--- /dev/null
+=cut
+Copyright (c) 1994-1996,1998-2003 Todd C. Miller <Todd.Miller@courtesan.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. The name of the author may not be used to endorse or promote products
+ derived from this software without specific prior written permission
+ from the author.
+
+4. Products derived from this software may not be called "Sudo" nor
+ may "Sudo" appear in their names without specific prior written
+ permission from the author.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Sponsored in part by the Defense Advanced Research Projects
+Agency (DARPA) and Air Force Research Laboratory, Air Force
+Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+$Sudo: sudoers.pod,v 1.68 2003/03/15 20:31:02 millert Exp $
+=pod
+
+=begin JM-copyright
+
+Japanese Version Copyright (c) 2000-2004 Yuichi SATO
+ all rights reserved.
+Translated Sat Oct 14 19:24:27 JST 2000
+ by Yuichi SATO <ysato444@yahoo.co.jp>
+Updated & Modified Tue Nov 19 02:21:57 JST 2002 by Yuichi SATO
+Updated & Modified Fri Apr 16 07:45:02 JST 2004 by Yuichi SATO
+
+=end JM-copyright
+
+=begin JM-word
+
+WORD: Backus Naur Form ¥Ð¥Ã¥«¥¹¡¦¥Ê¥¦¥¢µË¡
+WORD: definition ÄêµÁ
+WORD: production rule À¸À®µ¬Â§
+WORD: symbol ¥·¥ó¥Ü¥ë
+WORD: alias ¥¨¥¤¥ê¥¢¥¹
+WORD: parentheses ³ç¸Ì
+WORD: boolean ¿¿µ¶ÃÍ
+WORD: pound sign ¥·¥ã¡¼¥×µ¹æ
+WORD: reserved word ͽÌó¸ì
+WORD: exclamation point ´¶Ã²Éä
+WORD: priority Í¥ÀèÅÙ
+WORD: facility µ¡Ç½Ê¬Îà
+
+=end JM-word
+
+=head1 NAME
+
+=begin JM-comment
+
+sudoers - list of which users may execute what
+
+=end JM-comment
+
+sudoers - ¤É¤Î¥æ¡¼¥¶¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥È
+
+=head1 DESCRIPTION
+
+=begin JM-comment
+
+The I<sudoers> file is composed of two types of entries:
+aliases (basically variables) and user specifications
+(which specify who may run what). The grammar of I<sudoers>
+will be described below in Extended Backus-Naur Form (EBNF).
+Don't despair if you don't know what EBNF is; it is fairly
+simple, and the definitions below are annotated.
+
+=end JM-comment
+
+I<sudoers> ¥Õ¥¡¥¤¥ë¤Ï¡¢2 ¤Ä¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤«¤é¹½À®¤µ¤ì¤ë¡£
+(´ðËÜŪ¤Ë¤ÏÊÑ¿ô¤Ç¤¢¤ë) ¥¨¥¤¥ê¥¢¥¹¤È
+(郎²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò»ØÄꤹ¤ë) ¥æ¡¼¥¶»ØÄê¤Ç¤¢¤ë¡£
+I<sudoers> ¤Îʸˡ¤ò¡¢ Extended Backus-Naur Form (EBNF)
+(³ÈÄ¥¥Ð¥Ã¥«¥¹¡¦¥Ê¥¦¥¢µË¡) ¤òÍѤ¤¤Æ°Ê²¼¤Ëµ½Ò¤¹¤ë¡£
+EBNF ¤òÃΤé¤Ê¤¯¤Æ¤âÄü¤á¤Ê¤¤¤Ç¤Û¤·¤¤¡£
+EBNF ¤Ï³ä¤Ë´Ê·é¤Ç¤¢¤ë¤·¡¢°Ê²¼¤ÎÄêµÁ¤Ë¤ÏÃí¼á¤ò¤Ä¤±¤Æ¤¢¤ë¡£
+
+=head2 Quick guide to EBNF
+
+=begin JM-comment
+
+EBNF is a concise and exact way of describing the grammar of a language.
