set disable_coredump true\n" " #\n" " # The plugin_path is relative to @prefix@/libexec unless\n" " # fully qualified.\n" " # The plugin_name corresponds to a global symbol in the plugin\n" " # that contains the plugin interface structure.\n" " # The plugin_options are optional.\n" " #\n" " Plugin policy_plugin sudoers.so\n" " Plugin io_plugin sudoers.so \n" "\n" msgstr "" #. type: =head2 #: C/sudoers.pod:1632 msgid "PLUGIN OPTIONS" msgstr "OPTIONS DES PLUGINS" #. type: textblock #: C/sudoers.pod:1634 msgid "" "Starting with B<sudo> 1.8.5 it is possible to pass options to the I<sudoers> " "plugin. Options may be listed after the path to the plugin (i.e. after " "F<sudoers.so>); multiple options should be space-separated. For example:" msgstr "" #. type: verbatim #: C/sudoers.pod:1639 #, no-wrap msgid "" " Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440\n" "\n" msgstr "" " Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440\n" "\n" #. type: textblock #: C/sudoers.pod:1641 msgid "The following plugin options are supported:" msgstr "Les options de plugin suivantes sont reconnues :" #. type: =item #: C/sudoers.pod:1645 #, fuzzy #| msgid "sudoers_locale" msgid "sudoers_file=pathname" msgstr "sudoers_locale" #. type: textblock #: C/sudoers.pod:1647 msgid "" "The I<sudoers_file> option can be used to override the default path to the " "I<sudoers> file." msgstr "" #. type: =item #: C/sudoers.pod:1650 msgid "sudoers_uid=uid" msgstr "sudoers_uid=uid" #. type: textblock #: C/sudoers.pod:1652 msgid "" "The I<sudoers_uid> option can be used to override the default owner of the " "sudoers file. It should be specified as a numeric user ID." msgstr "" #. type: =item #: C/sudoers.pod:1655 msgid "sudoers_gid=gid" msgstr "sudoers_gid=gid" #. type: textblock #: C/sudoers.pod:1657 msgid "" "The I<sudoers_gid> option can be used to override the default group of the " "sudoers file. It should be specified as a numeric group ID." msgstr "" #. type: =item #: C/sudoers.pod:1660 msgid "sudoers_mode=mode" msgstr "sudoers_mode=mode" #. type: textblock #: C/sudoers.pod:1662 msgid "" "The I<sudoers_mode> option can be used to override the default file mode for " "the sudoers file. It should be specified as an octal value." msgstr "" #. type: =head1 #: C/sudoers.pod:1667 C/sudo.pod:484 msgid "DEBUG FLAGS" msgstr "DEBOGAGE" #. type: textblock #: C/sudoers.pod:1669 msgid "" "Versions 1.8.4 and higher of the I<sudoers> plugin supports a debugging " "framework that can help track down what the plugin is doing internally if " "there is a problem. This can be configured in the F<@sysconfdir@/sudo.conf> " "file as described in L<sudo(8)>." msgstr "" #. type: textblock #: C/sudoers.pod:1674 msgid "" "The I<sudoers> plugin uses the same debug flag format as B<sudo> itself: " "I<subsystem>@I<priority>." msgstr "" #. type: textblock #: C/sudoers.pod:1677 msgid "" "The priorities used by I<sudoers>, in order of decreasing severity, are: " "I<crit>, I<err>, I<warn>, I<notice>, I<diag>, I<info>, I<trace> and " "I<debug>. Each priority, when specified, also includes all priorities " "higher than it. For example, a priority of I<notice> would include debug " "messages logged at I<notice> and higher." msgstr "" #. type: textblock #: C/sudoers.pod:1683 msgid "The following subsystems are used by I<sudoers>:" msgstr "Les sous-systèmes suivants sont utilisés par I<sudoers> :" #. type: =item #: C/sudoers.pod:1687 msgid "I<alias>" msgstr "I<alias>" #. type: textblock #: C/sudoers.pod:1689 msgid "" "C<User_Alias>, C<Runas_Alias>, C<Host_Alias> and C<Cmnd_Alias> processing" msgstr "" #. type: =item #: C/sudoers.pod:1691 C/sudo.pod:520 msgid "I<all>" msgstr "I<all>" #. type: textblock #: C/sudoers.pod:1693 C/sudo.pod:522 msgid "matches every subsystem" msgstr "" #. type: =item #: C/sudoers.pod:1695 msgid "I<audit>" msgstr "I<audit>" #. type: textblock #: C/sudoers.pod:1697 msgid "BSM and Linux audit code" msgstr "" #. type: =item #: C/sudoers.pod:1699 msgid "I<auth>" msgstr "I<auth>" #. type: textblock #: C/sudoers.pod:1701 #, fuzzy #| msgid "authenticate" msgid "user authentication" msgstr "authenticate" #. type: =item #: C/sudoers.pod:1703 msgid "I<defaults>" msgstr "I<defaults>" #. type: textblock #: C/sudoers.pod:1705 msgid "I<sudoers> I<Defaults> settings" msgstr "" #. type: =item #: C/sudoers.pod:1707 msgid "I<env>" msgstr "I<env>" #. type: textblock #: C/sudoers.pod:1709 msgid "environment handling" msgstr "" #. type: =item #: C/sudoers.pod:1711 msgid "I<ldap>" msgstr "I<ldap>" #. type: textblock #: C/sudoers.pod:1713 msgid "LDAP-based sudoers" msgstr "" #. type: =item #: C/sudoers.pod:1715 msgid "I<logging>" msgstr "I<logging>" #. type: textblock #: C/sudoers.pod:1717 msgid "logging support" msgstr "" #. type: =item #: C/sudoers.pod:1719 msgid "I<match>" msgstr "I<match>" #. type: textblock #: C/sudoers.pod:1721 msgid "matching of users, groups, hosts and netgroups in I<sudoers>" msgstr "" #. type: =item #: C/sudoers.pod:1723 C/sudo.pod:544 msgid "I<netif>" msgstr "I<netif>" #. type: textblock #: C/sudoers.pod:1725 C/sudo.pod:546 msgid "network interface handling" msgstr "" #. type: =item #: C/sudoers.pod:1727 msgid "I<nss>" msgstr "I<nss>" #. type: textblock #: C/sudoers.pod:1729 msgid "network service switch handling in I<sudoers>" msgstr "" #. type: =item #: C/sudoers.pod:1731 #, fuzzy #| msgid "-U I<user>" msgid "I<parser>" msgstr "-U I<utilisateur>" #. type: textblock #: C/sudoers.pod:1733 #, fuzzy #| msgid "" #| " sudoers: files\n" #| "\n" msgid "I<sudoers> file parsing" msgstr "" " sudoers: files\n" "\n" #. type: =item #: C/sudoers.pod:1735 msgid "I<perms>" msgstr "I<perms>" #. type: textblock #: C/sudoers.pod:1737 msgid "permission setting" msgstr "" #. type: =item #: C/sudoers.pod:1739 C/sudo.pod:552 msgid "I<plugin>" msgstr "I<plugin>" #. type: textblock #: C/sudoers.pod:1741 msgid "The equivalent of I<main> for the plugin." msgstr "" #. type: =item #: C/sudoers.pod:1743 C/sudo.pod:556 msgid "I<pty>" msgstr "I<pty>" #. type: textblock #: C/sudoers.pod:1745 C/sudo.pod:558 msgid "pseudo-tty related code" msgstr "" #. type: =item #: C/sudoers.pod:1747 msgid "I<rbtree>" msgstr "I<rbtree>" #. type: textblock #: C/sudoers.pod:1749 msgid "redblack tree internals" msgstr "" #. type: =item #: C/sudoers.pod:1751 C/sudo.pod:564 msgid "I<util>" msgstr "I<util>" #. type: textblock #: C/sudoers.pod:1753 C/sudo.pod:566 msgid "utility functions" msgstr "" #. type: =item #: C/sudoers.pod:1761 C/sudo.pod:707 msgid "F<@sysconfdir@/sudo.conf>" msgstr "F<@sysconfdir@/sudo.conf>" #. type: textblock #: C/sudoers.pod:1763 #, fuzzy #| msgid "sudoers.ldap - sudo LDAP configuration" msgid "Sudo front end configuration" msgstr "sudoers.ldap - Configuration LDAP pour sudo" #. type: =item #: C/sudoers.pod:1765 C/visudo.pod:135 msgid "F<@sysconfdir@/sudoers>" msgstr "F<@sysconfdir@/sudoers>" #. type: textblock #: C/sudoers.pod:1767 C/visudo.pod:137 msgid "List of who can run what" msgstr "" #. type: =item #: C/sudoers.pod:1769 msgid "F</etc/group>" msgstr "F</etc/group>" #. type: textblock #: C/sudoers.pod:1771 msgid "Local groups file" msgstr "" #. type: =item #: C/sudoers.pod:1773 msgid "F</etc/netgroup>" msgstr "F</etc/netgroup>" #. type: textblock #: C/sudoers.pod:1775 msgid "List of network groups" msgstr "" #. type: =item #: C/sudoers.pod:1777 msgid "F<@iolog_dir@>" msgstr "F<@iolog_dir@>" #. type: textblock #: C/sudoers.pod:1779 msgid "I/O log files" msgstr "" #. type: =item #: C/sudoers.pod:1781 msgid "F<@timedir@>" msgstr "F<@timedir@>" #. type: textblock #: C/sudoers.pod:1783 #, fuzzy #| msgid "Directory containing time stamps" msgid "Directory containing time stamps for the I<sudoers> security policy" msgstr "Répertoire contenant les horodatages" #. type: =item #: C/sudoers.pod:1785 msgid "F</etc/environment>" msgstr "F</etc/environment>" #. type: textblock #: C/sudoers.pod:1787 #, fuzzy #| msgid "Initial environment for B<-i> mode on Linux and AIX" msgid "Initial environment for B<-i> mode on AIX and Linux systems" msgstr "Environnement de départ pour le mode <-i> sur Linux et AIX" #. type: textblock #: C/sudoers.pod:1793 msgid "" "Below are example I<sudoers> entries. Admittedly, some of these are a bit " "contrived. First, we allow a few environment variables to pass and then " "define our I<aliases>:" msgstr "" #. type: verbatim #: C/sudoers.pod:1797 #, no-wrap msgid "" " # Run X applications through sudo; HOME is used to find the\n" " # .Xauthority file. Note that other programs use HOME to find\n" " # configuration files and this may lead to privilege escalation!\n" " Defaults env_keep += \"DISPLAY HOME\"\n" "\n" msgstr "" #. type: verbatim #: C/sudoers.pod:1802 #, no-wrap msgid "" " # User alias specification\n" " User_Alias\tFULLTIMERS = millert, mikef, dowdy\n" " User_Alias\tPARTTIMERS = bostley, jwfox, crawl\n" " User_Alias\tWEBMASTERS = will, wendy, wim\n" "\n" msgstr "" #. type: verbatim #: C/sudoers.pod:1807 #, no-wrap msgid "" " # Runas alias specification\n" " Runas_Alias\tOP = root, operator\n" " Runas_Alias\tDB = oracle, sybase\n" " Runas_Alias\tADMINGRP = adm, oper\n" "\n" msgstr "" #. type: verbatim #: C/sudoers.pod:1812 #, no-wrap msgid "" " # Host alias specification\n" " Host_Alias\tSPARC = bigtime, eclipse, moet, anchor :\\\n" "\t\tSGI = grolsch, dandelion, black :\\\n" "\t\tALPHA = widget, thalamus, foobar :\\\n" "\t\tHPPA = boa, nag, python\n" " Host_Alias\tCUNETS = 128.138.0.0/255.255.0.0\n" " Host_Alias\tCSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0\n" " Host_Alias\tSERVERS = master, mail, www, ns\n" " Host_Alias\tCDROM = orion, perseus, hercules\n" "\n" msgstr "" #. type: verbatim #: C/sudoers.pod:1822 #, no-wrap msgid "" " # Cmnd alias specification\n" " Cmnd_Alias\tDUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\\\n" "\t\t\t/usr/sbin/restore, /usr/sbin/rrestore\n" " Cmnd_Alias\tKILL = /usr/bin/kill\n" " Cmnd_Alias\tPRINTING = /usr/sbin/lpc, /usr/bin/lprm\n" " Cmnd_Alias\tSHUTDOWN = /usr/sbin/shutdown\n" " Cmnd_Alias\tHALT = /usr/sbin/halt\n" " Cmnd_Alias\tREBOOT = /usr/sbin/reboot\n" " Cmnd_Alias\tSHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \\\n" "\t\t\t /usr/local/bin/tcsh, /usr/bin/rsh, \\\n" "\t\t\t /usr/local/bin/zsh\n" " Cmnd_Alias\tSU = /usr/bin/su\n" " Cmnd_Alias\tPAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1836 msgid "" "Here we override some of the compiled in default values. We want B<sudo> to " "log via L<syslog(3)> using the I<auth> facility in all cases. We don't want " "to subject the full time staff to the B<sudo> lecture, user B<millert> need " "not give a password, and we don't want to reset the C<LOGNAME>, C<USER> or " "C<USERNAME> environment variables when running commands as root. " "Additionally, on the machines in the I<SERVERS> C<Host_Alias>, we keep an " "additional local log file and make sure we log the year in each log line " "since the log entries will be kept around for several years. Lastly, we " "disable shell escapes for the commands in the PAGERS C<Cmnd_Alias> (F</usr/" "bin/more>, F</usr/bin/pg> and F</usr/bin/less>)." msgstr "" #. type: verbatim #: C/sudoers.pod:1848 #, no-wrap msgid "" " # Override built-in defaults\n" " Defaults\t\tsyslog=auth\n" " Defaults>root\t\t!set_logname\n" " Defaults:FULLTIMERS\t!lecture\n" " Defaults:millert\t!authenticate\n" " Defaults@SERVERS\tlog_year, logfile=/var/log/sudo.log\n" " Defaults!PAGERS\tnoexec\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1856 msgid "" "The I<User specification> is the part that actually determines who may run " "what." msgstr "" #. type: verbatim #: C/sudoers.pod:1859 #, no-wrap msgid "" " root\t\tALL = (ALL) ALL\n" " %wheel\t\tALL = (ALL) ALL\n" "\n" msgstr "" " root\t\tALL = (ALL) ALL\n" " %wheel\t\tALL = (ALL) ALL\n" "\n" #. type: textblock #: C/sudoers.pod:1862 #, fuzzy #| msgid "" #| "The following example allows users in group wheel to run any command on " #| "any host via B<sudo>:" msgid "" "We let B<root> and any user in group B<wheel> run any command on any host as " "any user." msgstr "" "L'exemple permet à B<root> et tout utilisateur du groupe B<wheel> d'exécuter " "n'importe quelle commande sur n'importe quel hôte :" #. type: verbatim #: C/sudoers.pod:1865 #, no-wrap msgid "" " FULLTIMERS\tALL = NOPASSWD: ALL\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1867 msgid "" "Full time sysadmins (B<millert>, B<mikef>, and B<dowdy>) may run any command " "on any host without authenticating themselves." msgstr "" "Les administrateurs système à temps plein (B<millert>, B<mikef> et " "B<dowdy>) peuvent exécuter toute commande sur tout hôte sans avoir à " "s'authentifier." #. type: verbatim #: C/sudoers.pod:1870 #, no-wrap msgid "" " PARTTIMERS\tALL = ALL\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1872 msgid "" "Part time sysadmins (B<bostley>, B<jwfox>, and B<crawl>) may run any command " "on any host but they must authenticate themselves first (since the entry " "lacks the C<NOPASSWD> tag)." msgstr "" "Les administrateurs à temps partiel ((B<bostley>, B<jwfox> et B<crawl>) " "peuvent exécuter tout commande sur tout hôte, mais doivent d'abord " "s'authentifier (puisque C<NOPASSWD> n'est pas indiqué dans la configuration)." #. type: verbatim #: C/sudoers.pod:1876 #, no-wrap msgid "" " jack\t\tCSNETS = ALL\n" "\n" msgstr "" " jack\t\tCSNETS = ALL\n" "\n" #. type: textblock #: C/sudoers.pod:1878 msgid "" "The user B<jack> may run any command on the machines in the I<CSNETS> alias " "(the networks C<128.138.243.0>, C<128.138.204.0>, and C<128.138.242.0>). Of " "those networks, only C<128.138.204.0> has an explicit netmask (in CIDR " "notation) indicating it is a class C network. For the other networks in " "I<CSNETS>, the local machine's netmask will be used during matching." msgstr "" "L'utilisateur B<jack> peut exécuter toute commande sur les machines faisant " "partie de l'alias I<CSNETS> (constitué des réseaux C<128.138.243.0>, " "C<128.138.204.0> et C<128.138.242.0>). Parmi ces réseaux, le masque de " "réseau (en notation CIDR) n'est indiqué que pour C<128.138.204.0>, ici un " "réseau de classe C. Pour les autres réseaux de I<CSNETS>, la comparaison sera " "effectuée par rapport au masque de réseau de la machine locale." #. type: verbatim #: C/sudoers.pod:1885 #, no-wrap msgid "" " lisa\t\tCUNETS = ALL\n" "\n" msgstr "" " lisa\t\tCUNETS = ALL\n" "\n" #. type: textblock #: C/sudoers.pod:1887 msgid "" "The user B<lisa> may run any command on any host in the I<CUNETS> alias (the " "class B network C<128.138.0.0>)." msgstr "" "L'utilisatrice B<lisa> peut exécuter toute commande sur tout hôte faisant " "partie de l'alias I<CUNETS> (constitué ici du réseau de classe B " "C<128.138.0.0>)." #. type: verbatim #: C/sudoers.pod:1890 #, no-wrap msgid "" " operator\tALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\\\n" "\t\tsudoedit /etc/printcap, /usr/oper/bin/\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1893 msgid "" "The B<operator> user may run commands limited to simple maintenance. Here, " "those are commands related to backups, killing processes, the printing " "system, shutting down the system, and any commands in the directory F</usr/" "oper/bin/>." msgstr "" #. type: verbatim #: C/sudoers.pod:1898 #, no-wrap msgid "" " joe\t\tALL = /usr/bin/su operator\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1900 msgid "The user B<joe> may only L<su(1)> to operator." msgstr "" #. type: verbatim #: C/sudoers.pod:1902 #, no-wrap msgid "" " pete\t\tHPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root\n" "\n" msgstr "" " pete\t\tHPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root\n" "\n" #. type: verbatim #: C/sudoers.pod:1904 #, no-wrap msgid "" " %opers\t\tALL = (: ADMINGRP) /usr/sbin/\n" "\n" msgstr "" " %opers\t\tALL = (: ADMINGRP) /usr/sbin/\n" "\n" #. type: textblock #: C/sudoers.pod:1906 msgid "" "Users in the B<opers> group may run commands in F</usr/sbin/> as themselves " "with any group in the I<ADMINGRP> C<Runas_Alias> (the B<adm> and B<oper> " "groups)." msgstr "" #. type: textblock #: C/sudoers.pod:1910 msgid "" "The user B<pete> is allowed to change anyone's password except for root on " "the I<HPPA> machines. Note that this assumes L<passwd(1)> does not take " "multiple user names on the command line." msgstr "" #. type: verbatim #: C/sudoers.pod:1914 #, no-wrap msgid "" " bob\t\tSPARC = (OP) ALL : SGI = (OP) ALL\n" "\n" msgstr "" " bob\t\tSPARC = (OP) ALL : SGI = (OP) ALL\n" "\n" #. type: textblock #: C/sudoers.pod:1916 msgid "" "The user B<bob> may run anything on the I<SPARC> and I<SGI> machines as any " "user listed in the I<OP> C<Runas_Alias> (B<root> and B<operator>)." msgstr "" #. type: verbatim #: C/sudoers.pod:1919 #, no-wrap msgid "" " jim\t\t+biglab = ALL\n" "\n" msgstr "" " jim\t\t+biglab = ALL\n" "\n" #. type: textblock #: C/sudoers.pod:1921 msgid "" "The user B<jim> may run any command on machines in the I<biglab> netgroup. " "B<sudo> knows that \"biglab\" is a netgroup due to the '+' prefix." msgstr "" #. type: verbatim #: C/sudoers.pod:1924 #, no-wrap msgid "" " +secretaries\tALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser\n" "\n" msgstr "" " +secretaries\tALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser\n" "\n" #. type: textblock #: C/sudoers.pod:1926 msgid "" "Users in the B<secretaries> netgroup need to help manage the printers as " "well as add and remove users, so they are allowed to run those commands on " "all machines." msgstr "" #. type: verbatim #: C/sudoers.pod:1930 #, no-wrap msgid "" " fred\t\tALL = (DB) NOPASSWD: ALL\n" "\n" msgstr "" " fred\t\tALL = (DB) NOPASSWD: ALL\n" "\n" #. type: textblock #: C/sudoers.pod:1932 msgid "" "The user B<fred> can run commands as any user in the I<DB> C<Runas_Alias> " "(B<oracle> or B<sybase>) without giving a password." msgstr "" #. type: verbatim #: C/sudoers.pod:1935 #, no-wrap msgid "" " john\t\tALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*\n" "\n" msgstr "" " john\t\tALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*\n" "\n" #. type: textblock #: C/sudoers.pod:1937 msgid "" "On the I<ALPHA> machines, user B<john> may su to anyone except root but he " "is not allowed to specify any options to the L<su(1)> command." msgstr "" #. type: verbatim #: C/sudoers.pod:1940 #, no-wrap msgid "" " jen\t\tALL, !SERVERS = ALL\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1942 msgid "" "The user B<jen> may run any command on any machine except for those in the " "I<SERVERS> C<Host_Alias> (master, mail, www and ns)." msgstr "" #. type: verbatim #: C/sudoers.pod:1945 #, no-wrap msgid "" " jill\t\tSERVERS = /usr/bin/, !SU, !SHELLS\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1947 msgid "" "For any machine in the I<SERVERS> C<Host_Alias>, B<jill> may run any " "commands in the directory F</usr/bin/> except for those commands belonging " "to the I<SU> and I<SHELLS> C<Cmnd_Aliases>." msgstr "" #. type: verbatim #: C/sudoers.pod:1951 #, no-wrap msgid "" " steve\t\tCSNETS = (operator) /usr/local/op_commands/\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1953 msgid "" "The user B<steve> may run any command in the directory /usr/local/" "op_commands/ but only as user operator." msgstr "" #. type: verbatim #: C/sudoers.pod:1956 #, no-wrap msgid "" " matt\t\tvalkyrie = KILL\n" "\n" msgstr "" " matt\t\tvalkyrie = KILL\n" "\n" #. type: textblock #: C/sudoers.pod:1958 msgid "" "On his personal workstation, valkyrie, B<matt> needs to be able to kill hung " "processes." msgstr "" #. type: verbatim #: C/sudoers.pod:1961 #, no-wrap msgid "" " WEBMASTERS\twww = (www) ALL, (root) /usr/bin/su www\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1963 msgid "" "On the host www, any user in the I<WEBMASTERS> C<User_Alias> (will, wendy, " "and wim), may run any command as user www (which owns the web pages) or " "simply L<su(1)> to www." msgstr "" #. type: verbatim #: C/sudoers.pod:1967 #, no-wrap msgid "" " ALL\t\tCDROM = NOPASSWD: /sbin/umount /CDROM,\\\n" "\t\t/sbin/mount -o nosuid\\,nodev /dev/cd0a /CDROM\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1970 msgid "" "Any user may mount or unmount a CD-ROM on the machines in the CDROM " "C<Host_Alias> (orion, perseus, hercules) without entering a password. This " "is a bit tedious for users to type, so it is a prime candidate for " "encapsulating in a shell script." msgstr "" #. type: =head1 #: C/sudoers.pod:1975 C/sudo.pod:591 msgid "SECURITY NOTES" msgstr "NOTES DE SÃ?CURITÃ?" #. type: =head2 #: C/sudoers.pod:1977 msgid "Limitations of the '!' operator" msgstr "" #. type: textblock #: C/sudoers.pod:1979 msgid "" "It is generally not effective to \"subtract\" commands from C<ALL> using the " "'!' operator. A user can trivially circumvent this by copying the desired " "command to a different name and then executing that. For example:" msgstr "" #. type: verbatim #: C/sudoers.pod:1984 #, no-wrap msgid "" " bill\tALL = ALL, !SU, !SHELLS\n" "\n" msgstr "" #. type: textblock #: C/sudoers.pod:1986 msgid "" "Doesn't really prevent B<bill> from running the commands listed in I<SU> or " "I<SHELLS> since he can simply copy those commands to a different name, or " "use a shell escape from an editor or other program. Therefore, these kind " "of restrictions should be considered advisory at best (and reinforced by " "policy)." msgstr "" #. type: textblock #: C/sudoers.pod:1992 #, fuzzy #| msgid "" #| "If users have sudo C<ALL> there is nothing to prevent them from creating " #| "their own program that gives them a root shell regardless of any '!' " #| "elements in the user specification." msgid "" "In general, if a user has sudo C<ALL> there is nothing to prevent them from " "creating their own program that gives them a root shell (or making their own " "copy of a shell) regardless of any '!' elements in the user specification." msgstr "" "Si les utilisateurs ont le privilège sudo C<ALL>, il n'y a rien pour les " "empêcher de créer leur propre programme leur donnant un interpréteur " "superutilisateur sans tenir compte d'aucun élément « ! » dans la " "spécification utilisateur." #. type: =head2 #: C/sudoers.pod:1997 msgid "Security implications of I<fast_glob>" msgstr "Conséquences de I<fast_glob> sur la sécurité" #. type: textblock #: C/sudoers.pod:1999 msgid "" "If the I<fast_glob> option is in use, it is not possible to reliably negate " "commands where the path name includes globbing (aka wildcard) characters. " "This is because the C library's L<fnmatch(3)> function cannot resolve " "relative paths. While this is typically only an inconvenience for rules " "that grant privileges, it can result in a security issue for rules that " "subtract or revoke privileges." msgstr "" #. type: textblock #: C/sudoers.pod:2007 msgid "For example, given the following I<sudoers> entry:" msgstr "" #. type: verbatim #: C/sudoers.pod:2009 #, no-wrap msgid "" " john\tALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\n" " /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root\n" "\n" msgstr "" " john\tALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,\n" " /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root\n" "\n" #. type: textblock #: C/sudoers.pod:2012 msgid "" "User B<john> can still run C</usr/bin/passwd root> if I<fast_glob> is " "enabled by changing to F</usr/bin> and running C<./passwd root> instead." msgstr "" #. type: =head2 #: C/sudoers.pod:2015 msgid "Preventing Shell Escapes" msgstr "Empêcher les protections de l'interpréteur" #. type: textblock #: C/sudoers.pod:2017 msgid "" "Once B<sudo> executes a program, that program is free to do whatever it " "pleases, including run other programs. This can be a security issue since " "it is not uncommon for a program to allow shell escapes, which lets a user " "bypass B<sudo>'s access control and logging. Common programs that permit " "shell escapes include shells (obviously), editors, paginators, mail and " "terminal programs." msgstr "" #. type: textblock #: C/sudoers.pod:2024 msgid "There are two basic approaches to this problem:" msgstr "" #. type: =item #: C/sudoers.pod:2028 msgid "restrict" msgstr "" #. type: textblock #: C/sudoers.pod:2030 msgid "" "Avoid giving users access to commands that allow the user to run arbitrary " "commands. Many editors have a restricted mode where shell escapes are " "disabled, though B<sudoedit> is a better solution to running editors via " "B<sudo>. Due to the large number of programs that offer shell escapes, " "restricting users to the set of programs that do not is often unworkable." msgstr "" #. type: textblock #: C/sudoers.pod:2039 msgid "" "Many systems that support shared libraries have the ability to override " "default library functions by pointing an environment variable (usually " "C<LD_PRELOAD>) to an alternate shared library. On such systems, B<sudo>'s " "I<noexec> functionality can be used to prevent a program run by B<sudo> from " "executing any other programs. Note, however, that this applies only to " "native dynamically-linked executables. Statically-linked executables and " "foreign executables running under binary emulation are not affected." msgstr "" #. type: textblock #: C/sudoers.pod:2048 msgid "" "The I<noexec> feature is known to work on SunOS, Solaris, *BSD, Linux, IRIX, " "Tru64 UNIX, MacOS X, HP-UX 11.x and AIX 5.3 and above. It should be " "supported on most operating systems that support the C<LD_PRELOAD> " "environment variable. Check your operating system's manual pages for the " "dynamic linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see " "if C<LD_PRELOAD> is supported." msgstr "" #. type: textblock #: C/sudoers.pod:2055 msgid "" "On Solaris 10 and higher, I<noexec> uses Solaris privileges instead of the " "C<LD_PRELOAD> environment variable." msgstr "" #. type: textblock #: C/sudoers.pod:2058 msgid "" "To enable I<noexec> for a command, use the C<NOEXEC> tag as documented in " "the User Specification section above. Here is that example again:" msgstr "" #. type: textblock #: C/sudoers.pod:2063 msgid "" "This allows user B<aaron> to run F</usr/bin/more> and F</usr/bin/vi> with " "I<noexec> enabled. This will prevent those two commands from executing " "other commands (such as a shell). If you are unsure whether or not your " "system is capable of supporting I<noexec> you can always just try it out and " "check whether shell escapes work when I<noexec> is enabled." msgstr "" #. type: textblock #: C/sudoers.pod:2072 msgid "" "Note that restricting shell escapes is not a panacea. Programs running as " "root are still capable of many potentially hazardous operations (such as " "changing or overwriting files) that could lead to unintended privilege " "escalation. In the specific case of an editor, a safer approach is to give " "the user permission to run B<sudoedit>." msgstr "" #. type: =head2 #: C/sudoers.pod:2079 msgid "Time stamp file checks" msgstr "" #. type: textblock #: C/sudoers.pod:2081 #, fuzzy msgid "" "I<sudoers> will check the ownership of its time stamp directory " "(F<@timedir@> by default) and ignore the directory's contents if it is not " "owned by root or if it is writable by a user other than root. On systems " "that allow non-root users to give away files via L<chown(2)>, if the time " "stamp directory is located in a world-writable directory (e.g., F</tmp>), it " "is possible for a user to create the time stamp directory before B<sudo> is " "run. However, because I<sudoers> checks the ownership and mode of the " "directory and its contents, the only damage that can be done is to \"hide\" " "files by putting them in the time stamp dir. This is unlikely to happen " "since once the time stamp dir is owned by root and inaccessible by any other " "user, the user placing files there would be unable to get them back out." msgstr "" "B<sudo> contrôlera la propriété de son répertoire d'horodatage (F<@timedir@> " "par défaut) et ignorera le contenu du répertoire s'il n'est pas la propriété " "du superutilisateur ou s'il y est possible d'écrire pour un utilisateur " "autre que le super utilisateur. Sur les systèmes qui autorisent les non-" "superutilisateurs ??a donner des fichiers?? via L<chown(2)>, si le " "répertoire d'horodatage est localisé dans un répertoire où tout le monde " "peut écrire (e.g. F</tmp>=, il est possible pour un utilisateur de créer le " "répertoire d'horodatage avant que B<sudo> ne soit exécuté. Cependant, parce " "que B<sudo> contrôle la propriété et le mode du répertoire et de son " "contenu, le seul dommage pouvant être fait est de « cacher » des fichiers en " "les mettant dans le répertoire d'horodatage. Il est peu probable que cela " "arrive du moment que le répertoire d'horodatage est la propriété du " "superutilisateur et inaccessible par n'importe quel autre utilisateur, " "l'utilisateur plaçant des fichiers ici serait incapable de les récupérer. " "Pour contourner ce problème, vous pouvez utiliser un répertoire ou tout le " "monde de peut pas écrire pour les horodatages (F</var/adm/sudo>) par " "exemple) ou créer F<@timedir@> avec le propriétaire (root) et les " "permissions appropriés (0700) dans les fichiers de démarrage du système." #. type: textblock #: C/sudoers.pod:2095 #, fuzzy #| msgid "" #| "B<sudo> will not honor time stamps set far in the future. Timestamps " #| "with a date greater than current_time + 2 * C<TIMEOUT> will be ignored " #| "and sudo will log and complain. This is done to keep a user from " #| "creating his/her own time stamp with a bogus date on systems that allow " #| "users to give away files." msgid "" "I<sudoers> will not honor time stamps set far in the future. Time stamps " "with a date greater than current_time + 2 * C<TIMEOUT> will be ignored and " "sudo will log and complain. This is done to keep a user from creating his/" "her own time stamp with a bogus date on systems that allow users to give " "away files if the time stamp directory is located in a world-writable " "directory." msgstr "" "B<sudo> ne respectera pas les horodatages définis loin dans le futur. Les " "horodatage avec une date plus grande que current_time + 2 * C<TIMEOUT> " "seront ignorés. L'évènement sera enregistré par sudo et une alerte sera " "levée. Ceci est fait pour empêcher un utilisateur de créer son propre " "horodatage avec une date fausse sur des systèmes qui autorisent les " "utilisateurs à donner des fichiers." #. type: textblock #: C/sudoers.pod:2102 #, fuzzy #| msgid "" #| "On systems where the boot time is available, B<sudo> will also not honor " #| "time stamps from before the machine booted." msgid "" "On systems where the boot time is available, I<sudoers> will ignore time " "stamps that date from before the machine booted." msgstr "" "Sur les systèmes ou la date de démarrage est disponible, B<sudo> ne " "respectera pas non plus les horodatages datant d'avant le démarrage de la " "machine." #. type: textblock #: C/sudoers.pod:2105 #, fuzzy #| msgid "" #| "Since time stamp files live in the file system, they can outlive a user's " #| "login session. As a result, a user may be able to login, run a command " #| "with B<sudo> after authenticating, logout, login again, and run B<sudo> " #| "without authenticating so long as the time stamp file's modification time " #| "is within C<@timeout@> minutes (or whatever the timeout is set to in " #| "I<sudoers>). When the I<tty_tickets> option is enabled in I<sudoers>, " #| "the time stamp has per-tty granularity but still may outlive the user's " #| "session. On Linux systems where the devpts filesystem is used, Solaris " #| "systems with the devices filesystem, as well as other systems that " #| "utilize a devfs filesystem that monotonically increase the inode number " #| "of devices as they are created (such as Mac OS X), B<sudo> is able to " #| "determine when a tty-based time stamp file is stale and will ignore it. " #| "Administrators should not rely on this feature as it is not universally " #| "available." msgid "" "Since time stamp files live in the file system, they can outlive a user's " "login session. As a result, a user may be able to login, run a command with " "B<sudo> after authenticating, logout, login again, and run B<sudo> without " "authenticating so long as the time stamp file's modification time is within " "C<@timeout@> minutes (or whatever the timeout is set to in I<sudoers>). " "When the I<tty_tickets> option is enabled, the time stamp has per-tty " "granularity but still may outlive the user's session. On Linux systems " "where the devpts filesystem is used, Solaris systems with the devices " "filesystem, as well as other systems that utilize a devfs filesystem that " "monotonically increase the inode number of devices as they are created (such " "as Mac OS X), I<sudoers> is able to determine when a tty-based time stamp " "file is stale and will ignore it. Administrators should not rely on this " "feature as it is not universally available." msgstr "" "Ã?tant donné que les fichiers d'horodatage vivent dans le système de " "fichiers, ils peuvent survivre à une session utilisateur. Par conséquent, un " "utilisateur peut se connecter, exécuter une commande avec B<sudo> après " "authentification, se déconnecter, se connecter à nouveau, et exécuter " "B<sudo> sans authentification tant que la date de modification du fichier " "d'horodatage date de moins de C<@timeout@> minutes (ou bien la valeur " "définie dans I<sudoers>). Lorsque l'option I<tty_tickets> est activée dans " "I<sudoers>, l'horodatage a une granularité par tty mais peut toujours " "survivre à une session utilisateur. Que ce soit sur les systèmes Linux ou le " "système de fichiers devpts est utilisé, les systèmes Solaris avec le système " "de fichiers devices, ou sur tout autre système qui utilise un système de " "fichiers devfs qui incrémentent de facon monotone le numéro d'inode les " "periphériques selon l'ordre de création (comme sur Mac OS X), B<sudo> est " "capable de déterminer si un fichier d'horodatage correspondant a un tty est " "trop ancien est l'ignorera. Les administrateurs ne doivent pas compter sur " "cette fonctionnalité étant donné qu'elle n'est pas disponible de manière " "universelle." #. type: textblock #: C/sudoers.pod:2122 msgid "" "L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<glob(3)>, L<mktemp(3)>, L<strftime(3)" ">, L<sudoers.ldap(5)>, L<sudo_plugin(8)>, L<sudo(8)>, L<visudo(8)>" msgstr "" "L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<glob(3)>, L<mktemp(3)>, L<strftime(3)" ">, L<sudoers.ldap(5)>, L<sudo_plugin(8)>, L<sudo(8)>, L<visudo(8)>" #. type: textblock #: C/sudoers.pod:2127 msgid "" "The I<sudoers> file should B<always> be edited by the B<visudo> command " "which locks the file and does grammatical checking. It is imperative that " "I<sudoers> be free of syntax errors since B<sudo> will not run with a " "syntactically incorrect I<sudoers> file." msgstr "" #. type: textblock #: C/sudoers.pod:2132 msgid "" "When using netgroups of machines (as opposed to users), if you store fully " "qualified host name in the netgroup (as is usually the case), you either " "need to have the machine's host name be fully qualified as returned by the " "C<hostname> command or use the I<fqdn> option in I<sudoers>." msgstr "" #. type: textblock #: C/sudo.pod:25 msgid "sudo, sudoedit - execute a command as another user" msgstr "sudo, sudoedit - exécute une commande en tant qu'un autre utilisateur" #. type: =head1 #: C/sudo.pod:27 C/sudoreplay.pod:22 C/visudo.pod:27 msgid "SYNOPSIS" msgstr "SYNOPSIS" #. type: textblock #: C/sudo.pod:29 msgid "B<sudo> B<-h> | B<-K> | B<-k> | B<-V>" msgstr "B<sudo> B<-h> | B<-K> | B<-k> | B<-V>" #. type: textblock #: C/sudo.pod:31 #, fuzzy #| msgid "" #| "B<sudo> B<-v> [B<-AknS>] S<[B<-a> I<auth_type>]> S<[B<-g> I<group name>|" #| "I<#gid>]> S<[B<-p> I<prompt>]> S<[B<-u> I<username>|I<#uid>]>" msgid "" "B<sudo> B<-v> [B<-AknS>] S<[B<-a> I<auth_type>]> S<[B<-g> I<group name>|" "I<#gid>]> S<[B<-p> I<prompt>]> S<[B<-u> I<user name>|I<#uid>]>" msgstr "" "B<sudo> B<-v> [B<-AknS>] S<[B<-a> I<type d'authentification>]> S<[B<-g> " "I<nom de groupe>|I<#gid>]> S<[B<-p> I<invite>]> S<[B<-u> I<nom " "d'utilisateur>|I<#uid>]>" #. type: textblock #: C/sudo.pod:36 #, fuzzy #| msgid "" #| "B<sudo> B<-l[l]> [B<-AknS>] S<[B<-a> I<auth_type>]> S<[B<-g> I<group " #| "name>|I<#gid>]> S<[B<-p> I<prompt>]> S<[B<-U> I<user name>]> S<[B<-u> " #| "I<user name>|I<#uid>]> [I<command>]" msgid "" "B<sudo> B<-l[l]> [B<-AknS>] S<[B<-a> I<auth_type>]> S<[B<-g> I<group name>|" "I<#gid>]> S<[B<-p> I<prompt>]> S<[B<-U> I<user name>]> S<[B<-u> I<user name>|" "I<#uid>]> [I<command>]" msgstr "" "B<sudo> B<-l[l]> [B<-AknS>] S<[B<-a> I<type d'authentification>]> S<[B<-g> " "I<nom