+Each EBNF definition is made up of I<production rules>. E.g.,
+
+=end JM-comment
+
+EBNF ¤Ï¸À¸ì¤Îʸˡ¤òµ½Ò¤¹¤ë´Êñ¤Ç¸·Ì©¤ÊÊýË¡¤Ç¤¢¤ë¡£
+EBNF ¤Î³ÆÄêµÁ¤Ï¡¢I<À¸À®µ¬Â§>¤«¤é¤Ê¤Ã¤Æ¤¤¤ë¡£
+
+ symbol ::= definition | alternate1 | alternate2 ...
+
+=begin JM-comment
+
+Each I<production rule> references others and thus makes up a
+grammar for the language. EBNF also contains the following
+operators, which many readers will recognize from regular
+expressions. Do not, however, confuse them with "wildcard"
+characters, which have different meanings.
+
+=end JM-comment
+
+³ÆI<À¸À®µ¬Â§>¤Ï¾¤ÎÀ¸À®µ¬Â§¤ò»²¾È¤¹¤ë¡£
+¤³¤Î¤è¤¦¤Ë¤·¤Æ¸À¸ì¤Îʸˡ¤¬¤Ç¤¤¢¤¬¤ë¡£
+EBNF ¤Ï°Ê²¼¤Î¤è¤¦¤Ê¥ª¥Ú¥ì¡¼¥¿¤ò´Þ¤à¡£
+¤³¤ì¤Ï¿¤¯¤Î¿Í¤¬Àµµ¬É½¸½¤Ç¤ªÆëÀ÷¤ß¤À¤í¤¦¡£
+¤·¤«¤·¡¢¤³¤ì¤È¤Ï°Û¤Ê¤ë°ÕÌ£¤ò»ý¤Ã¤¿¡¢
+¡Ö¥ï¥¤¥ë¥É¥«¡¼¥É¡×ʸ»ú¤Èº®Æ±¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤
+(ÌõÃí: ¸å¼Ô¤Ï¥·¥§¥ë¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¥Ñ¥¿¡¼¥ó¤Î¤³¤È¤À¤í¤¦¡£
+B<regex>(7) ¤È B<glob>(7)
+¤ò»²¾È¤Î¤³¤È)¡£
+
+=over 8
+
+=item C<?>
+
+=begin JM-comment
+
+Means that the preceding symbol (or group of symbols) is optional.
+That is, it may appear once or not at all.
+
+=end JM-comment
+
+Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬
+¾Êά²Äǽ¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£
+¤Ä¤Þ¤ê¡¢¥·¥ó¥Ü¥ë¤¬ 1 ¸ÄÅо줹¤ë¤«¡¢¤¢¤ë¤¤¤ÏÁ´Á³Åо줷¤Ê¤¤¤«¤Ç¤¢¤ë¡£
+
+=item C<*>
+
+=begin JM-comment
+
+Means that the preceding symbol (or group of symbols) may appear
+zero or more times.
+
+=end JM-comment
+
+Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 0 ¸Ä°Ê¾åÅо줹¤ë¡£
+
+=item C<+>
+
+=begin JM-comment
+
+Means that the preceding symbol (or group of symbols) may appear
+one or more times.
+
+=end JM-comment
+
+Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 1 ¸Ä°Ê¾åÅо줹¤ë¡£
+
+=back
+
+=begin JM-comment
+
+Parentheses may be used to group symbols together. For clarity,
+we will use single quotes ('') to designate what is a verbatim character
+string (as opposed to a symbol name).