de groupe>|I<#gid>]> S<[B<-p> I<invite>]> S<[B<-U> I<nom " "d'utilisateur>]> S<[B<-u> I<nom d'utilisateur>|I<#uid>]> [I<commande>]" #. type: textblock #: C/sudo.pod:41 #, fuzzy #| msgid "" #| "B<sudo> [B<-AbEHnPS>] S<[B<-a> I<auth_type>]> S<[B<-C> I<fd>]> S<[B<-c> " #| "I<class>|I<->]> S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> S<" #| "[B<-r> I<role>]> S<[B<-t> I<type>]> S<[B<-u> I<user name>|I<#uid>]> S<" #| "[B<VAR>=I<value>]> S<[B<-i> | B<-s>]> [I<command>]" msgid "" "B<sudo> [B<-AbEHnPS>] S<[B<-a> I<auth_type>]> S<[B<-C> I<fd>]> S<[B<-c> " "I<class>|I<->]> S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> S<[B<-" "r> I<role>]> S<[B<-t> I<type>]> S<[B<-u> I<user name>|I<#uid>]> S<" "[B<VAR>=I<value>]> S<[B<-i> | B<-s>]> [I<command>]" msgstr "" "B<sudo> [B<-AbEHnPS>] S<[B<-a> I<type d'authentification>]> S<[B<-C> I<fd>]> " "S<[B<-c> I<classe>|I<->]> S<[B<-g> I<nom de groupe>|I<#gid>]> S<[B<-p> " "I<commande>]> S<[B<-r> I<role>]> S<[B<-t> I<type>]> S<[B<-u> I<nom " "d'utilisateur>|I<#uid>]> S<[B=I<valeur>]> S<[B<-i> | B<-s>]> [I<commande>]" #. type: textblock #: C/sudo.pod:50 #, fuzzy #| msgid "" #| "B<sudoedit> [B<-AnS>] S<[B<-a> I<auth_type>]> S<[B<-C> I<fd>]> S<[B<-c> " #| "I<class>|I<->]> S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> S<" #| "[B<-u> I<user name>|I<#uid>]> file ..." msgid "" "B<sudoedit> [B<-AnS>] S<[B<-a> I<auth_type>]> S<[B<-C> I<fd>]> S<[B<-c> " "I<class>|I<->]> S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]> S<[B<-" "u> I<user name>|I<#uid>]> file ..." msgstr "" "B<sudoedit> [B<-AnS>] S<[B<-a> I<type d'authentification>]> S<[B<-C> I<fd>]> " "S<[B<-c> I<classe>|I<->]> S<[B<-g> I<nom de groupe>|I<#gid>]> S<[B<-p> " "I<invite>]> S<[B<-u> I<nom d'utilisateur>|I<#uid>]> fichier ..." #. type: textblock #: C/sudo.pod:59 msgid "" "B<sudo> allows a permitted user to execute a I<command> as the superuser or " "another user, as specified by the security policy. The real and effective " "uid and gid are set to match those of the target user, as specified in the " "password database, and the group vector is initialized based on the group " "database (unless the B<-P> option was specified)." msgstr "" "B<sudo> permet à un utilisateur autorisé d'exécuter une I<commande> en tant " "que superutilisateur ou bien un autre utilisateur, selon la politique de " "sécurité. Les uid et gid réels et effectifs sont déclarés afin de " "correspondre à ceux de l'utilisateur cible tels que déclarés dans la base " "des mots de passe et le vecteur de groupe est initialisé selon la base des " "groupes (à moins que l'option B<-P> ne soit mentionnée)." #. type: textblock #: C/sudo.pod:66 msgid "" "B<sudo> supports a plugin architecture for security policies and input/" "output logging. Third parties can develop and distribute their own policy " "and I/O logging modules to work seamlessly with the B<sudo> front end. The " "default security policy is I<sudoers>, which is configured via the file " "F<@sysconfdir@/sudoers>, or via LDAP. See the L<PLUGINS> section for more " "information." msgstr "" "B<sudo> dispose d'une architecture à base de greffons pour les politiques de " "sécurité et la journalisation des entrées et sorties. Des modules tiers " "peuvent être développés et distribués pour mettre en Å?uvre leurs propres " "politique de sécurité et journalisation, en s'interfaçant de manière " "transparente avec B<sudo>. La politique par défaut est I<sudoers>, " "configurable à travers le fichier F<@sysconfdir@/sudoers> ou LDAP. Consultez " "la section L<PLUGINS> pour plus d'information." #. type: textblock #: C/sudo.pod:73 #, fuzzy #| msgid "" #| "B<sudo> determines who is an authorized user by consulting the file " #| "F<@sysconfdir@/sudoers>. By running B<sudo> with the B<-v> option, a " #| "user can update the time stamp without running a I<command>. If a " #| "password is required, B<sudo> will exit if the user's password is not " #| "entered within a configurable time limit. The default password prompt " #| "timeout is C<@password_timeout@> minutes." msgid "" "The security policy determines what privileges, if any, a user has to run " "B<sudo>. The policy may require that users authenticate themselves with a " "password or another authentication mechanism. If authentication is " "required, B<sudo> will exit if the user's password is not entered within a " "configurable time limit. This limit is policy-specific; the default " "password prompt timeout for the I<sudoers> security policy is " "C<@password_timeout@> minutes." msgstr "" "B<sudo> détermine qui est un utilisateur autorisé en consultant le fichier " "F<@sysconfdir@/sudoers>. En exécutant B<sudo> avec l'option B<-v>, un " "utilisateur peut mettre à jour l'horodatage sans exécuter une I<commande>. " "Si un mot de passe est requis, B<sudo> quittera si le mot de passe de " "l'utilisateur n'est pas saisi dans une limite de temps configurable. Le " "délai d'expiration par défaut de l'invite de demande de mot de passe est de " "<@password_timeout@> minutes." #. type: textblock #: C/sudo.pod:81 msgid "" "Security policies may support credential caching to allow the user to run " "B<sudo> again for a period of time without requiring authentication. The " "I<sudoers> policy caches credentials for C<@timeout@> minutes, unless " "overridden in L<sudoers(5)>. By running B<sudo> with the B<-v> option, a " "user can update the cached credentials without running a I<command>." msgstr "" #. type: textblock #: C/sudo.pod:88 msgid "" "When invoked as B<sudoedit>, the B<-e> option (described below), is implied." msgstr "" "Lorsque invoqué avec B<sudoedit>, l'option B<-e> (décrite ci-dessous), est " "implicite." #. type: textblock #: C/sudo.pod:91 msgid "" "Security policies may log successful and failed attempts to use B<sudo>. If " "an I/O plugin is configured, the running command's input and output may be " "logged as well." msgstr "" #. type: =head1 #: C/sudo.pod:95 C/sudoreplay.pod:64 C/visudo.pod:64 msgid "OPTIONS" msgstr "OPTIONS" #. type: textblock #: C/sudo.pod:97 msgid "B<sudo> accepts the following command line options:" msgstr "B<sudo> accepte les options de ligne de commande suivants :" #. type: =item #: C/sudo.pod:101 msgid "-A" msgstr "-A" #. type: textblock #: C/sudo.pod:103 msgid "" "Normally, if B<sudo> requires a password, it will read it from the user's " "terminal. If the B<-A> (I<askpass>) option is specified, a (possibly " "graphical) helper program is executed to read the user's password and output " "the password to the standard output. If the C<SUDO_ASKPASS> environment " "variable is set, it specifies the path to the helper program. Otherwise, if " "F<@sysconfdir@/sudo.conf> contains a line specifying the askpass program, " "that value will be used. For example:" msgstr "" "Normalement, si B<sudo> exige un mot de passe, il le lira depuis le terminal " "de l'utilisateur. Si l'option B<-A> (« I<askpass> ») est activée, un " "programme d'aide (pouvant être graphique) est exécuté pour lire le mot de " "passe de l'utilisateur et afficher le mot de passe sur la sortie standard. " "Si la variable d'environnement C<SUDO_ASKPASS> est définie, cela spécifie le " "chemin du programme d'aide. Sinon, la valeur définissant le programme d'aide " "(« askpass ») sera lue depuis F<@sysconfdir@/sudo.conf>. Par exemple :" #. type: verbatim #: C/sudo.pod:112 #, no-wrap msgid "" " # Path to askpass helper program\n" " Path askpass /usr/X11R6/bin/ssh-askpass\n" "\n" msgstr "" " # Chemin vers le programme de demande de mot de passe\n" " Path askpass /usr/X11R6/bin/ssh-askpass\n" "\n" #. type: textblock #: C/sudo.pod:115 msgid "If no askpass program is available, sudo will exit with an error." msgstr "" "Si aucun programme de demande de mot de passe (« askpass ») n'est " "disponible, sudo se terminera en erreur." #. type: =item #: C/sudo.pod:117 msgid "-a I<type>" msgstr "-a I<type>" #. type: textblock #: C/sudo.pod:119 msgid "" "The B<-a> (I<authentication type>) option causes B<sudo> to use the " "specified authentication type when validating the user, as allowed by F</etc/" "login.conf>. The system administrator may specify a list of sudo-specific " "authentication methods by adding an \"auth-sudo\" entry in F</etc/login." "conf>. This option is only available on systems that support BSD " "authentication." msgstr "" "L'option B<-a> (« I<authentication type ») fait que B<sudo> utilise le type " "d'authentification spécifié lors de la validation de l'utilisateur, tel " "qu'autorisé par F</etc/login.conf>. L'administrateur du système peut " "spécifier une liste de méthodes d'authentification sudo-spécifiques en " "ajoutant une entrée \"auth-sudo\" dans F</etc/login.conf>. Cette option est " "disponible uniquement sur les systèmes supportant l'authentification BSD." #. type: =item #: C/sudo.pod:126 msgid "-b" msgstr "-b" #. type: textblock #: C/sudo.pod:128 msgid "" "The B<-b> (I<background>) option tells B<sudo> to run the given command in " "the background. Note that if you use the B<-b> option you cannot use shell " "job control to manipulate the process. Most interactive commands will fail " "to work properly in background mode." msgstr "" "L'option B<-b> (« I<background> ») dit à B<sudo> d'exécuter la commande " "donnée en arrière-plan. Ã? noter que si vous utilisez l'option B<-b>, vous ne " "pouvez pas utiliser une tâche de contrôle en shell pour manipuler le " "processus. La plupart des commandes interactives ne fonctionnent pas " "correctement en arrière-plan." #. type: =item #: C/sudo.pod:134 msgid "-C I<fd>" msgstr "-C I<descripteur de fichier>" #. type: textblock #: C/sudo.pod:136 #, fuzzy #| msgid "" #| "Normally, B<sudo> will close all open file descriptors other than " #| "standard input, standard output and standard error. The B<-C> (I<close " #| "from>) option allows the user to specify a starting point above the " #| "standard error (file descriptor three). Values less than three are not " #| "permitted. This option is only available if the administrator has " #| "enabled the I<closefrom_override> option in L<sudoers(5)>." msgid "" "Normally, B<sudo> will close all open file descriptors other than standard " "input, standard output and standard error. The B<-C> (I<close from>) option " "allows the user to specify a starting point above the standard error (file " "descriptor three). Values less than three are not permitted. The security " "policy may restrict the user's ability to use the B<-C> option. The " "I<sudoers> policy only permits use of the B<-C> option when the " "administrator has enabled the I<closefrom_override> option." msgstr "" "Normalement, B<sudo> fermera tous les descripteurs de fichiers autres que " "l'entrée standard, la sortie standard et l'erreur standard. L'option B<-C> " "(« I<close from> ») permet à l'utilisateur de spécifier un point de départ " "au dessus de l'erreur standard (descripteur de fichier trois). Les valeurs " "en dessous ne sont pas permises. Cette option est uniquement disponible si " "l'administrateur a activé l'option « closefrom_override » dans le fichier " "L<sudoers(5)>." #. type: =item #: C/sudo.pod:145 msgid "-c I<class>" msgstr "-c I<classe>" #. type: textblock #: C/sudo.pod:147 msgid "" "The B<-c> (I<class>) option causes B<sudo> to run the specified command with " "resources limited by the specified login class. The I<class> argument can " "be either a class name as defined in F</etc/login.conf>, or a single '-' " "character. Specifying a I<class> of C<-> indicates that the command should " "be run restricted by the default login capabilities for the user the command " "is run as. If the I<class> argument specifies an existing user class, the " "command must be run as root, or the B<sudo> command must be run from a shell " "that is already root. This option is only available on systems with BSD " "login classes." msgstr "" "L'option B<-c> (I<classe>) fait que B<sudo> exécute la commande spécifiée " "avec des ressources limitées par la classe de connexion précisée. L'argument " "I<classe> peut être soit un nom de classe comme défini dans F</etc/login." "conf> ou simplement le caractère « - ». En spécifiant une I<classe> de type " "C<-> indique que la commande doit être exécutée restreinte par les capacités " "de la classe de connexion par défaut pour l'utilisateur exécutant la " "commande. Si le paramètre I<classe> spécifie une classe utilisateur " "existante, la commande doit être exécutée en tant que superutilisateur, ou " "bien la commande B<sudo> doit être exécutée depuis un interpréteur qui est " "déjà superutilisateur. Cette option n'est valable que sur les systèmes avec " "les classes de connexion BSD." #. type: =item #: C/sudo.pod:157 msgid "-E" msgstr "-E" #. type: textblock #: C/sudo.pod:159 msgid "" "The B<-E> (I<preserve> I<environment>) option indicates to the security " "policy that the user wishes to preserve their existing environment " "variables. The security policy may return an error if the B<-E> option is " "specified and the user does not have permission to preserve the environment." msgstr "" #. type: =item #: C/sudo.pod:165 msgid "-e" msgstr "-e" #. type: textblock #: C/sudo.pod:167 msgid "" "The B<-e> (I<edit>) option indicates that, instead of running a command, the " "user wishes to edit one or more files. In lieu of a command, the string " "\"sudoedit\" is used when consulting the security policy. If the user is " "authorized by the policy, the following steps are taken:" msgstr "" "L'option B<-e> (I<edition>) indique que, au lieu d'exécuter la " "commande, l'utilisateur souhaite éditer un ou plusieurs fichiers. Au lieu " "d'une commande, la chaîne « sudoedit » est utilisée lors de la consultation " "de la politique de sécurité. Si l'utilisateur est autorisé, les mesures " "suivantes sont prises :" #. type: =item #: C/sudo.pod:175 msgid "1." msgstr "1." #. type: textblock #: C/sudo.pod:177 msgid "" "Temporary copies are made of the files to be edited with the owner set to " "the invoking user." msgstr "" "Des copies temporaires des fichiers à éditer sont faites avec comme " "propriétaire défini l'utilisateur appelant." #. type: =item #: C/sudo.pod:180 msgid "2." msgstr "2." #. type: textblock #: C/sudo.pod:182 msgid "" "The editor specified by the policy is run to edit the temporary files. The " "I<sudoers> policy uses the C<SUDO_EDITOR>, C<VISUAL> and C<EDITOR> " "environment variables (in that order). If none of C<SUDO_EDITOR>, C<VISUAL> " "or C<EDITOR> are set, the first program listed in the I<editor> L<sudoers(5)" "> option is used." msgstr "" "L'éditeur spécifié par la politique est exécuté pour éditer les fichiers " "temporaires. La politique I<sudoers> utilise les variables d'environnement " "C<SUDO_EDITOR>, C<VISUAL> et C<EDITOR>, dans cet ordre. Si ni " "C<SUDO_EDITOR>, ni C<VISUAL>, ni C<EDITOR> ne sont définies, le premier " "programme listé dans la variable I<editor> de L<sudoers(5)> est utilisé." #. type: =item #: C/sudo.pod:188 msgid "3." msgstr "3." #. type: textblock #: C/sudo.pod:190 msgid "" "If they have been modified, the temporary files are copied back to their " "original location and the temporary versions are removed." msgstr "" "S'ils ont été modifiés, les fichiers temporaires sont recopiés vers leur " "emplacement d'origine et les versions temporaires sont supprimées." #. type: textblock #: C/sudo.pod:195 msgid "" "If the specified file does not exist, it will be created. Note that unlike " "most commands run by B<sudo>, the editor is run with the invoking user's " "environment unmodified. If, for some reason, B<sudo> is unable to update a " "file with its edited version, the user will receive a warning and the edited " "copy will remain in a temporary file." msgstr "" "Si le fichier spécifié n'existe pas, il sera créé.