+
+=end JM-comment
+
+³ç¸Ì¤ò»È¤¦¤È¥·¥ó¥Ü¥ë¤ò¥°¥ë¡¼¥×¤Ë¤Þ¤È¤á¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+°Ê¹ß¤ÎÎã¤Ç¤Ï¡¢(¥·¥ó¥Ü¥ë̾¤Ç¤Ï¤Ê¤¤) ʸ»úÄ̤ê¤Îʸ»úÎó¤Ï
+¥·¥ó¥°¥ë¥¯¥ª¡¼¥È ('') ¤ò»ÈÍѤ·¤ÆÌÀ¼¨¤¹¤ë¡£
+
+=head2 Aliases
+
+=begin JM-comment
+
+There are four kinds of aliases: C<User_Alias>, C<Runas_Alias>,
+C<Host_Alias> and C<Cmnd_Alias>.
+
+=end JM-comment
+
+C<User_Alias>, C<Runas_Alias>,
+C<Host_Alias>, C<Cmnd_Alias>
+¤È¤¤¤¦ 4 ¼ïÎà¤Î¥¨¥¤¥ê¥¢¥¹¤¬¤¢¤ë¡£
+
+ Alias ::= 'User_Alias' User_Alias (':' User_Alias)* |
+ 'Runas_Alias' Runas_Alias (':' Runas_Alias)* |
+ 'Host_Alias' Host_Alias (':' Host_Alias)* |
+ 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)*
+
+ User_Alias ::= NAME '=' User_List
+
+ Runas_Alias ::= NAME '=' Runas_List
+
+ Host_Alias ::= NAME '=' Host_List
+
+ Cmnd_Alias ::= NAME '=' Cmnd_List
+
+ NAME ::= [A-Z]([A-Z][0-9]_)*
+
+=begin JM-comment
+
+Each I<alias> definition is of the form
+
+=end JM-comment
+
+³ÆI<¥¨¥¤¥ê¥¢¥¹>ÄêµÁ¤Ï¡¢¼¡¤Î·Á¼°¤ò¤È¤ë¡£
+
+ Alias_Type NAME = item1, item2, ...
+
+=begin JM-comment
+
+where I<Alias_Type> is one of C<User_Alias>, C<Runas_Alias>, C<Host_Alias>,
+or C<Cmnd_Alias>. A C<NAME> is a string of uppercase letters, numbers,
+and underscore characters ('_'). A C<NAME> B<must> start with an
+uppercase letter. It is possible to put several alias definitions
+of the same type on a single line, joined by a colon (':'). E.g.,
+
+=end JM-comment
+
+¤³¤³¤Ç I<Alias_Type> ¤Ï¡¢ C<User_Alias>,
+C<Runas_Alias>, C<Host_Alias>,
+C<Cmnd_Alias> ¤Î¤¦¤Á¤Î 1 ¤Ä¤Ç¤¢¤ë¡£
+C<NAME> ¤Ï¡¢Âçʸ»ú¡¦¿ô»ú¡¦
+¥¢¥ó¥À¡¼¥¹¥³¥¢Ê¸»ú ('_') ¤«¤é¹½À®¤µ¤ì¤ëʸ»úÎó¤Ç¤¢¤ë¡£
+C<NAME> ¤ÏÂçʸ»ú¤«¤é»Ï¤Þ¤Ã¤Æ¤¤¤Ê¤±¤ì¤ÐB<¤Ê¤é¤Ê¤¤>¡£
+¥³¥í¥ó (':') ¤Ç¤Ä¤Ê¤²¤ì¤Ð¡¢
+Ʊ°ì¥¿¥¤¥×¤ÎÊ£¿ô¤Î¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤ò 1 ¹Ô¤ËÃÖ¤¯¤³¤È¤¬¤Ç¤¤ë¡£
+Îã¤òµó¤²¤ë¡£
+
+ Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
+
+=begin JM-comment
+
+The definitions of what constitutes a valid I<alias> member follow.
+
+=end JM-comment
+
+³¤±¤Æ¡¢Í¸ú¤ÊI<¥¨¥¤¥ê¥¢¥¹>¥á¥ó¥Ð¤ò¹½À®¤¹¤ëÍ×ÁǤÎÄêµÁ¤òµ½Ò¤¹¤ë¡£
+
+ User_List ::= User |
+ User ',' User_List
+
+ User ::= '!'* username |
+ '!'* '%'group |
+ '!'* '+'netgroup |
+ '!'* User_Alias
+
+=begin JM-comment
+
+A C<User_List> is made up of one or more usernames, uids
+(prefixed with '#'), System groups (prefixed with '%'),
+netgroups (prefixed with '+') and other aliases. Each list
+item may be prefixed with one or more '!' operators. An odd number
+of '!' operators negate the value of the item; an even number
+just cancel each other out.
+
+=end JM-comment
+
+C<User_List> ¤Ë¤Ï¡¢¥æ¡¼¥¶Ì¾¡¦¥æ¡¼¥¶ ID ('#' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦
+¥·¥¹¥Æ¥à¥°¥ë¡¼¥× ('%' ¤òÁ°¤ËÉÕ¤±¤ë) ¡¦
+¥Í¥Ã¥È¥°¥ë¡¼¥× ('+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦
+Ê̤Υ¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£
+¥ê¥¹¥È¤Î³Æ¥¢¥¤¥Æ¥à¤ÎÁ°¤Ë¤Ï¡¢1 ¸Ä°Ê¾å¤Î '!' ¥ª¥Ú¥ì¡¼¥¿¤òÃÖ¤¤¤Æ¤â¤è¤¤¡£
+´ñ¿ô¸Ä¤Î '!' ¥ª¥Ú¥ì¡¼¥¿¤Ï¥¢¥¤¥Æ¥à¤ÎÃͤò̵¸ú¤Ë¤¹¤ë¡£
+¶ö¿ô¸Ä¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¡¢¸ß¤¤¤ËÁ껦¤µ¤ì¤ë¤À¤±¤Ç¤¢¤ë¡£
+
+ Runas_List ::= Runas_User |
+ Runas_User ',' Runas_List
+
+ Runas_User ::= '!'* username |
+ '!'* '#'uid |
+ '!'* '%'group |
+ '!'* +netgroup |
+ '!'* Runas_Alias
+
+=begin JM-comment
+
+A C<Runas_List> is similar to a C<User_List> except that it can
+also contain uids (prefixed with '#') and instead of C<User_Alias>es
+it can contain C<Runas_Alias>es.
+
+=end JM-comment
+
+C<Runas_List> ¤Ï C<User_List> ¤È»÷¤Æ¤¤¤ë¤¬¡¢
+('#' ¤òÁ°¤ËÉÕ¤±¤¿) uid ¤ò´Þ¤á¤ë¤³¤È¤â¤Ç¤¤ë¡£
+¤Þ¤¿ C<User_Alias> ¤Ç¤Ï¤Ê¤¯¡¢
+C<Runas_Alias> ¤ò´Þ¤á¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+
+ Host_List ::= Host |
+ Host ',' Host_List
+
+ Host ::= '!'* hostname |
+ '!'* ip_addr |
+ '!'* network(/netmask)? |
+ '!'* '+'netgroup |
+ '!'* Host_Alias
+
+=begin JM-comment
+
+A C<Host_List> is made up of one or more hostnames, IP addresses,
+network numbers, netgroups (prefixed with '+') and other aliases.
+Again, the value of an item may be negated with the '!' operator.
+If you do not specify a netmask with a network number, the netmask
+of the host's ethernet interface(s) will be used when matching.
+The netmask may be specified either in dotted quad notation (e.g.
+255.255.255.0) or CIDR notation (number of bits, e.g. 24). A hostname
+may include shell-style wildcards (see `Wildcards' section below),
+but unless the C<hostname> command on your machine returns the fully
+qualified hostname, you'll need to use the I<fqdn> option for wildcards
+to be useful.