Ã? noter que contrairement " "à la plupart des commandes exécutées par B<sudo>, l'éditeur est exécuté avec " "l'environnement non modifié de l'utilisateur appelant. Si, pour une " "quelconque raison, B<sudo> est incapable de mettre à jour le fichier avec sa " "version éditée, l'utilisateur recevra un avertissement et la copie éditée " "restera dans un fichier temporaire." #. type: =item #: C/sudo.pod:202 msgid "-g I<group>" msgstr "-g I<groupe>" #. type: textblock #: C/sudo.pod:204 #, fuzzy #| msgid "" #| "Normally, B<sudo> sets the primary group to the one specified by the " #| "passwd database for the user the command is being run as (by default, " #| "root). The B<-g> (I<group>) option causes B<sudo> to run the specified " #| "command with the primary group set to I<group>. To specify a I<gid> " #| "instead of a I<group name>, use I<#gid>. When running commands as a " #| "I<gid>, many shells require that the '#' be escaped with a backslash " #| "('\\'). If no B<-u> option is specified, the command will be run as the " #| "invoking user (not root). In either case, the primary group will be set " #| "to I<group>." msgid "" "Normally, B<sudo> runs a command with the primary group set to the one " "specified by the password database for the user the command is being run as " "(by default, root). The B<-g> (I<group>) option causes B<sudo> to run the " "command with the primary group set to I<group> instead. To specify a I<gid> " "instead of a I<group name>, use I<#gid>. When running commands as a I<gid>, " "many shells require that the '#' be escaped with a backslash ('\\'). If no " "B<-u> option is specified, the command will be run as the invoking user (not " "root). In either case, the primary group will be set to I<group>." msgstr "" "Normalement, B<sudo> définit pour l'utilisateur exécutant la commande le " "groupe principal avec celui spécifié dans la base de données de mots de " "passe (par défaut, le superutilisateur). L'option B<-g> (I<groupe>) amène " "B<sudo> à exécuter la commande spécifiée avec le groupe principal défini " "avec I<groupe>. Pour spécifier un I<identifiant numérique de groupe ou " "« gid »> au lieu d'un I<nom de groupe>, il faut utiliser la syntaxe I<#gid>. " "En exécutant des commandes avec un I<identifiant numérique de groupe>, " "beaucoup d'interpéteurs requièrent que le « # » soit échappé avec une barre " "oblique inversée (« \\ »).Si l'option B<-u> n'est pas spécifiée, la commande " "sera exécutée en tant que l'utilisateur appelant (et non le super " "utilisateur). Dans les deux cas, le groupe principal sera défini avec " "I<groupe>." #. type: =item #: C/sudo.pod:214 msgid "-H" msgstr "-H" #. type: textblock #: C/sudo.pod:216 msgid "" "The B<-H> (I<HOME>) option requests that the security policy set the C<HOME> " "environment variable to the home directory of the target user (root by " "default) as specified by the password database. Depending on the policy, " "this may be the default behavior." msgstr "" #. type: =item #: C/sudo.pod:221 C/sudoreplay.pod:83 C/visudo.pod:88 msgid "-h" msgstr "-h" #. type: textblock #: C/sudo.pod:223 msgid "" "The B<-h> (I<help>) option causes B<sudo> to print a short help message to " "the standard output and exit." msgstr "" "L'option B<-h> (I<help>) affiche un court message d'aide sur la sortie " "standard, puis le programme s'arrête." #. type: =item #: C/sudo.pod:226 msgid "-i [command]" msgstr "-i [commande]" #. type: textblock #: C/sudo.pod:228 #, fuzzy #| msgid "" #| "The B<-i> (I<simulate initial login>) option runs the shell specified in " #| "the L<passwd(5)> entry of the target user as a login shell. This means " #| "that login-specific resource files such as C<.profile> or C<.login> will " #| "be read by the shell. If a command is specified, it is passed to the " #| "shell for execution. Otherwise, an interactive shell is executed. " #| "B<sudo> attempts to change to that user's home directory before running " #| "the shell. It also initializes the environment, leaving I<DISPLAY> and " #| "I<TERM> unchanged, setting I<HOME>, I<MAIL>, I<SHELL>, I<USER>, " #| "I<LOGNAME>, and I<PATH>, as well as the contents of F</etc/environment> " #| "on Linux and AIX systems. All other environment variables are removed." msgid "" "The B<-i> (I<simulate initial login>) option runs the shell specified by the " "password database entry of the target user as a login shell. This means " "that login-specific resource files such as C<.profile> or C<.login> will be " "read by the shell. If a command is specified, it is passed to the shell for " "execution via the shell's B<-c> option. If no command is specified, an " "interactive shell is executed. B<sudo> attempts to change to that user's " "home directory before running the shell. The security policy shall " "initialize the environment to a minimal set of variables, similar to what is " "present when a user logs in. The I<Command Environment> section in the " "L<sudoers(5)> manual documents how the B<-i> option affects the environment " "in which a command is run when the I<sudoers> policy is in use." msgstr "" "L'option B<-i> (« I<simulate initial login> » ce qui signifie simulation de " "première connexion) exécute l'interpréteur spécifié dans l'entrée du fichier " "L<passwd(5)> de l'utilisateur cible en tant que shell de connexion. Cela " "signifie que les fichiers spécifiques de cette ressource de connexion tels " "que C<.profile> ou C<.login> seront lus par l'interpréteur. Si une commande " "est spécifiée, elle est passée à l'interpréteur pour exécution. Autrement, " "un interpréteur interactif est exécuté. B<sudo> tente de changer vers le " "répertoire d'accueil de cet utilisateur avant d'exécuter l'interpréteur. Il " "initialise également l'environnement, laissant I<DISPLAY> et I<TERM> " "inchangés, paramétrant I<HOME>, I<MAIL>, I<SHELL>, I<USER>, I<LOGNAME>, et " "I<PATH> ainsi que le contenu de F</etc/environment> sur les systèmes Linux " "et AIX. Toutes les autres variables d'environnement sont supprimées." #. type: =item #: C/sudo.pod:242 msgid "-K" msgstr "-K" # je ne traduis pas le sure ca semblerait bizzare sur la traduction francaise. #. type: textblock #: C/sudo.pod:244 #, fuzzy #| msgid "" #| "The B<-K> (sure I<kill>) option is like B<-k> except that it removes the " #| "user's time stamp entirely and may not be used in conjunction with a " #| "command or other option. This option does not require a password." msgid "" "The B<-K> (sure I<kill>) option is like B<-k> except that it removes the " "user's cached credentials entirely and may not be used in conjunction with a " "command or other option. This option does not require a password. Not all " "security policies support credential caching." msgstr "" "L'option B<-K> (« I<kill> » ce qui signifie tuer) est comme B<-k> sauf " "qu'elle supprime entièrement l'horodatage de l'utilisateur et ne doit pas " "être utilisée avec une commande ou une autre option. Cette option n'exige " "pas de mot de passe." #. type: =item #: C/sudo.pod:250 msgid "-k [command]" msgstr "-k [commande]" #. type: textblock #: C/sudo.pod:252 #, fuzzy #| msgid "" #| "When used by itself, the B<-k> (I<kill>) option to B<sudo> invalidates " #| "the user's time stamp by setting the time on it to the Epoch. The next " #| "time B<sudo> is run a password will be required. This option does not " #| "require a password and was added to allow a user to revoke B<sudo> " #| "permissions from a .logout file." msgid "" "When used alone, the B<-k> (I<kill>) option to B<sudo> invalidates the " "user's cached credentials. The next time B<sudo> is run a password will be " "required. This option does not require a password and was added to allow a " "user to revoke B<sudo> permissions from a .logout file. Not all security " "policies support credential caching." msgstr "" "Lorsque utilisée par lui-même, l'option B<-k> (« I<kill> » ce qui signifie " "tuer) de sudo invalide l'horodatage de l'utilisateur en paramétrant le temps " "sur celui ci avec l'Epoque. La prochaine fois que B<sudo> est exécuté, un " "mot de passe sera requis. Cette option n'exige pas de mot de passe et fut " "ajoutée pour permettre à un utilisateur de révoquer les permissions de " "B<sudo> depuis un fichier .logout." #. type: textblock #: C/sudo.pod:259 #, fuzzy #| msgid "" #| "When used in conjunction with a command or an option that may require a " #| "password, the B<-k> option will cause B<sudo> to ignore the user's time " #| "stamp file. As a result, B<sudo> will prompt for a password (if one is " #| "required by I<sudoers>) and will not update the user's time stamp file." msgid "" "When used in conjunction with a command or an option that may require a " "password, the B<-k> option will cause B<sudo> to ignore the user's cached " "credentials. As a result, B<sudo> will prompt for a password (if one is " "required by the security policy) and will not update the user's cached " "credentials." msgstr "" "Lorsque utilisée en conjonction avec une commande ou une option qui peut " "requérir un mot de passe, l'option B<-k> fait que B<sudo> ignorera le " "fichier d'horodatage de l'utilisateur. En conséquence, B<sudo> demandera un " "mot de passe (si un est requis par I<sudoers>) et ne mettra pas à jour le " "fichier d'horodatage de l'utilisateur." #. type: =item #: C/sudo.pod:265 msgid "-l[l] [I<command>]" msgstr "-l[l] [I<commande>]" #. type: textblock #: C/sudo.pod:267 #, fuzzy #| msgid "" #| "If no I<command> is specified, the B<-l> (I<list>) option will list the " #| "allowed (and forbidden) commands for the invoking user (or the user " #| "specified by the B<-U> option) on the current host. If a I<command> is " #| "specified and is permitted by I<sudoers>, the fully-qualified path to the " #| "command is displayed along with any command line arguments. If " #| "I<command> is specified but not allowed, B<sudo> will exit with a status " #| "value of 1. If the B<-l> option is specified with an B<l> argument (i.e. " #| "B<-ll>), or if B<-l> is specified multiple times, a longer list format is " #| "used." msgid "" "If no I<command> is specified, the B<-l> (I<list>) option will list the " "allowed (and forbidden) commands for the invoking user (or the user " "specified by the B<-U> option) on the current host. If a I<command> is " "specified and is permitted by the security policy, the fully-qualified path " "to the command is displayed along with any command line arguments. If " "I<command> is specified but not allowed, B<sudo> will exit with a status " "value of 1. If the B<-l> option is specified with an B<l> argument (i.e. B<-" "ll>), or if B<-l> is specified multiple times, a longer list format is used." msgstr "" "Si aucune I<command> n'est spécifiée, l'option B<-l> (I<lister>) listera les " "commandes autorisées (et interdites) pour l'utilisateur appelant (ou bien " "l'utilisateur spécifié par l'option B<-U> option) sur l'hôte courant. Si une " "I<commande> est spécifiée et est permise par I<sudoers>, le chemin " "pleinement qualifié de la commande est affiché accompagné des arguments de " "la ligne de commande. Si une I<commande> est spécifiée mais non autorisée, " "B<sudo> sortira avec une valeur d'état de 1. Si l'option B<-l> est spécifiée " "avec un argument B<<l> (i.e. B<-ll>) ou si B<-l> est spécifié plusieurs " "fois, a format de liste plus long est utilisé." #. type: =item #: C/sudo.pod:277 msgid "-n" msgstr "-n" #. type: textblock #: C/sudo.pod:279 msgid "" "The B<-n> (I<non-interactive>) option prevents B<sudo> from prompting the " "user for a password. If a password is required for the command to run, " "B<sudo> will display an error messages and exit." msgstr "" "L'option B<-n> (I<non-interactif>) empêche B<sudo> de demander à " "l'utilisateur un mot de passe. Si un mot de passe est requis pour que la " "commande soit exécutée, B<sudo> affichera un message d'erreur et sortira." #. type: =item #: C/sudo.pod:283 msgid "-P" msgstr "-P" #. type: textblock #: C/sudo.pod:285 #, fuzzy #| msgid "" #| "The B<-P> (I<preserve> I<group vector>) option causes B<sudo> to preserve " #| "the invoking user's group vector unaltered. By default, B<sudo> will " #| "initialize the group vector to the list of groups the target user is in. " #| "The real and effective group IDs, however, are still set to match the " #| "target user." msgid "" "The B<-P> (I<preserve> I<group vector>) option causes B<sudo> to preserve " "the invoking user's group vector unaltered. By default, the I<sudoers> " "policy will initialize the group vector to the list of groups the target " "user is in. The real and effective group IDs, however, are still set to " "match the target user." msgstr "" "L'option B<-P> (I<préserver> le I<vecteur de groupe>) fait que B<sudo> " "préserve le vecteur de groupe de l'utilisateur appelant inchangé. Par " "défaut, B<sudo> initialisera le vecteur de groupe avec la liste de groupes " "dans lesquels est l'utilisateur. Les réels et effectifs identifiants de " "groupe, cependant, sont toujours définis pour correspondre à l'utilisateur " "cible." #. type: =item #: C/sudo.pod:291 msgid "-p I<prompt>" msgstr "-p I<invite>" #. type: textblock #: C/sudo.pod:293 msgid "" "The B<-p> (I<prompt>) option allows you to override the default password " "prompt and use a custom one. The following percent (`C<%>') escapes are " "supported by the I<sudoers> policy:" msgstr "" "L'option B<-p> (« I<prompt> » ce qui signifie invite) vous permet de " "surcharger l'invite de mot passe par défaut par une personnalisée. Les " "échappements pour-cent (« C<%> ») suivants sont pris en charge par la " "politique I<sudoers> :" #. type: textblock #: C/sudo.pod:301 msgid "" "expanded to the host name including the domain name (on if the machine's " "host name is fully qualified or the I<fqdn> option is set in L<sudoers(5)>)" msgstr "" "élargi jusqu'au nom d'hôte incluant le nom de domaine (uniquement si le nom " "d'hôte de la machine est pleinement qualifié ou si l'option I<fqdn> est " "activée dans L<sudoers(5)>)" #. type: textblock #: C/sudo.pod:311 msgid "" "expanded to the name of the user whose password is being requested (respects " "the I<rootpw>, I<targetpw> and I<runaspw> flags in L<sudoers(5)>)" msgstr "" #. type: textblock #: C/sudo.pod:317 #, fuzzy #| msgid "Set to the target user (root unless the B<-u> option is specified)" msgid "" "expanded to the login name of the user the command will be run as (defaults " "to root unless the C<-u> option is also specified)" msgstr "" "Défini avec l'utilisateur cible (le superutilisateur à moins que l'option B<-" "u> ne soit précisée)" #. type: textblock #: C/sudo.pod:330 msgid "" "The prompt specified by the B<-p> option will override the system password " "prompt on systems that support PAM unless the I<passprompt_override> flag is " "disabled in I<sudoers>." msgstr "" "L'invite spécifiée par l'option B<-p> surchargera l'invite du mot de passe " "système sur les systèmes supportant PAM à moins que le drapeau " "I<passprompt_override> ne soit désactivé dans I<sudoers>." #. type: =item #: C/sudo.pod:334 msgid "-r I<role>" msgstr "-r I<rôle>" #. type: textblock #: C/sudo.pod:336 msgid "" "The B<-r> (I<role>) option causes the new (SELinux) security context to have " "the role specified by I<role>." msgstr "" "L'option B<-r> (I<rôle>) fait que le nouveau contexte de sécurité (SELinux) " "a le rôle spécifié par I<rôle>." #. type: =item #: C/sudo.pod:339 msgid "-S" msgstr "-S" #. type: textblock #: C/sudo.pod:341 msgid "" "The B<-S> (I<stdin>) option causes B<sudo> to read the password from the " "standard input instead of the terminal device. The password must be " "followed by a newline character." msgstr "" "L'option B<-S> (« I<stdin> » ce qui signifie entrée standard) fait que " "B<sudo> lit le mot de passe depuis l'entrée standard au lieu du périphérique " "terminal. Le mot de passe doit être suivi du caractère de nouvelle ligne." #. type: =item #: C/sudo.pod:345 msgid "-s [command]" msgstr "-s [commande]" #. type: textblock #: C/sudo.pod:347 msgid "" "The B<-s> (I<shell>) option runs the shell specified by the I<SHELL> " "environment variable if it is set or the shell as specified in the password " "database. If a command is specified, it is passed to the shell for " "execution via the shell's B<-c> option. If no command is specified, an " "interactive shell is executed." msgstr "" "L'option B<-s> (« I<shell> » ce qui signifie interpréteur) exécute " "l'interpréteur spécifié par la variable d'environnement I<SHELL> si elle est " "définie ou bien l'interpréteur indiqué par la base des mots de passe. Si une " "commande est spécifiée, elle est passée à l'interpréteur pour exécution avec " "l'option B<-c>. Sinon, un interpréteur interactif est exécuté." #. type: =item #: C/sudo.pod:353 msgid "-t I<type>" msgstr "-t I<type>" #. type: textblock #: C/sudo.pod:355 msgid "" "The B<-t> (I<type>) option causes the new (SELinux) security context to have " "the type specified by I<type>. If no type is specified, the default type is " "derived from the specified role." msgstr "" "L'option B<-t> (I<type>) fait que le nouveau contexte de sécurité (SELinux) " "a le type spécifié par I<type>. Si aucun type n'est spécifié, le type par " "défaut est dérivé du rôle spécifié." #. type: =item #: C/sudo.pod:359 msgid "-U I<user>" msgstr "-U I<utilisateur>" #. type: textblock #: C/sudo.pod:361 #, fuzzy #| msgid "" #| "The B<-U> (I<other user>) option is used in conjunction with the B<-l> " #| "option to specify the user whose privileges should be listed. Only root " #| "or a user with B<sudo> C<ALL> on the current host may use this option." msgid "" "The B<-U> (I<other user>) option is used in conjunction with the B<-l> " "option to specify the user whose privileges should be listed. The security " "policy may restrict listing other users' privileges. The I<sudoers> policy " "only allows root or a user with the C<ALL> privilege on the current host to " "use this option." msgstr "" "L'option -U (I<autre utilisateur>) est utilisée en conjonction avec l'option " "B<-l> pour spécifier l'utilisateur dont les privilèges doivent être listés. " "Uniquement le superutilisateur ou un utilisateur avec B<sudo> C<ALL> sur " "l'hôte courant peuvent utiliser cette option." #. type: =item #: C/sudo.pod:367 msgid "-u I<user>" msgstr "-u I<utilisateur>" #. type: textblock #: C/sudo.pod:369 #, fuzzy #| msgid "" #| "The B<-u> (I<user>) option causes B<sudo> to run the specified command as " #| "a user other than I<root>. To specify a I<uid> instead of a I<user " #| "name>, use I<#uid>. When running commands as a I<uid>, many shells " #| "require that the '#' be escaped with a backslash ('\\'). Note that if " #| "the I<targetpw> Defaults option is set (see L<sudoers(5)>) it is not " #| "possible to run commands with a uid not listed in the password database." msgid "" "The B<-u> (I<user>) option causes B<sudo> to run the specified command as a " "user other than I<root>. To specify a I<uid> instead of a I<user name>, use " "I<#uid>. When running commands as a I<uid>, many shells require that the " "'#' be escaped with a backslash ('\\'). Security policies may restrict " "I<uid>s to those listed in the password database. The I<sudoers> policy " "allows I<uid>s that are not in the password database as long as the " "I<targetpw> option is not set. Other security policies may not support this." msgstr "" "L'option B<-u> (I<utilisateur>) fait que B<sudo> exécute la commande " "spécifiée en tant qu'un utilisateur autre que le I<superutilisateur>. Pour " "spécifier un I<identifiant utilisateur> (ou « uid ») au lieu d'un I<nom " "d'utilisateur>, il faut utiliser I<#uid>. Lors de l'exécution des commandes " "en tant qu'un utilisateur défini par un I<uid>, certains interpréteurs " "requièrent que le « # » soit échappé avec une barre penchée inversée " "(« \\ »). A noter que si l'option I<targetpw> de la section « Defaults » est " "définie (voir L<sudoers(5)>), il n'est pas possible d'exécuter des commandes " "avec un identifiant utilisateur non listé dans la base de données des mots " "de passe." #. type: =item #: C/sudo.pod:378 C/sudoreplay.pod:172 C/visudo.pod:107 msgid "-V" msgstr "-V" #. type: textblock #: C/sudo.pod:380 #, fuzzy #| msgid "" #| "The B<-V> (I<version>) option causes B<sudo> to print the version number " #| "and exit. If the invoking user is already root the B<-V> option will " #| "print out a list of the defaults B<sudo> was compiled with as well as the " #| "machine's local network addresses." msgid "" "The B<-V> (I<version>) option causes B<sudo> to print its version string and " "the version string of the security policy plugin and any I/O plugins. If " "the invoking user is already root the B<-V> option will display the " "arguments passed to configure when I<sudo> was built and plugins may display " "more verbose information such as default options." msgstr "" "L'option B<-V> (I<version>) fait que B<sudo> affiche le numéro de version et " "quitte. Si l'utilisateur appelant est déjà superutilisateur, l'option B<-V> " "affichera une liste des options par défaut avec lesquelles B<sudo> a été " "compilé ainsi que les adresses réseau locales de la machine. " #. type: =item #: C/sudo.pod:387 msgid "-v" msgstr "-v" #. type: textblock #: C/sudo.pod:389 #, fuzzy #| msgid "" #| "If given the B<-v> (I<validate>) option, B<sudo> will update the user's " #| "time stamp, prompting for the user's password if necessary. This extends " #| "the B<sudo> timeout for another C<@timeout@> minutes (or whatever the " #| "timeout is set to in I<sudoers>) but does not run a command." msgid "" "When given the B<-v> (I<validate>) option, B<sudo> will update the user's " "cached credentials, authenticating the user's password if necessary. For " "the I<sudoers> plugin, this extends the B<sudo> timeout for another " "C<@timeout@> minutes (or whatever the timeout is set to in I<sudoers>) but " "does not run a command. Not all security policies support cached " "credentials." msgstr "" "Si l'option B<-v> (I<valider>) est donnée, B<sudo> mettra à jour " "l'horodatage de l'utilisateur, demandant le mot de passe de l'utilisateur si " "nécessaire. Ceci étend, le délais d'expiration de B<sudo> pour C<@timeout@> " "minutes supplémentaires (ou quelque soit le délais d'expiration défini dans " "I<sudoers>) mais n'exécute pas de commande." #. type: =item #: C/sudo.pod:396 msgid "--" msgstr "--" #. type: textblock #: C/sudo.pod:398 msgid "" "The B<--> option indicates that B<sudo> should stop processing command line " "arguments." msgstr "" "L'option B<--> indique que B<sudo> doit cesser de traiter les arguments de " "la ligne de commande." #. type: textblock #: C/sudo.pod:403 #, fuzzy #| msgid "" #| "Environment variables to be set for the command may also be passed on the " #| "command line in the form of B<VAR>=I<value>, e.g. B<LD_LIBRARY_PATH>=I</" #| "usr/local/pkg/lib>. Variables passed on the command line are subject to " #| "the same restrictions as normal environment variables with one important " #| "exception. If the I<setenv> option is set in I<sudoers>, the command to " #| "be run has the C<SETENV> tag set or the command matched is C<ALL>, the " #| "user may set variables that would overwise be forbidden. See L<sudoers(5)" #| "> for more information." msgid "" "Environment variables to be set for the command may also be passed on the " "command line in the form of B<VAR>=I<value>, e.g. B<LD_LIBRARY_PATH>=I</usr/" "local/pkg/lib>. Variables passed on the command line are subject to the " "same restrictions as normal environment variables with one important " "exception. If the I<setenv> option is set in I<sudoers>, the command to be " "run has the C<SETENV> tag set or the command matched is C<ALL>, the user may " "set variables that would otherwise be forbidden. See L<sudoers(5)> for more " "information." msgstr "" "Les variables d'environnement à définir pour la commande peuvent être " "passées sur la ligne de commande sous la forme B<VAR>=I<valeur>, e.g. " "B<LD_LIBRARY_PATH>=I</usr/local/pkg/lib>. Les variables passées sur la ligne " "de commande sont sujettes aux mêmes restrictions que les variables " "d'environnement avec une exception importante. Si l'option I<setenv> est " "définie dans I<sudoers>, la commande a exécuter a la balise C<SETENV> " "définie ou si la commande assortie est C<ALL>, l'utilisateur peut définir " "les variables qui seraient autrement interdites. Voir <sudoers(5)> pour plus " "d'information." #. type: =head1 #: C/sudo.pod:412 msgid "PLUGINS" msgstr "GREFFONS" #. type: textblock #: C/sudo.pod:414 msgid "" "Plugins are dynamically loaded based on the contents of the F<@sysconfdir@/" "sudo.conf> file. If no F<@sysconfdir@/sudo.conf> file is present, or it " "contains no C<Plugin> lines, B<sudo> will use the traditional I<sudoers> " "security policy and I/O logging, which corresponds to the following " "F<@sysconfdir@/sudo.conf> file." msgstr "" #. type: textblock #: C/sudo.pod:439 msgid "" "A C<Plugin> line consists of the C<Plugin> keyword, followed by the " "I<symbol_name> and the I<path> to the shared object containing the plugin. " "The I<symbol_name> is the name of the C<struct policy_plugin> or C<struct " "io_plugin> in the plugin shared object. The I<path> may be fully qualified " "or relative. If not fully qualified it is relative to the F<@prefix@/" "libexec> directory. Any additional parameters after the I<path> are passed " "as arguments to the plugin's I<open> function. Lines that don't begin with " "C<Plugin>, C<Path>, C<Debug> or C<Set> are silently ignored." msgstr "" #. type: textblock #: C/sudo.pod:449 msgid "For more information, see the L<sudo_plugin(8)> manual." msgstr "" #. type: =head1 #: C/sudo.pod:451 #, fuzzy #| msgid "C<PATH>" msgid "PATHS" msgstr "C<PATH>" #. type: textblock #: C/sudo.pod:453 msgid "" "A C<Path> line consists of the C<Path> keyword, followed by the name of the " "path to set and its value. E.g." msgstr "" "Une ligne C<Path> contient le mot-clé C<Path> suivi du chemin à configurer " "puis sa valeur. Par exemple :" #. type: verbatim #: C/sudo.pod:456 #, no-wrap msgid "" " Path noexec @noexec_file@\n" " Path askpass /usr/X11R6/bin/ssh-askpass\n" "\n" msgstr "" " Path noexec @noexec_file@\n" " Path askpass /usr/X11R6/bin/ssh-askpass\n" "\n" #. type: textblock #: C/sudo.pod:459 msgid "" "The following plugin-agnostic paths may be set in the F<@sysconfdir@/sudo." "conf> file." msgstr "" "Les chemins suivants sont applicables à tous les greffons et peuvent être " "configurés dans le fichier F<@sysconfdir@/sudo.conf>." #. type: =item #: C/sudo.pod:464 msgid "askpass" msgstr "askpass" #. type: textblock #: C/sudo.pod:466 msgid "" "The fully qualified path to a helper program used to read the user's " "password when no terminal is available. This may be the case when B<sudo> " "is executed from a graphical (as opposed to text-based) application. The " "program specified by I<askpass> should display the argument passed to it as " "the prompt and write the user's password to the standard output. The value " "of I<askpass> may be overridden by the C<SUDO_ASKPASS> environment variable." msgstr "" #. type: textblock #: C/sudo.pod:476 msgid "" "The fully-qualified path to a shared library containing dummy versions of " "the execv(), execve() and fexecve() library functions that just return an " "error. This is used to implement the I<noexec> functionality on systems " "that support C<LD_PRELOAD> or its equivalent. Defaults to F<@noexec_file@>." msgstr "" #. type: textblock #: C/sudo.pod:486 msgid "" "B<sudo> versions 1.8.4 and higher support a flexible debugging framework " "that can help track down what B<sudo> is doing internally if there is a " "problem." msgstr "" #. type: textblock #: C/sudo.pod:490 msgid "" "A C<Debug> line consists of the C<Debug> keyword, followed by the name of " "the program to debug (B<sudo>, B<visudo>, B<sudoreplay>), the debug file " "name and a comma-separated list of debug flags. The debug flag syntax used " "by B<sudo> and the I<sudoers> plugin is I<subsystem>@I<priority> but the " "plugin is free to use a different format so long as it does not include a " "command C<,>." msgstr "" #. type: textblock #: C/sudo.pod:497 msgid "For instance:" msgstr "Par exemple :" #. type: verbatim #: C/sudo.pod:499 #, no-wrap msgid "" " Debug sudo /var/log/sudo_debug all@warn,plugin@info\n" "\n" msgstr "" " Debug sudo /var/log/sudo_debug all@warn,plugin@info\n" "\n" #. type: textblock #: C/sudo.pod:501 msgid "" "would log all debugging statements at the I<warn> level and higher in " "addition to those at the I<info> level for the plugin subsystem." msgstr "" #. type: textblock #: C/sudo.pod:504 msgid "" "Currently, only one C<Debug> entry per program is supported. The C<sudo> " "C<Debug> entry is shared by the B<sudo> front end, B<sudoedit> and the " "plugins. A future release may add support for per-plugin C<Debug> lines and/" "or support for multiple debugging files for a single program." msgstr "" #. type: textblock #: C/sudo.pod:510 msgid "" "The priorities used by the B<sudo> front end, in order of decreasing " "severity, are: I<crit>, I<err>, I<warn>, I<notice>, I<diag>, I<info>, " "I<trace> and I<debug>. Each priority, when specified, also includes all " "priorities higher than it. For example, a priority of I<notice> would " "include debug messages logged at I<notice> and higher." msgstr "" #. type: textblock #: C/sudo.pod:516 msgid "The following subsystems are used by B<sudo>:" msgstr "Les sous-systèmes suivants sont utilisés par B<sudo> :" #. type: =item #: C/sudo.pod:524 msgid "I<args>" msgstr "I<args>" #. type: textblock #: C/sudo.pod:526 msgid "command line argument processing" msgstr "" #. type: =item #: C/sudo.pod:528 msgid "I<conv>" msgstr "I<conv>" #. type: textblock #: C/sudo.pod:530 msgid "user conversation" msgstr "" #. type: =item #: C/sudo.pod:532 msgid "I<edit>" msgstr "I<edit>" #. type: textblock #: C/sudo.pod:534 msgid "sudoedit" msgstr "" #. type: =item #: C/sudo.pod:536 msgid "I<exec>" msgstr "I<exec>" #. type: textblock #: C/sudo.pod:538 msgid "command execution" msgstr "" #. type: =item #: C/sudo.pod:540 msgid "I<main>" msgstr "I<main>" #. type: textblock #: C/sudo.pod:542 msgid "B<sudo> main function" msgstr "" #. type: =item #: C/sudo.pod:548 msgid "I<pcomm>" msgstr "I<pcomm>" #. type: textblock #: C/sudo.pod:550 msgid "communication with the plugin" msgstr "communication avec le plugin" #. type: textblock #: C/sudo.pod:554 msgid "plugin configuration" msgstr "configuration de plugin" #. type: =item #: C/sudo.pod:560 msgid "I<selinux>" msgstr "I<selinux>" #. type: textblock #: C/sudo.pod:562 msgid "SELinux-specific handling" msgstr "" #. type: =item #: C/sudo.pod:568 msgid "I<utmp>" msgstr "I<utmp>" #. type: textblock #: C/sudo.pod:570 msgid "utmp handling" msgstr "" #. type: =head1 #: C/sudo.pod:574 msgid "RETURN VALUES" msgstr "VALEURS DE RETOUR" #. type: textblock #: C/sudo.pod:576 msgid "" "Upon successful execution of a program, the exit status from B<sudo> will " "simply be the exit status of the program that was executed." msgstr "" "Sur exécution avec succès d'un programme, l'état de sortie de B<sudo> sera " "simplement l'état de sortie du programme qui a été exécuté." #. type: textblock #: C/sudo.pod:579 #, fuzzy #| msgid "" #| "Otherwise, B<sudo> quits with an exit value of 1 if there is a " #| "configuration/permission problem or if B<sudo> cannot execute the given " #| "command. In the latter case the error string is printed to stderr. If " #| "B<sudo> cannot L<stat(2)> one or more entries in the user's C<PATH> an " #| "error is printed on stderr. (If the directory does not exist or if it is " #| "not really a directory, the entry is ignored and no error is printed.) " #| "This should not happen under normal circumstances. The most common " #| "reason for L<stat(2)> to return \"permission denied\" is if you are " #| "running an automounter and one of the directories in your C<PATH> is on a " #| "machine that is currently unreachable." msgid "" "Otherwise, B<sudo> exits with a value of 1 if there is a configuration/" "permission problem or if B<sudo> cannot execute the given command. In the " "latter case the error string is printed to the standard error. If B<sudo> " "cannot L<stat(2)> one or more entries in the user's C<PATH>, an error is " "printed on stderr. (If the directory does not exist or if it is not really " "a directory, the entry is ignored and no error is printed.) This should not " "happen under normal circumstances. The most common reason for L<stat(2)> to " "return \"permission denied\" is if you are running an automounter and one of " "the directories in your C<PATH> is on a machine that is currently " "unreachable." msgstr "" "Autrement, B<sudo> quitte avec une valeur de sortie de 1 s''il y a un " "problème de configuration/permission ou si B<sudo> ne peut pas exécuter la " "commande donnée. Dans ce deuxième cas, la chaîne d'erreur est imprimée sur " "l'erreur standard. So B<sudo> ne peut pas exécuter L<stat(2)> sur une ou " "plusieurs entrées définies dans le C<PATH> de l'utilisateur, une erreur est " "affichée sur l'erreur standard. (Si le répertoire n'existe pas ou bien si ce " "n'est pas réellement un répertoire, l'entrée est ignorée et aucune erreur " "n'est affichée). Ceci ne devrait pas arriver dans des circonstances " "normales. La raison la plus commune pour L<stat(2)> de retourner " "\"Permission non accordée\" est si vous exécutez un monteur automatique et " "qu'un des répertoires définis dans votre variable d'environnement C<PATH> " "est sur une machine qui est actuellement inaccessible." #. type: textblock #: C/sudo.pod:593 msgid "B<sudo> tries to be safe when executing external commands." msgstr "" "B<sudo> essaye d'être sans danger lors de l'exécution de commandes externes." #. type: textblock #: C/sudo.pod:595 #, fuzzy msgid "" "To prevent command spoofing, B<sudo> checks \".\" and \"\" (both denoting " "current directory) last when searching for a command in the user's PATH (if " "one or both are in the PATH). Note, however, that the actual C<PATH> " "environment variable is I<not> modified and is passed unchanged to the " "program that B<sudo> executes." msgstr "" "Pour empêcher l'usurpation de commande, B<sudo> contrôle en dernier « . » et " "«» (les deux indiquant le répertoire courant) lors de la recherche d'une " "commande dans les chemins définis dans la variable d'environnement PATH de " "l'utilisateur. A noter, cependant que cette variable d'environnement C<PATH> " "est modifiée plus loin dans Debian en raison de l'utilisation de l'option de " "construction I<SECURE_PATH>." #. type: textblock #: C/sudo.pod:601 #, fuzzy #| msgid "" #| "Please note that B<sudo> will normally only log the command it explicitly " #| "runs. If a user runs a command such as C<sudo su> or C<sudo sh>, " #| "subsequent commands run from that shell will I<not> be logged, nor will " #| "B<sudo>'s access control affect them. The same is true for commands that " #| "offer shell escapes (including most editors). Because of this, care must " #| "be taken when giving users access to commands via B<sudo> to verify that " #| "the command does not inadvertently give the user an effective root " #| "shell. For more information, please see the C<PREVENTING SHELL ESCAPES> " #| "section in L<sudoers(5)>." msgid "" "Please note that B<sudo> will normally only log the command it explicitly " "runs. If a user runs a command such as C<sudo su> or C<sudo sh>, subsequent " "commands run from that shell are not subject to B<sudo>'s security policy. " "The same is true for commands that offer shell escapes (including most " "editors). If I/O logging is enabled, subsequent commands will have their " "input and/or output logged, but there will not be traditional logs for those " "commands. Because of this, care must be taken when giving users access to " "commands via B<sudo> to verify that the command does not inadvertently give " "the user an effective root shell. For more information, please see the " "C<PREVENTING SHELL ESCAPES> section in L<sudoers(5)>." msgstr "" "A noter que B<sudo> n'enregistrera normalement dans les journaux systèmes " "que les commandes qu'il lance explicitement. Si un utilisateur exécute une " "commande telle que C<sudo su> ou C<sudo sh>, les commandes suivantes " "exécutées depuis cet interpréteur ne seront I<pas> enregistrées et ne seront " "affectées par aucun contrôle d'accès de B<sudo>. La même chose est vraie " "pour les commandes qui offre un mécanisme d'échappement de l'interpréteur " "(Inclus dans la plupart des éditeurs). Pour cette raison, en donnant des " "accès aux utilisateurs à des commandes par B<sudo>, il faut prendre comme " "précaution de vérifier que la commande ne donne pas par inadvertance à " "l'utilisateur un interpréteur superutilisateur effectif. Pour plus " "d'informations, veuillez consulter la section C<PRÃ?VENIR LES Ã?CHAPPEMENTS " "D'UN INTERPRÃ?TEUR> dans L<sudoers(5)>." #. type: textblock #: C/sudo.pod:613 msgid "" "To prevent the disclosure of potentially sensitive information, B<sudo> " "disables core dumps by default while it is executing (they are re-enabled " "for the command that is run). To aid in debugging B<sudo> crashes, you may " "wish to re-enable core dumps by setting \"disable_coredump\" to false in the " "F<@sysconfdir@/sudo.conf> file." msgstr "" #. type: verbatim #: C/sudo.pod:619 #, no-wrap msgid "" " Set disable_coredump false\n" "\n" msgstr "" " Set disable_coredump false\n" "\n" #. type: textblock #: C/sudo.pod:621 msgid "" "Note that by default, most operating systems disable core dumps from setuid " "programs, which includes B<sudo>. To actually get a B<sudo> core file you " "may need to enable core dumps for setuid processes. On BSD and Linux " "systems this is accomplished via the sysctl command, on Solaris the coreadm " "command can be used." msgstr "" #. type: =head1 #: C/sudo.pod:627 C/visudo.pod:114 msgid "ENVIRONMENT" msgstr "ENVIRONNEMENT" #. type: textblock #: C/sudo.pod:629 msgid "" "B<sudo> utilizes the following environment variables. The security policy " "has control over the content of the command's environment." msgstr "" #. type: =item #: C/sudo.pod:634 C/visudo.pod:125 msgid "C<EDITOR>" msgstr "C<EDITOR>" #. type: textblock #: C/sudo.pod:636 msgid "" "Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR> nor " "C<VISUAL> is set" msgstr "" "L'éditeur par défaut à utiliser en mode B<-e> (sudoedit) si ni <SUDO_EDITOR> " "ni C<VISUAL> ne sont définies" #. type: =item #: C/sudo.pod:639 msgid "C<MAIL>" msgstr "C<MAIL>" #. type: textblock #: C/sudo.pod:641 msgid "" "In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set to the mail " "spool of the target user" msgstr "" "Dans le mode B<-i> ou quand I<env_reset> est activé dans I<sudoers>, défini " "à la file d'attente de messagerie de l'utilisateur cible" #. type: =item #: C/sudo.pod:644 msgid "C<HOME>" msgstr "C<HOME>" #. type: textblock #: C/sudo.pod:646 msgid "" "Set to the home directory of the target user if B<-i> or B<-H> are " "specified, I<env_reset> or I<always_set_home> are set in