+
+=end JM-comment
+
+C<Host_List> ¤Ë¤Ï¡¢¥Û¥¹¥È̾¡¦IP ¥¢¥É¥ì¥¹¡¦
+¥Í¥Ã¥È¥ï¡¼¥¯Èֹ桦¥Í¥Ã¥È¥°¥ë¡¼¥× ('+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦
+¤½¤Î¾¤Î¥¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£
+¤³¤³¤Ç¤â¡¢¥¢¥¤¥Æ¥à¤ÎÃÍ¤Ï '!' ¥ª¥Ú¥ì¡¼¥¿¤Ë¤è¤Ã¤Æ̵¸ú¤Ë¤µ¤ì¤ë¡£
+¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¤Ë¥Í¥Ã¥È¥Þ¥¹¥¯¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢
+¥Û¥¹¥È¤Î¥¤¡¼¥µ¥Í¥Ã¥È¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬
+¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë»È¤ï¤ì¤ë¡£
+¥Í¥Ã¥È¥Þ¥¹¥¯¤Ï¡¢¥É¥Ã¥È¤Ç 4 ¤Ä¤Ë¶èÀڤä¿É½µ (Î㤨¤Ð 255.255.255.0) ¤È
+CIDR ɽµ (¥Ó¥Ã¥È¤Î¿ô¡¢Î㤨¤Ð 24) ¤Î¤É¤Á¤é¤Ç»ØÄꤷ¤Æ¤â¤è¤¤¡£
+¥Û¥¹¥È̾¤Ë¤Ï¡¢¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É
+(°Ê²¼¤Î¡Ö¥ï¥¤¥ë¥É¥«¡¼¥É¡×¤Î¥»¥¯¥·¥ç¥ó¤ò»²¾È) ¤ò»È¤Ã¤Æ¤â¤è¤¤¡£
+¤¿¤À¤·¡¢·×»»µ¡¤Î C<hostname> ¥³¥Þ¥ó¥É¤¬
+´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¥Û¥¹¥È̾¤òÊÖ¤µ¤Ê¤¤¾ì¹ç¤Ë
+¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¨¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+I<fqdn> ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¤À¤í¤¦¡£
+
+ Cmnd_List ::= Cmnd |
+ Cmnd ',' Cmnd_List
+
+ commandname ::= filename |
+ filename args |
+ filename '""'
+
+ Cmnd ::= '!'* commandname |
+ '!'* directory |
+ '!'* Cmnd_Alias
+
+=begin JM-comment
+
+A C<Cmnd_List> is a list of one or more commandnames, directories, and other
+aliases. A commandname is a fully qualified filename which may include
+shell-style wildcards (see `Wildcards' section below). A simple
+filename allows the user to run the command with any arguments he/she
+wishes. However, you may also specify command line arguments (including
+wildcards). Alternately, you can specify C<""> to indicate that the command
+may only be run B<without> command line arguments. A directory is a
+fully qualified pathname ending in a '/'. When you specify a directory
+in a C<Cmnd_List>, the user will be able to run any file within that directory
+(but not in any subdirectories therein).