I<sudoers>, or when " "the B<-s> option is specified and I<set_home> is set in I<sudoers>" msgstr "" "Défini avec le répertoire d'accueil de l'utilisateur cible si B<-i> ou B<-H> " "sont précisées, I<env_reset> ou I<always_set_home> sont définies dans " "I<sudoers>, ou lorsque l'option <-s> est précisée et que I<set_home> est " "définie dans I<sudoers>" #. type: =item #: C/sudo.pod:651 msgid "C<PATH>" msgstr "C<PATH>" #. type: textblock #: C/sudo.pod:653 msgid "May be overridden by the security policy." msgstr "" #. type: =item #: C/sudo.pod:655 msgid "C<SHELL>" msgstr "C<SHELL>" #. type: textblock #: C/sudo.pod:657 msgid "Used to determine shell to run with C<-s> option" msgstr "Utilisé pour déterminer l'interpréteur à exécuter avec l'option C<-s>" #. type: =item #: C/sudo.pod:659 msgid "C<SUDO_ASKPASS>" msgstr "C<SUDO_ASKPASS>" #. type: textblock #: C/sudo.pod:661 msgid "" "Specifies the path to a helper program used to read the password if no " "terminal is available or if the C<-A> option is specified." msgstr "" "Précise le chemin du programme d'aide utilisé pour lire le mot de passe si " "aucun terminal n'est disponible ou si l'option C<-A> est précisée." #. type: =item #: C/sudo.pod:664 msgid "C<SUDO_COMMAND>" msgstr "C<SUDO_COMMAND>" #. type: textblock #: C/sudo.pod:666 msgid "Set to the command run by sudo" msgstr "Défini avec la commande exécutée par sudo" #. type: =item #: C/sudo.pod:668 msgid "C<SUDO_EDITOR>" msgstr "C<SUDO_EDITOR>" #. type: textblock #: C/sudo.pod:670 msgid "Default editor to use in B<-e> (sudoedit) mode" msgstr "Ã?diteur par défaut à utiliser en mode B<-e> (sudoedit)" #. type: =item #: C/sudo.pod:672 msgid "C<SUDO_GID>" msgstr "C<SUDO_GID>" #. type: textblock #: C/sudo.pod:674 msgid "Set to the group ID of the user who invoked sudo" msgstr "" "Défini avec l'identifiant de groupe de l'utilisateur qui a invoqué sudo" #. type: =item #: C/sudo.pod:676 msgid "C<SUDO_PROMPT>" msgstr "C<SUDO_PROMPT>" #. type: textblock #: C/sudo.pod:678 msgid "Used as the default password prompt" msgstr "Utilisé en tant qu'invite par défaut pour la demande du mot de passe" #. type: =item #: C/sudo.pod:680 msgid "C<SUDO_PS1>" msgstr "C<SUDO_PS1>" #. type: textblock #: C/sudo.pod:682 msgid "If set, C<PS1> will be set to its value for the program being run" msgstr "" "Si défini, C<PS1> sera définie à cette valeur pour le programme en cours " "d'exécution" #. type: =item #: C/sudo.pod:684 msgid "C<SUDO_UID>" msgstr "C<SUDO_UID>" #. type: textblock #: C/sudo.pod:686 msgid "Set to the user ID of the user who invoked sudo" msgstr "" "Défini avec l'identifiant utilisateur de l'utilisateur qui a invoqué sudo" #. type: =item #: C/sudo.pod:688 msgid "C<SUDO_USER>" msgstr "C<SUDO_USER>" #. type: textblock #: C/sudo.pod:690 msgid "Set to the login of the user who invoked sudo" msgstr "" "Défini avec l'identifiant de connexion de l'utilisateur qui a invoqué sudo" #. type: =item #: C/sudo.pod:692 msgid "C<USER>" msgstr "C<USER>" #. type: textblock #: C/sudo.pod:694 msgid "Set to the target user (root unless the B<-u> option is specified)" msgstr "" "Défini avec l'utilisateur cible (le superutilisateur à moins que l'option B<-" "u> ne soit précisée)" #. type: =item #: C/sudo.pod:696 C/visudo.pod:121 msgid "C<VISUAL>" msgstr "C<VISUAL>" #. type: textblock #: C/sudo.pod:698 msgid "" "Default editor to use in B<-e> (sudoedit) mode if C<SUDO_EDITOR> is not set" msgstr "" "Ã?diteur par défaut à utiliser en mode B<-e> (sudoedit) si C<SUDO_EDITOR> " "n'est pas défini" #. type: textblock #: C/sudo.pod:709 #, fuzzy #| msgid "sudoers.ldap - sudo LDAP configuration" msgid "B<sudo> front end configuration" msgstr "sudoers.ldap - Configuration LDAP pour sudo" #. type: textblock #: C/sudo.pod:715 #, fuzzy #| msgid "Note: the following examples assume suitable L<sudoers(5)> entries." msgid "" "Note: the following examples assume a properly configured security policy." msgstr "" "Note : les exemples suivants supposent les entrées L<sudoers(5)> adéquates." #. type: textblock #: C/sudo.pod:717 msgid "To get a file listing of an unreadable directory:" msgstr "" "Récupérer le listing des fichiers d'un répertoire sans accès en lecture :" #. type: verbatim #: C/sudo.pod:719 #, no-wrap msgid "" " $ sudo ls /usr/local/protected\n" "\n" msgstr "" " $ sudo ls /usr/local/protected\n" "\n" #. type: textblock #: C/sudo.pod:721 msgid "" "To list the home directory of user yaz on a machine where the file system " "holding ~yaz is not exported as root:" msgstr "" "Lister le répertoire d'accueil d'un utilisateur yaz sur une machine où le " "système de fichiers contenant ~yaz n'est pas exporté en tant que " "superutilisateur :" #. type: verbatim #: C/sudo.pod:724 #, no-wrap msgid "" " $ sudo -u yaz ls ~yaz\n" "\n" msgstr "" " $ sudo -u yaz ls ~yaz\n" "\n" #. type: textblock #: C/sudo.pod:726 msgid "To edit the F<index.html> file as user www:" msgstr "Ã?diter le fichier F<index.html> en tant que l'utilisateur www :" #. type: verbatim #: C/sudo.pod:728 #, no-wrap msgid "" " $ sudo -u www vi ~www/htdocs/index.html\n" "\n" msgstr "" " $ sudo -u www vi ~www/htdocs/index.html\n" "\n" #. type: textblock #: C/sudo.pod:730 msgid "To view system logs only accessible to root and users in the adm group:" msgstr "" "Visualiser les journaux systèmes uniquement accessibles au superutilisateur " "ainsi qu'aux utilisateurs du groupe adm :" #. type: verbatim #: C/sudo.pod:732 #, no-wrap msgid "" " $ sudo -g adm view /var/log/syslog\n" "\n" msgstr "" " $ sudo -g adm view /var/log/syslog\n" "\n" #. type: textblock #: C/sudo.pod:734 msgid "To run an editor as jim with a different primary group:" msgstr "" "Exécuter un éditeur en tant que jim avec un groupe principal différent :" #. type: verbatim #: C/sudo.pod:736 #, no-wrap msgid "" " $ sudo -u jim -g audio vi ~jim/sound.txt\n" "\n" msgstr "" " $ sudo -u jim -g audio vi ~jim/sound.txt\n" "\n" #. type: textblock #: C/sudo.pod:738 msgid "To shutdown a machine:" msgstr "Ã?teindre une machine :" #. type: verbatim #: C/sudo.pod:740 #, no-wrap msgid "" " $ sudo shutdown -r +15 \"quick reboot\"\n" "\n" msgstr "" " $ sudo shutdown -r +15 \"redémarrage rapide\"\n" "\n" #. type: textblock #: C/sudo.pod:742 msgid "" "To make a usage listing of the directories in the /home partition. Note " "that this runs the commands in a sub-shell to make the C<cd> and file " "redirection work." msgstr "" "Pour faire un listing du taux d'utilisation des répertoires dans la " "partition /home. A noter que ceci exécute les commande dans un sous-" "interpréteur pour faire en sorte que C<cd> ainsi que la redirection de " "fichier fonctionnent." #. type: verbatim #: C/sudo.pod:746 #, no-wrap msgid "" " $ sudo sh -c \"cd /home ; du -s * | sort -rn > USAGE\"\n" "\n" msgstr "" " $ sudo sh -c \"cd /home ; du -s * | sort -rn > USAGE\"\n" "\n" #. type: textblock #: C/sudo.pod:750 msgid "" "L<grep(1)>, L<su(1)>, L<stat(2)>, L<login_cap(3)>, L<passwd(5)>, L<sudoers(5)" ">, L<sudo_plugin(8)>, L<sudoreplay(8)>, L<visudo(8)>" msgstr "" "L<grep(1)>, L<su(1)>, L<stat(2)>, L<login_cap(3)>, L<passwd(5)>, L<sudoers(5)" ">, L<sudo_plugin(8)>, L<sudoreplay(8)>, L<visudo(8)>" #. type: =head1 #: C/sudo.pod:754 msgid "AUTHORS" msgstr "AUTEURS" #. type: textblock #: C/sudo.pod:756 msgid "" "Many people have worked on B<sudo> over the years; this version consists of " "code written primarily by:" msgstr "" "De nombreuses personnes ont travaillé sur B<sudo> durant des années ; cette " "version consiste en du code écrit principalement par :" #. type: verbatim #: C/sudo.pod:759 #, no-wrap msgid "" "\tTodd C. Miller\n" "\n" msgstr "" "\tTodd C. Miller\n" "\n" #. type: textblock #: C/sudo.pod:761 C/visudo.pod:195 msgid "" "See the CONTRIBUTORS file in the B<sudo> distribution (http://www.sudo.ws/" "sudo/contributors.html) for a list of people who have contributed to B<sudo>." msgstr "" "Consultez le fichier CONTRIBUTORS des sources de B<sudo> ou visitez http://" "www.sudo.ws/sudo/contributors.html pour une liste des contributeurs à " "B<sudo>." #. type: =head1 #: C/sudo.pod:765 msgid "HISTORY" msgstr "HISTORIQUE" #. type: textblock #: C/sudo.pod:767 msgid "" "See the HISTORY file in the B<sudo> distribution (http://www.sudo.ws/sudo/" "history.html) for a brief history of sudo." msgstr "" "Consultez le fichier HISTORY des sources de B<sudo> ou visitez http://www." "sudo.ws/sudo/history.html pour un bref historique de B<sudo>." #. type: textblock #: C/sudo.pod:772 msgid "" "There is no easy way to prevent a user from gaining a root shell if that " "user is allowed to run arbitrary commands via B<sudo>. Also, many programs " "(such as editors) allow the user to run commands via shell escapes, thus " "avoiding B<sudo>'s checks. However, on most systems it is possible to " "prevent shell escapes with the L<sudoers(5)> module's I<noexec> " "functionality." msgstr "" "Il n'y a pas de manière simple d'empêcher un utilisateur d'obtenir un " "interpréteur superutilisateur si cet utilisateur est autorisé a exécuter des " "commandes arbitraires par B<sudo>. Aussi, de nombreux programmes (tels que " "les éditeurs) autorisent l'utilisateur a exécuter des commandes par des " "échappements de l'interpréteur, en évitant ainsi les contrôles de B<sudo>. " "Cependant, sur la plupart des systèmes, il est possible d'empêcher les " "échappements de l'interpréteur grâce à la fonctionnalité du module I<noexec> " "de B<sudoers(5)>. " #. type: textblock #: C/sudo.pod:779 msgid "It is not meaningful to run the C<cd> command directly via sudo, e.g.," msgstr "" "Il n'est pas intéressant d'exécuter la commande C<cd> directement par sudo, " "par exemple, " #. type: verbatim #: C/sudo.pod:781 #, no-wrap msgid "" " $ sudo cd /usr/local/protected\n" "\n" msgstr "" " $ sudo cd /usr/local/protected\n" "\n" #. type: textblock #: C/sudo.pod:783 msgid "" "since when the command exits the parent process (your shell) will still be " "the same. Please see the EXAMPLES section for more information." msgstr "" "étant donné que la commande quittant le processus parent (votre " "interpréteur) restera la même. Veuillez consulter la section EXEMPLES pour " "plus d'information." #. type: textblock #: C/sudo.pod:786 msgid "" "Running shell scripts via B<sudo> can expose the same kernel bugs that make " "setuid shell scripts unsafe on some operating systems (if your OS has a /dev/" "fd/ directory, setuid shell scripts are generally safe)." msgstr "" "Exécuter des « shell scripts » par B<sudo> peut exposer aux mêmes bogues " "noyaux que ceux rendant les « shell scripts » avec le bit setuid positionné " "risqués sur certains systèmes d'exploitation (si votre système " "d'exploitation dispose d'un répertoire /dev/fd/, les « shell scripts » avec " "le bit setuid positionné, sont généralement surs)." #. type: textblock #: C/sudoreplay.pod:20 msgid "sudoreplay - replay sudo session logs" msgstr "sudoreplay - rejoue les journaux de session de sudo" #. type: textblock #: C/sudoreplay.pod:24 msgid "" "B<sudoreplay> [B<-h>] [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> " "I<max_wait>] [B<-s> I<speed_factor>] ID" msgstr "" "B<sudoreplay> [B<-h>] [B<-d> I<répertoire>] [B<-f> I<filtre>] [B<-m> " "I<temp_d'attente_max>] [B<-s> I<facteur_vitesse>] ID" #. type: textblock #: C/sudoreplay.pod:26 msgid "B<sudoreplay> [B<-h>] [B<-d> I<directory>] -l [search expression]" msgstr "" "B<sudoreplay> [B<-h>] [B<-d> I<répertoire>] -l [expression de recherche]" #. type: textblock #: C/sudoreplay.pod:30 msgid "" "B<sudoreplay> plays back or lists the output logs created by B<sudo>. When " "replaying, B<sudoreplay> can play the session back in real-time, or the " "playback speed may be adjusted (faster or slower) based on the command line " "options." msgstr "" "B<sudoreplay> rejoue ou liste les journaux de session créés par B<sudo>. " "Lors du rejeu, B<sudoreplay> peut repasser la session en temps réel, ou bien " "la vitesse de lecture peut être ajustée (plus rapide ou plus lente) selon " "les paramètres de la ligne de commande." #. type: textblock #: C/sudoreplay.pod:35 #, fuzzy msgid "" "The I<ID> should either be a six character sequence of digits and upper case " "letters, e.g. C<0100A5>, or a pattern matching the I<iolog_file> option in " "the I<sudoers> file. When a command is run via B<sudo> with I<log_output> " "enabled in the I<sudoers> file, a C<TSID=ID> string is logged via syslog or " "to the B<sudo> log file. The I<ID> may also be determined using " "B<sudoreplay>'s list mode." msgstr "" "L'<ID> devrait être une séquence de six caractères composée de chiffres et " "de majuscules, par exemple C<0100A5>, qui est enregistré par B<sudo> quand " "une commande est exécutée avec l'enregistrement de session activé." #. type: textblock #: C/sudoreplay.pod:42 msgid "" "In list mode, B<sudoreplay> can be used to find the ID of a session based on " "a number of criteria such as the user, tty or command run." msgstr "" "En mode liste, B<sudoreplay> peut être utilisé pour trouver l'ID d'une " "session basée sur un nombre de critères tel que l'utilisateur, le terminal " "(« tty »), ou bien la commande exécutée." #. type: textblock #: C/sudoreplay.pod:45 msgid "" "In replay mode, if the standard output has not been redirected, " "B<sudoreplay> will act on the following keys:" msgstr "" "En mode rejeu, si la sortie standard n'a pas été redirigée, B<sudoreplay> " "agira sur les touches suivantes :" #. type: =item #: C/sudoreplay.pod:50 msgid "' ' (space)" msgstr "' ' (espace)" #. type: textblock #: C/sudoreplay.pod:52 msgid "Pause output; press any key to resume." msgstr "" "Met en pause la sortie ; pressez n'importe quelle touche pour reprendre." #. type: =item #: C/sudoreplay.pod:54 msgid "'<'" msgstr "'<'" #. type: textblock #: C/sudoreplay.pod:56 msgid "Reduce the playback speed by one half." msgstr "Réduit la vitesse de lecture de moitié." #. type: =item #: C/sudoreplay.pod:58 msgid "'>'" msgstr "'>'" #. type: textblock #: C/sudoreplay.pod:60 msgid "Double the playback speed." msgstr "Double la vitesse de lecture." #. type: textblock #: C/sudoreplay.pod:66 msgid "B<sudoreplay> accepts the following command line options:" msgstr "B<sudoreplay> accepte les options en ligne de commande suivantes :" #. type: =item #: C/sudoreplay.pod:70 msgid "-d I<directory>" msgstr "-d I<répertoire>" #. type: textblock #: C/sudoreplay.pod:72 msgid "" "Use I<directory> to for the session logs instead of the default, F</var/log/" "sudo-io>." msgstr "" "Utilise I<répertoire> pour l'enregistrement des sessions au lieu du " "répertoire par défaut, F</var/log/sudo-io>." #. type: =item #: C/sudoreplay.pod:75 msgid "-f I<filter>" msgstr "-f I<filtre>" #. type: textblock #: C/sudoreplay.pod:77 msgid "" "By default, B<sudoreplay> will play back the command's standard output, " "standard error and tty output. The I<-f> option can be used to select which " "of these to output. The I<filter> argument is a comma-separated list, " "consisting of one or more of following: I<stdout>, I<stderr>, and I<ttyout>." msgstr "" "Par défaut, B<sudoreplay> rejouera les commandes de la sortie standard, de " "l'erreur standard et de la sortie terminal (« tty »). L'option I<-f> peut " "être utiliser pour sélectionner lesquelles à afficher. Le paramètre " "I<filter> est une liste avec virgule comme séparateur, consistant en une ou " "plusieurs des valeurs suivantes : I<stdout>, I<stderr>, et <ttyout>." #. type: textblock #: C/sudoreplay.pod:85 #, fuzzy #| msgid "" #| "The B<-h> (I<help>) option causes B<sudo> to print a usage message and " #| "exit." msgid "" "The B<-h> (I<help>) option causes B<sudoreplay> to print a short help " "message to the standard output and exit." msgstr "" "L'option B<-h> (« I<help> » ce qui signifie aide>) amène B<sudo> à afficher " "le message d'usage et sortir." #. type: =item #: C/sudoreplay.pod:88 msgid "-l [I<search expression>]" msgstr "-l [I<expression de recherche>]" #. type: textblock #: C/sudoreplay.pod:90 #, fuzzy #| msgid "" #| "Enable \"list mode\". In this mode, B<sudoreplay> will list available " #| "session IDs. If a I<search expression> is specified, it will be used to " #| "restrict the IDs that are displayed. An expression is composed of the " #| "following predicates:" msgid "" "Enable \"list mode\". In this mode, B<sudoreplay> will list available " "sessions in a format similar to the B<sudo> log file format, sorted by file " "name (or sequence number). If a I<search expression> is specified, it will " "be used to restrict the IDs that are displayed. An expression is composed " "of the following predicates:" msgstr "" "Active le « mode list ». Dans ce mode, B<sudoreplay> listera les " "identifiants des sessions disponibles.Si une I<expression de recherche> est " "précisée, elle sera utilisée pour restreindre les IDs qui sont affichés. Une " "expression est composée des prédicats suivants :" #. type: =item #: C/sudoreplay.pod:98 msgid "command I<command pattern>" msgstr "command I<motif de commande>" #. type: textblock #: C/sudoreplay.pod:100 msgid "" "Evaluates to true if the command run matches I<command pattern>. On systems " "with POSIX regular expression support, the pattern may be an extended " "regular expression. On systems without POSIX regular expression support, a " "simple substring match is performed instead." msgstr "" "Ã?value à vrai si la commande exécutée correspond à I<motif de commande>. Sur " "les systèmes avec le support des expression régulières POSIX, le motif peut " "être une expression régulière étendue. Sur les systèmes sans le support des " "expression régulières POSIX, une simple correspondance de sous-chaîne est " "réalisée en lieu et place." #. type: =item #: C/sudoreplay.pod:105 msgid "cwd I<directory>" msgstr "cwd I<répertoire>" #. type: textblock #: C/sudoreplay.pod:107 msgid "" "Evaluates to true if the command was run with the specified current working " "directory." msgstr "" "Ã?value à vrai si la commande a été exécutée avec l'actuel répertoire de " "travail précisé." #. type: =item #: C/sudoreplay.pod:110 msgid "fromdate I<date>" msgstr "fromdate I<date>" #. type: textblock #: C/sudoreplay.pod:112 msgid "" "Evaluates to true if the command was run on or after I<date>. See L<\"Date " "and time format\"> for a description of supported date and time formats." msgstr "" "Ã?value à vrai si la commande a été exécutée après I<date>. Voir L<\"Format " "de la date et de l'heure\"> pour une description des formats de date et " "d'heure supportés." #. type: =item #: C/sudoreplay.pod:116 msgid "group I<runas_group>" msgstr "group I<groupe_d_exécution> (« Exécuté en tant que »)" #. type: textblock #: C/sudoreplay.pod:118 msgid "" "Evaluates to true if the command was run with the specified I<runas_group>. " "Note that unless a I<runas_group> was explicitly specified when B<sudo> was " "run this field will be empty in the log." msgstr "" "Ã?value à vrai si la commande a été exécutée avec le I<groupe_d_exécution> " "spécifié. Ã? noter qu'à moins que le I<groupe_d_exécution> n'ait été " "explicitement précisé lorsque B<sudo> a été exécuté, ce champ restera vide " "dans le fichier journal." #. type: =item #: C/sudoreplay.pod:122 msgid "runas I<runas_user>" msgstr "runas I<utilisateur_d_exécution> (« Exécuté en tant que »)" #. type: textblock #: C/sudoreplay.pod:124 msgid "" "Evaluates to true if the command was run as the specified I<runas_user>. " "Note that B<sudo> runs commands as user I<root> by default." msgstr "" "Ã?value à vrai si la commande a été exécutée en tant que " "l'I<utilisateur_d_exécution> précisé. Ã? noter que B<sudo> exécute les " "commande en tant que I<superutilisateur> par défaut." #. type: =item #: C/sudoreplay.pod:127 msgid "todate I<date>" msgstr "todate I<date>" #. type: textblock #: C/sudoreplay.pod:129 msgid "" "Evaluates to true if the command was run on or prior to I<date>. See L<" "\"Date and time format\"> for a description of supported date and time " "formats." msgstr "" "Ã?value à vrai si la commande a été exécutée à I<date> ou avant. Voir L<" "\"Format de la date et de l'heure\"> pour une description des formats de " "date et d'heure supportés." #. type: =item #: C/sudoreplay.pod:133 msgid "tty I<tty>" msgstr "tty I<terminal_virtuel>" #. type: textblock #: C/sudoreplay.pod:135 msgid "" "Evaluates to true if the command was run on the specified terminal device. " "The I<tty> should be specified without the F</dev/> prefix, e.g. F<tty01> " "instead of F</dev/tty01>." msgstr "" "Ã?value à vrai si la commande a été exécutée sur le périphérique terminal " "précisé. Le I<terminal virtuel> doit être précisé sans le préfixe F</dev/>, " "par exemple F<tty01> au lieu de F</dev/tty01>." #. type: =item #: C/sudoreplay.pod:139 msgid "user I<user name>" msgstr "user I<nom_d_utilisateur>" #. type: textblock #: C/sudoreplay.pod:141 msgid "Evaluates to true if the ID matches a command run by I<user name>." msgstr "" "Ã?value a vrai si l'ID correspond à une commande exécuté par " "I<nom_d_utilisateur>." #. type: textblock #: C/sudoreplay.pod:145 msgid "" "Predicates may be abbreviated to the shortest unique string (currently all " "predicates may be shortened to a single character)." msgstr "" "Les prédicats peuvent êtres abrégés à la plus petite chaîne unique " "(actuellement tous les prédicats peuvent êtres raccourcis à un seul " "caractère)." #. type: textblock #: C/sudoreplay.pod:148 msgid "" "Predicates may be combined using I<and>, I<or> and I<!> operators as well as " "C<'('> and C<')'> for grouping (note that parentheses must generally be " "escaped from the shell). The I<and> operator is optional, adjacent " "predicates have an implied I<and> unless separated by an I<or>." msgstr "" "Les prédicats peuvent êtres combinés en utilisant les opérateurs I<and>, " "I<or>, et I<!> ainsi que C<'('> et C<')'> pour le groupage (à noter que les " "parenthèses doivent généralement être échappées depuis l'interpréteur de " "commandes). L'opérateur I<and> est optionnel, les prédicats adjacents ayant " "un I<and> implicite à moins d'être séparés par un I<or>." #. type: =item #: C/sudoreplay.pod:154 msgid "-m I<max_wait>" msgstr "-m I<temps_d'attente_max>" #. type: textblock #: C/sudoreplay.pod:156 msgid "" "Specify an upper bound on how long to wait between key presses or output " "data. By default, B<sudo_replay> will accurately reproduce the delays " "between key presses or program output. However, this can be tedious when " "the session includes long pauses. When the I<-m> option is specified, " "B<sudoreplay> will limit these pauses to at most I<max_wait> seconds. The " "value may be specified as a floating point number, .e.g. I<2.5>." msgstr "" "Spécifie une limite supérieure sur combien de temps à attendre entre les " "appuis de touches ou la sortie des données. Par défaut, B<sudoreplay> " "reproduira exactement le délais entre les appuis de touche ou la sortie du " "programme. Cependant, ceci peut être ennuyeux quand la session inclut de " "longues pauses. Quand l'option <-m> est spécifiée, B<sudoreplay> limitera " "ces pauses au plus à I<temps_d_attente_max> secondes. La valeur peut être " "spécifiée en tant qu'un nombre flottant, par exemple I<2,5>." #. type: =item #: C/sudoreplay.pod:164 msgid "-s I<speed_factor>" msgstr "-s I<facteur_vitesse>" #. type: textblock #: C/sudoreplay.pod:166 msgid "" "This option causes B<sudoreplay> to adjust the number of seconds it will " "wait between key presses or program output. This can be used to slow down " "or speed up the display. For example, a I<speed_factor> of I<2> would make " "the output twice as fast whereas a I<speed_factor> of <.5> would make the " "output twice as slow." msgstr "" "Cette option fait que B<sudoreplay> ajuste le nombre de secondes qu'il va " "attendre entre les appuis de touches ou la sortie du programme. Ceci peut " "être utilisé pour ralentir ou accélérer l'affichage. Par exemple, in " "I<speed_factor> de I<2> ferait l'affichage deux fois plus rapide alors qu'un " "I<speed_factor> de <0,5> ferait un affichage deux fois plus lent." #. type: textblock #: C/sudoreplay.pod:174 msgid "" "The B<-V> (version) option causes B<sudoreplay> to print its version number " "and exit." msgstr "" "L'option B<-V> (version) fait que B<sudoreplay> affiche son numéro de " "version et quitte." #. type: =head2 #: C/sudoreplay.pod:179 msgid "Date and time format" msgstr "Format de la date et de l'heure" #. type: textblock #: C/sudoreplay.pod:181 msgid "" "The time and date may be specified multiple ways, common formats include:" msgstr "" "L'heure et le jour peuvent être spécifiées de plusieurs façon, y compris les " "formats classiques :" #. type: =item #: C/sudoreplay.pod:185 msgid "HH:MM:SS am MM/DD/CCYY timezone" msgstr "HH:MM:SS am MM/JJ/AAAA fuseau horaire" #. type: textblock #: C/sudoreplay.pod:187 msgid "24 hour time may be used in place of am/pm." msgstr "L'affichage sur 24 heures peut être utilisé à la place de am/pm." #. type: =item #: C/sudoreplay.pod:189 msgid "HH:MM:SS am Month, Day Year timezone" msgstr "HH:MM:SS am Mois, Jour Année fuseau horaire" #. type: textblock #: C/sudoreplay.pod:191 msgid "" "24 hour time may be used in place of am/pm, and month and day names may be " "abbreviated. Note that month and day of the week names must be specified in " "English." msgstr "" "L'affichage sur 24 heures peut être utilisé à la place de am/pm, et les noms " "de mois et de jour peuvent être abrégés. Ã? noter que les noms de mois et de " "jour de la semaine doivent être spécifiés en anglais." #. type: =item #: C/sudoreplay.pod:195 msgid "CCYY-MM-DD HH:MM:SS" msgstr "AAAA-MM-JJ HH:MM:SS" #. type: textblock #: C/sudoreplay.pod:197 msgid "ISO time format" msgstr "Format de temps ISO" #. type: =item #: C/sudoreplay.pod:199 msgid "DD Month CCYY HH:MM:SS" msgstr "JJ Mois AAAA HH:MM:SS" #. type: textblock #: C/sudoreplay.pod:201 msgid "The month name may be abbreviated." msgstr "Le nom du mois peut être abrégé." #. type: textblock #: C/sudoreplay.pod:205 msgid "" "Either time or date may be omitted, the am/pm and timezone are optional. If " "no date is specified, the current day is assumed; if no time is specified, " "the first second of the specified date is used. The less significant parts " "of both time and date may also be omitted, in which case zero is assumed. " "For example, the following are all valid:" msgstr "" "La date ou l'heure peut être omise, l'indication am/pm et le fuseau horaire " "sont optionnels. Si aucune date n'est précisée, la date courante est prise " "en compte ; si aucune heure n'est précisée, la première seconde de la date " "spécifiée est utilisée. La partie la moins significative de l'heure et de la " "date peut aussi être omise, la valeur est alors zéro. Par exemple, les " "valeurs suivantes sont valides :" #. type: textblock #: C/sudoreplay.pod:212 msgid "The following are all valid time and date specifications:" msgstr "" "Les valeurs suivantes sont des spécifications de date et d'heure valides :" #. type: =item #: C/sudoreplay.pod:216 msgid "now" msgstr "now" #. type: textblock #: C/sudoreplay.pod:218 msgid "The current time and date." msgstr "La date et l'heure actuelles." #. type: =item #: C/sudoreplay.pod:220 msgid "tomorrow" msgstr "tomorrow" #. type: textblock #: C/sudoreplay.pod:222 msgid "Exactly one day from now." msgstr "Dans exactement un jour à partir de maintenant." #. type: =item #: C/sudoreplay.pod:224 msgid "yesterday" msgstr "yesterday" #. type: textblock #: C/sudoreplay.pod:226 msgid "24 hours ago." msgstr "Il y a 24 heures." #. type: =item #: C/sudoreplay.pod:228 msgid "2 hours ago" msgstr "2 hours ago" #. type: textblock #: C/sudoreplay.pod:230 msgid "2 hours ago." msgstr "Il y a deux heures." #. type: =item #: C/sudoreplay.pod:232 msgid "next Friday" msgstr "next Friday" #. type: textblock #: C/sudoreplay.pod:234 msgid "The first second of the next Friday." msgstr "La première seconde du prochain vendredi." #. type: =item #: C/sudoreplay.pod:236 msgid "this week" msgstr "this week" #. type: textblock #: C/sudoreplay.pod:238 msgid "The current time but the first day of the coming week." msgstr "A l'heure courante, mais le premier jour de la semaine suivante." #. type: =item #: C/sudoreplay.pod:240 msgid "a fortnight ago" msgstr "a fortnight ago" #. type: textblock #: C/sudoreplay.pod:242 msgid "The current time but 14 days ago." msgstr "Ã? l'heure courante, mais il y a 14 jours." #. type: =item #: C/sudoreplay.pod:244 msgid "10:01 am 9/17/2009" msgstr "10:01 am 9/17/2009" #. type: textblock #: C/sudoreplay.pod:246 C/sudoreplay.pod:262 msgid "10:01 am, September 17, 2009." msgstr "à 10h01 du matin, le 17 septembre 2009." #. type: =item #: C/sudoreplay.pod:248 msgid "10:01 am" msgstr "10:01 am" #. type: textblock #: C/sudoreplay.pod:250 msgid "10:01 am on the current day." msgstr "à 10h01 du matin, aujourd'hui." #. type: =item #: C/sudoreplay.pod:252 msgid "10" msgstr "10" #. type: textblock #: C/sudoreplay.pod:254 msgid "10:00 am on the current day." msgstr "à 10h00 du matin, aujourd'hui." #. type: =item #: C/sudoreplay.pod:256 msgid "9/17/2009" msgstr "9/17/2009" #. type: textblock #: C/sudoreplay.pod:258 msgid "00:00 am, September 17, 2009." msgstr "à 00h00, le 17 septembre 2009." #. type: =item #: C/sudoreplay.pod:260 msgid "10:01 am Sep 17, 2009" msgstr "10:01 am Sep 17, 2009" #. type: =item #: C/sudoreplay.pod:270 msgid "F</var/log/sudo-io>" msgstr "F</var/log/sudo-io>" #. type: textblock #: C/sudoreplay.pod:272 msgid "The default I/O log directory." msgstr "" "Le répertoire par défaut des fichiers journaux pour les entrées/sorties." #. type: =item #: C/sudoreplay.pod:274 msgid "F</var/log/sudo-io/00/00/01/log>" msgstr "F</var/log/sudo-io/00/00/01/log>" #. type: textblock #: C/sudoreplay.pod:276 msgid "Example session log info." msgstr "Fichier journal d'information d'une session exemple." #. type: =item #: C/sudoreplay.pod:278 msgid "F</var/log/sudo-io/00/00/01/stdin>" msgstr "F</var/log/sudo-io/00/00/01/stdin>" #. type: textblock #: C/sudoreplay.pod:280 msgid "Example session standard input log." msgstr "Fichier journal de l'entrée standard d'une session exemple." #. type: =item #: C/sudoreplay.pod:282 msgid "F</var/log/sudo-io/00/00/01/stdout>" msgstr "F</var/log/sudo-io/00/00/01/stdout>" #. type: textblock #: C/sudoreplay.pod:284 msgid "Example session standard output log." msgstr "Fichier journal de la sortie standard d'une session exemple." #. type: =item #: C/sudoreplay.pod:286 msgid "F</var/log/sudo-io/00/00/01/stderr>" msgstr "F</var/log/sudo-io/00/00/01/stderr>" #. type: textblock #: C/sudoreplay.pod:288 msgid "Example session standard error log." msgstr "Fichier journal de l'erreur standard d'une session exemple." #. type: =item #: C/sudoreplay.pod:290 msgid "F</var/log/sudo-io/00/00/01/ttyin>" msgstr "F</var/log/sudo-io/00/00/01/ttyin>" #. type: textblock #: C/sudoreplay.pod:292 msgid "Example session tty input file." msgstr "Fichier journal de l'entrée tty d'une session exemple." #. type: =item #: C/sudoreplay.pod:294 msgid "F</var/log/sudo-io/00/00/01/ttyout>" msgstr "F</var/log/sudo-io/00/00/01/ttyout>" #. type: textblock #: C/sudoreplay.pod:296 msgid "Example session tty output file." msgstr "Fichier journal de la sortie tty d'une session exemple." #. type: =item #: C/sudoreplay.pod:298 msgid "F</var/log/sudo-io/00/00/01/timing>" msgstr "F</var/log/sudo-io/00/00/01/timing>" #. type: textblock #: C/sudoreplay.pod:300 msgid "Example session timing file." msgstr "Fichier de minutage d'une session exemple." #. type: textblock #: C/sudoreplay.pod:304 #, fuzzy msgid "" "Note that the I<stdin>, I<stdout> and I<stderr> files will be empty unless " "B<sudo> was used as part of a pipeline for a particular command." msgstr "" "Ã? noter que les fichiers I<stdin>, I<stdout> et I<stderr> seront vides à " "moins que B<sudo> n'ait été utilisé en tant que partie d'un pipeline pour " "une commande particulière." #. type: textblock #: C/sudoreplay.pod:310 msgid "List sessions run by user I<millert>:" msgstr "Lister les sessions exécutées par l'utilisateur I<millert> :" #. type: verbatim #: C/sudoreplay.pod:312 #, no-wrap msgid "" " sudoreplay -l user millert\n" "\n" msgstr "" " sudoreplay -l user millert\n" "\n" #. type: textblock #: C/sudoreplay.pod:314 msgid "" "List sessions run by user I<bob> with a command containing the string vi:" msgstr "" "Lister les sessions exécutées par l'utilisateur I<bob> avec une commande " "contenant la chaîne vi :" #. type: verbatim #: C/sudoreplay.pod:316 #, no-wrap msgid "" " sudoreplay -l user bob command vi\n" "\n" msgstr "" " sudoreplay -l user bob command vi\n" "\n" #. type: textblock #: C/sudoreplay.pod:318 msgid "List sessions run by user I<jeff> that match a regular expression:" msgstr "" "Lister les sessions exécutées par l'utilisateur I<jeff> ayant une " "correspondance avec une expression régulière : " #. type: verbatim #: C/sudoreplay.pod:320 #, no-wrap msgid "" " sudoreplay -l user jeff command '/bin/[a-z]*sh'\n" "\n" msgstr "" " sudoreplay -l user jeff command '/bin/[a-z]*sh'\n" "\n" #. type: textblock #: C/sudoreplay.pod:322 msgid "List sessions run by jeff or bob on the console:" msgstr "Lister les sessions exécutées par jeff ou bob sur la console :" #. type: verbatim #: C/sudoreplay.pod:324 #, no-wrap msgid "" " sudoreplay -l ( user jeff or user bob ) tty console\n" "\n" msgstr "" " sudoreplay -l ( user jeff or user bob ) tty console\n" "\n" #. type: textblock #: C/sudoreplay.pod:328 msgid "L<sudo(8)>, L<script(1)>" msgstr "L<sudo(8)>, L<script(1)>" #. type: =head1 #: C/sudoreplay.pod:330 C/visudo.pod:188 msgid "AUTHOR" msgstr "AUTEUR" #. type: textblock #: C/sudoreplay.pod:332 msgid "Todd C. Miller" msgstr "Todd C. Miller" #. type: textblock #: C/sudoreplay.pod:336 msgid "" "If you feel you have found a bug in B<sudoreplay>, please submit a bug " "report at http://www.sudo.ws/sudo/bugs/" msgstr "" "Si vous pensez avoir trouvé un bogue dans B<sudoreplay>, merci de soumettre " "un rapport de bogue à http://www.sudo.ws/sudo/bugs/" #. type: textblock #: C/sudoreplay.pod:347 msgid "" "B<sudoreplay> is provided ``AS IS'' and any express or implied warranties, " "including, but not limited to, the implied warranties of merchantability and " "fitness for a particular purpose are disclaimed. See the LICENSE file " "distributed with B<sudo> or http://www.sudo.ws/sudo/license.html for " "complete details." msgstr "" "B<sudoreplay> est fourni « EN L'Ã?TAT » et sans aucune garantie de quelque " "nature que ce soit expresse ou implicite, y compris, mais sans y être limité " "les garanties d'aptitude à la vente ou à un but particulier. Voir le fichier " "LICENSE distribué avec B<sudo> ou http://www.sudo.ws/sudo/license.html pour " "les détails complets." #. type: textblock #: C/visudo.pod:25 msgid "visudo - edit the sudoers file" msgstr "visudo - édition du fichier sudoers" #. type: textblock #: C/visudo.pod:29 msgid "B<visudo> [B<-chqsV>] [B<-f> I<sudoers>]" msgstr "B<visudo> [B<-chqsV>] [B<-f> I<sudoers>]" #. type: textblock #: C/visudo.pod:33 msgid "" "B<visudo> edits the I<sudoers> file in a safe fashion, analogous to L<vipw(8)" ">. B<visudo> locks the I<sudoers> file against multiple simultaneous edits, " "provides basic sanity checks, and checks for parse errors. If the " "I<sudoers> file is currently being edited you will receive a message to try " "again later." msgstr "" "B<visudo> édite le fichier I<sudoers> d'une façon sure, analogue à L<vipw(8)" ">. B<visudo> verrouille le fichier I<sudoers> contre de multiple éditions " "simultanées, fournit des tests de cohérence basiques, et contrôle les " "erreurs d'analyse syntaxique. Si le fichier I<sudoers> est actuellement en " "cours d'édition, vous recevrez un message vous enjoignant d'essayer plus " "tard." #. type: textblock #: C/visudo.pod:39 msgid "" "There is a hard-coded list of one or more editors that B<visudo> will use " "set at compile-time that may be overridden via the I<editor> I<sudoers> " "C<Default> variable. This list defaults to C<\"@editor@\">. Normally, " "B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment variables " "unless they contain an editor in the aforementioned editors list. However, " "if B<visudo> is configured with the I<--with-env-editor> option or the " "I<env_editor> C<Default> variable is set in I<sudoers>, B<visudo> will use " "any the editor defines by C<VISUAL> or C<EDITOR>. Note that this can be a " "security hole since it allows the user to execute any program they wish " "simply by setting C<VISUAL> or C<EDITOR>." msgstr "" "Il existe une liste codée en dur définie à la compilation d'un ou plusieurs " "éditeurs que B<visudo> utilisera qui peut être écrasée par l'intermédiaire " "de la variable I<editor> de la section C<Default> de I<sudoers>. Cette liste " "contient par défaut C<\"@editor@\">. Normalement, B<visudo> n'honore pas les " "variables d'environnement C<VISUAL> ou <EDITOR> à moins qu'elles ne " "contiennent un éditeur présent dans la liste des éditeurs susmentionnée. " "Cependant, si B<visudo> est configuré avec l'option I<--with-env-editor> ou " "si la variable C<Default> I<env_editor> est définie dans I<sudoers>, " "B<visudo> utilisera n'importe quel éditeur défini par C<VISUAL> ou " "C<EDITOR>. Ã? noter que ceci peut être une faille de sécurité étant donné que " "cela permet à l'utilisateur d'exécuter n'importe quel programme simplement " "en définissant C<VISUAL> ou C<VISUAL>." #. type: textblock #: C/visudo.pod:50 msgid "" "B<visudo> parses the I<sudoers> file after the edit and will not save the " "changes if there is a syntax error. Upon finding an error, B<visudo> will " "print a message stating the line number(s) where the error occurred and the " "user will receive the \"What now?