+
+=end JM-comment
+
+C<Cmnd_List> ¤Ï¡¢¥³¥Þ¥ó¥É̾¡¦¥Ç¥£¥ì¥¯¥È¥ê¡¦Ê̤Υ¨¥¤¥ê¥¢¥¹¡¢¤¬
+1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¥ê¥¹¥È¤Ç¤¢¤ë¡£
+¥³¥Þ¥ó¥É̾¤Ï´°Á´¤Ê¥Õ¥¡¥¤¥ë̾¤Ç¡¢¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É
+(°Ê²¼¤Î¡Ö¥ï¥¤¥ë¥É¥«¡¼¥É¡×¥»¥¯¥·¥ç¥ó¤ò»²¾È) ¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£
+ñ¤Ê¤ë¥Õ¥¡¥¤¥ë̾¤Ë¤¹¤ë¤È¡¢Ë¾¤ß¤Î°ú¤¿ô¤È¤È¤â¤Ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+¤·¤«¤·¡¢¤µ¤é¤Ë (¥ï¥¤¥ë¥É¥«¡¼¥É¤ò¤â´Þ¤à)
+¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ò»ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë¡£
+È¿ÂФˡ¢¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ôB<¤Ê¤·>¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤µ¤»¤ë¤Ë¤Ï¡¢
+C<""> ¤ò»ØÄꤹ¤ì¤ÐÎɤ¤¡£
+¥Ç¥£¥ì¥¯¥È¥ê¤Ï '/' ¤Ç½ª¤ï¤ë´°Á´¤Ê¥Ñ¥¹Ì¾¤Ç¤¢¤ë¡£
+C<Cmnd_List> ¤Ç¥Ç¥£¥ì¥¯¥È¥ê¤ò»ØÄꤹ¤ë¤È¡¢
+¥æ¡¼¥¶¤Ï¤½¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ëÁ´¤Æ¤Î¥Õ¥¡¥¤¥ë¤ò¼Â¹Ô¤Ç¤¤ë
+(¤·¤«¤·¡¢¤½¤Î¥µ¥Ö¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë¤Ï¼Â¹Ô¤Ç¤¤Ê¤¤)¡£
+
+=begin JM-comment
+
+If a C<Cmnd> has associated command line arguments, then the arguments
+in the C<Cmnd> must match exactly those given by the user on the command line
+(or match the wildcards if there are any). Note that the following
+characters must be escaped with a '\' if they are used in command
+arguments: ',', ':', '=', '\'.
+
+=end JM-comment
+
+C<Cmnd> ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È´ØÏ¢¤Å¤±¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
+C<Cmnd> ¤ÎÃæ¤Î°ú¤¿ô¤Ï¡¢
+¥æ¡¼¥¶¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄꤷ¤¿°ú¤¿ô¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤
+(¥ï¥¤¥ë¥É¥«¡¼¥É¤¬¤¢¤Ã¤¿¾ì¹ç¤Ï¡¢¤½¤ì¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤)¡£
+',', ':', '=', '\' ¤È¤¤¤¦Ê¸»ú¤ò
+¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È¤·¤Æ»È¤¦¾ì¹ç¡¢
+'\' ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+
+=head2 Defaults
+
+=begin JM-comment
+
+Certain configuration options may be changed from their default
+values at runtime via one or more C<Default_Entry> lines. These
+may affect all users on any host, all users on a specific host, a
+specific user, or commands being run as a specific user. When
+multiple entries match, they are applied in order. Where there are
+conflicting values, the last value on a matching line takes effect.
+
+=end JM-comment
+
+¤¢¤ëÀßÄꥪ¥×¥·¥ç¥ó¤ÎÃͤò¡¢
+1 ¹Ô°Ê¾å¤Î C<Default_Entry> ¹Ô¤ò»È¤Ã¤Æ¡¢
+¥Ç¥Õ¥©¥ë¥È¤ÎÃͤ«¤éÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+¤³¤Î¹Ô¤¬¸ú²Ì¤ò»ý¤ÄÈϰϤϡ¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤¹¤ë¤³¤È¤â¡¢
+»ØÄꤷ¤¿¥Û¥¹¥È¾å¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤¹¤ë¤³¤È¤â¡¢
+»ØÄꤷ¤¿¥æ¡¼¥¶¤Ë¤¹¤ë¤³¤È¤â¡¢
+»ØÄꤷ¤¿¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¥³¥Þ¥ó¥É¤Ë¤¹¤ë¤³¤È¤â¤Ç¤¤ë¡£
+Ê£¿ô¤Î¥¨¥ó¥È¥ê¤¬¥Þ¥Ã¥Á¤¹¤ë¾ì¹ç¤Ï¡¢½çÈÖ¤ËŬÍѤµ¤ì¤ë¡£
+Ì·½â¤¹¤ëÃͤ¬¤¢¤ë¾ì¹ç¤Ï¡¢¥Þ¥Ã¥Á¤¹¤ë¹Ô¤ÎºÇ¸å¤ÎÃͤ¬¸ú²Ì¤ò»ý¤Ä¡£
+
+ Default_Type ::= 'Defaults' ||
+ 'Defaults' '@' Host ||
+ 'Defaults' ':' User ||
+ 'Defaults' '>' RunasUser
+
+ Default_Entry ::= Default_Type Parameter_List
+
+ Parameter ::= Parameter '=' Value ||
+ Parameter '+=' Value ||
+ Parameter '-=' Value ||
+ '!'* Parameter ||
+
+=begin JM-comment
+
+Parameters may be B<flags>, B<integer> values, B<strings>, or B<lists>.