\" prompt. At this point the user may " "enter \"e\" to re-edit the I<sudoers> file, \"x\" to exit without saving the " "changes, or \"Q\" to quit and save changes. The \"Q\" option should be used " "with extreme care because if B<visudo> believes there to be a parse error, " "so will B<sudo> and no one will be able to B<sudo> again until the error is " "fixed. If \"e\" is typed to edit the I<sudoers> file after a parse error " "has been detected, the cursor will be placed on the line where the error " "occurred (if the editor supports this feature)." msgstr "" "B<visudo> analyse la syntaxe du fichier I<sudoers> après l'édition et ne " "sauvegardera pas les changement s'il y a une erreur de syntaxe. Dès qu'une " "erreur est trouvée, V<visudo> affichera un message faisant étant du numéro " "de la ou des lignes où l'erreur s'est produite et l'utilisateur recevra le " "message « What now? » (ce qui peut se traduire par  « Que faire " "maintenant ? »). Ã? cet instant, l'utilisateur peut entrer « e » pour " "rééditer le fichier I<sudoers>, « x » pour quitter sans sauver les " "changements, ou « Q » pour quitter et sauver les changements. L'option « Q » " "devrait être utilisée avec une extrême précaution car si B<visudo> croit " "qu'il existe une erreur d'analyse syntaxique, B<sudo> le croira également et " "personne n'aura plus la possibilité d'utiliser B<sudo> à nouveau jusqu'à ce " "que l'erreur soit corrigée." #. type: textblock #: C/visudo.pod:66 msgid "B<visudo> accepts the following command line options:" msgstr "B<visudo> accepte les options en ligne de commande suivantes :" #. type: =item #: C/visudo.pod:70 msgid "-c" msgstr "-c" #. type: textblock #: C/visudo.pod:72 #, fuzzy #| msgid "" #| "Enable B<check-only> mode. The existing I<sudoers> file will be checked " #| "for syntax and a message will be printed to the standard output detailing " #| "the status of I<sudoers>. If the syntax check completes successfully, " #| "B<visudo> will exit with a value of 0. If a syntax error is encountered, " #| "B<visudo> will exit with a value of 1." msgid "" "Enable B<check-only> mode. The existing I<sudoers> file will be checked for " "syntax errors, owner and mode. A message will be printed to the standard " "output describing the status of I<sudoers> unless the B<-q> option was " "specified. If the check completes successfully, B<visudo> will exit with a " "value of 0. If an error is encountered, B<visudo> will exit with a value of " "1." msgstr "" "Active le mode B<contrôle-uniquement>. Le fichier I<sudoers> existant sera " "contrôlé au niveau syntaxique et un message sera affiché sur la sortie " "standard détaillant le statut de I<sudoers>. Si le contrôle syntaxique se " "termine avec succès, B<visudo> quittera avec une valeur de 0. Si une erreur " "de syntaxe est rencontrée, B<visudo> quittera avec une valeur de 1." #. type: =item #: C/visudo.pod:79 msgid "-f I<sudoers>" msgstr "-f I<sudoers>" #. type: textblock #: C/visudo.pod:81 #, fuzzy #| msgid "" #| "Specify and alternate I<sudoers> file location. With this option " #| "B<visudo> will edit (or check) the I<sudoers> file of your choice, " #| "instead of the default, F<@sysconfdir@/sudoers>. The lock file used is " #| "the specified I<sudoers> file with \".tmp\" appended to it." msgid "" "Specify and alternate I<sudoers> file location. With this option B<visudo> " "will edit (or check) the I<sudoers> file of your choice, instead of the " "default, F<@sysconfdir@/sudoers>. The lock file used is the specified " "I<sudoers> file with \".tmp\" appended to it. In B<check-only> mode only, " "the argument to B<-f> may be \"-\", indicating that I<sudoers> will be read " "from the standard input." msgstr "" "Précise un emplacement alternatif pour le fichier I<sudoers>. Avec cette " "option, B<visudo> éditera (ou contrôlera) le fichier I<sudoers> de votre " "choix, au lieu du fichier par défaut F<@sysconfdir@/sudoers>. Le fichier de " "verrou utilisé dont le nom est défini par le fichier I<sudoers> avec « ." "tmp » ajouté à celui-ci." #. type: textblock #: C/visudo.pod:90 msgid "" "The B<-h> (I<help>) option causes B<visudo> to print a short help message to " "the standard output and exit." msgstr "" "L'option B<-h> (I<help>) affiche un court message d'aide sur la sortie " "standard, puis le programme s'arrête." #. type: =item #: C/visudo.pod:93 msgid "-q" msgstr "-q" #. type: textblock #: C/visudo.pod:95 msgid "" "Enable B<quiet> mode. In this mode details about syntax errors are not " "printed. This option is only useful when combined with the B<-c> option." msgstr "" "Active le mode B<silencieux> (« quiet » en anglais). Dans ce mode, les " "détails à propos des erreurs de syntaxe ne sont pas affichés. Cette option " "n'est utile que combinée avec l'option B<-c>." #. type: =item #: C/visudo.pod:99 msgid "-s" msgstr "-s" #. type: textblock #: C/visudo.pod:101 msgid "" "Enable B<strict> checking of the I<sudoers> file. If an alias is used " "before it is defined, B<visudo> will consider this a parse error. Note that " "it is not possible to differentiate between an alias and a host name or user " "name that consists solely of uppercase letters, digits, and the underscore " "('_') character." msgstr "" "Active le contrôle B<strict> du fichier I<sudoers>. Si un alias est utilisé " "avant d'être défini, B<visudo> considèrera ceci comme une erreur d'analyse " "syntaxique. Ã? noter qu'il n'est pas possible de faire la différence entre un " "alias et un nom d'hôte ou un nom d'utilisateur qui consiste exclusivement en " "des lettres majuscules, des chiffres et du caractère souligné (« _ »)." #. type: textblock #: C/visudo.pod:109 msgid "" "The B<-V> (version) option causes B<visudo> to print its version number and " "exit." msgstr "" "L'option B<-V> (version) fait que B<visudo> affiche son numéro de version et " "quitte." #. type: textblock #: C/visudo.pod:116 msgid "" "The following environment variables may be consulted depending on the value " "of the I<editor> and I<env_editor> I<sudoers> variables:" msgstr "" "Les variables d'environnement suivantes peuvent être consultés selon la " "valeur des variables I<editor> et I<env_editor> de I<sudoers> :" #. type: textblock #: C/visudo.pod:123 msgid "Invoked by visudo as the editor to use" msgstr "Invoqué par visudo pour déterminer l'éditeur à utiliser" #. type: textblock #: C/visudo.pod:127 msgid "Used by visudo if VISUAL is not set" msgstr "Utilisé par visudo si VISUAL n'est pas défini" #. type: =item #: C/visudo.pod:139 msgid "F<@sysconfdir@/sudoers.tmp>" msgstr "F<@sysconfdir@/sudoers.tmp>" #. type: textblock #: C/visudo.pod:141 msgid "Lock file for visudo" msgstr "Fichier verrou pour visudo" #. type: =head1 #: C/visudo.pod:145 msgid "DIAGNOSTICS" msgstr "DIAGNOSTICS" #. type: =item #: C/visudo.pod:149 msgid "sudoers file busy, try again later." msgstr "sudoers file busy, try again later." #. type: textblock #: C/visudo.pod:151 msgid "Someone else is currently editing the I<sudoers> file." msgstr "" "« Le fichier sudoers est occupé, essayez plus tard. » - Quelqu'un d'autre " "est actuellement en train d'éditer le fichier I<sudoers>." #. type: =item #: C/visudo.pod:153 msgid "@sysconfdir@/sudoers.tmp: Permission denied" msgstr "« @sysconfdir@/sudoers.tmp: Permission denied »" #. type: textblock #: C/visudo.pod:155 msgid "You didn't run B<visudo> as root." msgstr "" "« Permission non accordée. » - Vous n'avez pas exécuté B<visudo> en tant que " "superutilisateur." #. type: =item #: C/visudo.pod:157 msgid "Can't find you in the passwd database" msgstr "« Can't find you in the passwd database »" #. type: textblock #: C/visudo.pod:159 msgid "Your userid does not appear in the system passwd file." msgstr "" "« Impossible de vous trouver dans la base de données des mots de passe » - " "Votre identifiant utilisateur n'apparait pas dans le fichier système " "contenant les mots de passe." #. type: =item #: C/visudo.pod:161 msgid "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" msgstr "« Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined »" #. type: textblock #: C/visudo.pod:163 msgid "" "Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias or " "you have a user or host name listed that consists solely of uppercase " "letters, digits, and the underscore ('_') character. In the latter case, " "you can ignore the warnings (B<sudo> will not complain). In B<-s> (strict) " "mode these are errors, not warnings." msgstr "" "« Avertissement : {User,Runas,Host,Cmnd}_Alias référencé mais non défini ». " "- Soit vous essayez d'utiliser un « {User,Runas,Host,Cmnd}_Alias » non " "déclaré, soit vous avez un utilisateur ou un nom d'hôte listé qui consiste " "exclusivement en des lettres majuscules, des chiffres, et le caractère " "souligné « _ ». Dans ce dernier cas, vous pouvez ignorer les avertissements " "(B<sudo> ne se plaindra pas). Dans le mode B<-s> (strict), ces cas seront " "considérés comme des erreurs et non comme des avertissements." #. type: =item #: C/visudo.pod:169 msgid "Warning: unused {User,Runas,Host,Cmnd}_Alias" msgstr "« Warning: unused {User,Runas,Host,Cmnd}_Alias »" #. type: textblock #: C/visudo.pod:171 msgid "" "The specified {User,Runas,Host,Cmnd}_Alias was defined but never used. You " "may wish to comment out or remove the unused alias. In B<-s> (strict) mode " "this is an error, not a warning." msgstr "" "« Avertissement : {User,Runas,Host,Cmnd}_Alias non utilisé » - Le « {User," "Runas,Host,Cmnd}_Alias » a été défini mais n'est jamais utilisé. Vous pouvez " "souhaiter commenter ou supprimer l'alias non utilisé. Dans le mode B<-s> " "(strict), il s'agit d'une erreur et non d'un avertissement." #. type: =item #: C/visudo.pod:175 #, fuzzy #| msgid "Warning: unused {User,Runas,Host,Cmnd}_Alias" msgid "Warning: cycle in {User,Runas,Host,Cmnd}_Alias" msgstr "« Warning: unused {User,Runas,Host,Cmnd}_Alias »" #. type: textblock #: C/visudo.pod:177 msgid "" "The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, " "either directly or through an alias it includes. This is only a warning by " "default as B<sudo> will ignore cycles when parsing the I<sudoers> file." msgstr "" #. type: textblock #: C/visudo.pod:186 msgid "L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>" msgstr "L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>" #. type: textblock #: C/visudo.pod:190 msgid "" "Many people have worked on B<sudo> over the years; this version of B<visudo> " "was written by:" msgstr "" "Plusieurs personnes ont travaillé sur B<sudo> durant des années ; cette " "version de B<visudo> a été écrite par :" #. type: verbatim #: C/visudo.pod:193 #, no-wrap msgid "" " Todd Miller\n" "\n" msgstr "" " Todd Miller\n" "\n" #. type: textblock #: C/visudo.pod:201 msgid "" "There is no easy way to prevent a user from gaining a root shell if the " "editor used by B<visudo> allows shell escapes." msgstr "" "Il n'y a pas de manière facile d'empêcher un utilisateur d'obtenir " "interpréteur de commande superutilisateur si l'éditeur utilisé par B<visudo> " "autorise les échappements de l'interpréteur." #. type: textblock #: C/visudo.pod:206 msgid "" "If you feel you have found a bug in B<visudo>, please submit a bug report at " "http://www.sudo.ws/sudo/bugs/" msgstr "" "Si vous avez l'impression d'avoir trouvé un boque dans B<visudo>, merci de " "soumettre un rapport de bogue à l'adresse http://www.sudo.ws/sudo/bugs/" #. type: textblock #: C/visudo.pod:217 msgid "" "B<visudo> is provided ``AS IS'' and any express or implied warranties, " "including, but not limited to, the implied warranties of merchantability and " "fitness for a particular purpose are disclaimed. See the LICENSE file " "distributed with B<sudo> or http://www.sudo.ws/sudo/license.html for " "complete details." msgstr "" "B<visudo> est fourni « EN L'Ã?TAT » et sans aucune garantie de quelque nature " "que ce soit expresse ou implicite, y compris, mais sans y être limité les " "garanties d'aptitude à la vente ou à un but particulier. Voir le fichier " "LICENSE distribué avec B<sudo> ou http://www.sudo.ws/sudo/license.html pour " "les détails complets." #~ msgid "" #~ "See the HISTORY file in the sudo distribution or visit http://www.sudo.ws/" #~ "sudo/history.html for more details." #~ msgstr "" #~ "Consultez le fichier HISTORY dans la distribution sudo ou visitez http://" #~ "www.sudo.ws/sudo/history.html pour plus de détails." #~ msgid "" #~ "B<sudo> allows a permitted user to execute a I<command> as the superuser " #~ "or another user, as specified in the I<sudoers> file. The real and " #~ "effective uid and gid are set to match those of the target user as " #~ "specified in the passwd file and the group vector is initialized based on " #~ "the group file (unless the B<-P> option was specified). If the invoking " #~ "user is root or if the target user is the same as the invoking user, no " #~ "password is required. Otherwise, B<sudo> requires that users " #~ "authenticate themselves with a password by default (NOTE: in the default " #~ "configuration this is the user's password, not the root password). Once " #~ "a user has been authenticated, a time stamp is updated and the user may " #~ "then use sudo without a password for a short period of time (C<@timeout@> " #~ "minutes unless overridden in I<sudoers>)." #~ msgstr "" #~ "B<sudo> permet à un utilisateur autorisé d'exécuter une I<commande> en " #~ "tant que superutilisateur ou bien un autre utilisateur comme spécifié " #~ "dans le fichier I<sudoers>.Les réels et effectifs uid et gid sont " #~ "déclarés afin de correspondre à ceux de l'utilisateur cible tels que " #~ "spécifiés dans le fichier de mot de passe et le vecteur de groupe est " #~ "initialisé selon le fichier groupe. (Ã? moins que l'option B<-P> ne soit " #~ "spécifiée). Si l'utilisateur invoqué est le super utilisateur ou si " #~ "l'utilisateur cible est le même que l'utilisateur appelant, aucun mot de " #~ "passe n'est requis. Autrement, B<sudo> exige que ces utilisateurs " #~ "s'authentifient avec un mot de passe par défaut (remarque : Dans la " #~ "configuration par défaut, il s'agit du mot de passe de l'utilisateur et " #~ "non celui du super utilisateur). Dès que l'utilisateur a été authentifié, " #~ "un horodatage est mis à jour et l'utilisateur peut alors utiliser sudo " #~ "sans un mot de passe pour une courte période (C<@timeout@> minutes si non " #~ "surchargé dans I<sudoers>)." #~ msgid "" #~ "The B<-E> (I<preserve> I<environment>) option will override the " #~ "I<env_reset> option in L<sudoers(5)>). It is only available when either " #~ "the matching command has the C<SETENV> tag or the I<setenv> option is set " #~ "in L<sudoers(5)>." #~ msgstr "" #~ "L'option B<-E> (I<préserver> I<environnement>)) surchargera l'option " #~ "I<env_reset> dans L<sudoers(5)>. Ceci est uniquement disponible lorsque " #~ "la commande correspondante a soit le descripteur C<SETENV> ou l'option " #~ "I<setenv> est définie dans L<sudoers(5)>." #~ msgid "" #~ "The B<-H> (I<HOME>) option sets the C<HOME> environment variable to the " #~ "homedir of the target user (root by default) as specified in passwd(5). " #~ "The default handling of the C<HOME> environment variable depends on " #~ "L<sudoers(5)> settings. By default, B<sudo> will set C<HOME> if " #~ "I<env_reset> or I<always_set_home> are set, or if I<set_home> is set and " #~ "the B<-s> option is specified on the command line." #~ msgstr "" #~ "L'option B<-H> (« I<HOME> » pour accueil >) définit la variable " #~ "d'environnement C<HOME> avec le répertoire d'accueil de l'utilisateur " #~ "cible (le superutilisateur par défaut) comme défini dans passwd(5). La " #~ "façon par défaut de traiter la variable d'environnement C<HOME> dépend du " #~ "paramétrage de L<sudoers(5)>. Par défaut, B<sudo> définira C<HOME> si " #~ "I<env_reset> or I<always_set_home> sont définis, ou bien si I<set_home> " #~ "est défini et que l'option B<-s> est définie sur la ligne de commande." #~ msgid "-k" #~ msgstr "-k" #~ msgid "-L" #~ msgstr "-L" #~ msgid "" #~ "The B<-L> (I<list> defaults) option will list the parameters that may be " #~ "set in a I<Defaults> line along with a short description for each. This " #~ "option will be removed from a future version of B<sudo>." #~ msgstr "" #~ "L'option B<-L> (I<lister> « Defaults ») listera tous les paramètres " #~ "pouvant être définis dans une ligne I<Defaults> avec une petite " #~ "description pour chaque. Cette option sera supprimée dans une future " #~ "version de B<sudo>." #~ msgid "" #~ "expanded to the local host name including the domain name (on if the " #~ "machine's host name is fully qualified or the I<fqdn> I<sudoers> option " #~ "is set)" #~ msgstr "" #~ "élargi jusqu'au nom d' hôte local incluant le nom de domaine (uniquement " #~ "si le nom d'hôte de la machine est pleinement qualifié ou si l'option " #~ "I<fqdn> de I<sudoers> est définie)" #~ msgid "B<sudo> utilizes the following environment variables:" #~ msgstr "B<<sudo> utilise les variables d'environnement suivantes :" #~ msgid "Set to a sane value if the I<secure_path> sudoers option is set." #~ msgstr "" #~ "Défini avec une valeur sécurisée si l'option sudoers I<secure_path> est " #~ "définie." #~ msgid "-l" #~ msgstr "-l"
Attachment:
signature.asc
Description: OpenPGP digital signature