+Flags are implicitly boolean and can be turned off via the '!'
+operator. Some integer, string and list parameters may also be
+used in a boolean context to disable them. Values may be enclosed
+in double quotes (C<">) when they contain multiple words. Special
+characters may be escaped with a backslash (C<\>).
+
+=end JM-comment
+
+Parameter ¤Ï B<¥Õ¥é¥°>¡¦B<À°¿ô>¡¦
+B<ʸ»úÎó>¡¦B<¥ê¥¹¥È>¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ë¡£
+¥Õ¥é¥°¤Ï¼Â¤Ï¿¿µ¶ÃͤǤ¢¤ê¡¢'!' ¥ª¥Ú¥ì¡¼¥¿¤Ç off ¤Ë¤Ç¤¤ë¡£
+À°¿ô¡¦Ê¸»úÎ󡦥ꥹ¥È¤Î¥Ñ¥é¥á¡¼¥¿¤Î¤Ê¤«¤Ë¤â¿¿µ¶ÃͤΰÕÌ£¤Ç»È¤¨¤ë¤â¤Î¤¬¤¢¤ê¡¢
+¤½¤ì¤é¤Ï̵¸ú¤Ë¤Ç¤¤ë¡£
+ÃͤËÊ£¿ô¤Î¥ï¡¼¥É¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ï¡¢
+¥À¥Ö¥ë¥¯¥ª¡¼¥È (C<">) ¤Ç°Ï¤Þ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+Æüìʸ»ú¤Ï¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å (C<\>) ¤Ç
+¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=begin JM-comment
+
+Lists have two additional assignment operators, C<+=> and C<-=>.
+These operators are used to add to and delete from a list respectively.
+It is not an error to use the C<-=> operator to remove an element
+that does not exist in a list.
+
+=end JM-comment
+
+¥ê¥¹¥È¤Ë¤Ï¤½¤Î¾¤Ë 2 ¤Ä¤ÎÂåÆþ¥ª¥Ú¥ì¡¼¥¿
+C<+=> ¤È C<-=> ¤¬¤¢¤ë¡£
+¤³¤ì¤é¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¤½¤ì¤¾¤ì¥ê¥¹¥È¤ÎÄɲäȺï½ü¤ò¹Ô¤¦¡£
+C<-=> ¥ª¥Ú¥ì¡¼¥¿¤ò»È¤Ã¤Æ
+¥ê¥¹¥È¤Ë¸ºß¤·¤Ê¤¤Í×ÁǤòºï½ü¤¹¤ë¤È¥¨¥é¡¼¤Ë¤Ê¤ë¡£
+
+=begin JM-comment
+
+Note that since the I<sudoers> file is parsed in order the best place
+to put the Defaults section is after the Host, User, and Cmnd aliases
+but before the user specifications.
+
+=end JM-comment
+
+I<sudoers> ¥Õ¥¡¥¤¥ë¤Ï½çÈ֤˲ò¼á¤µ¤ì¤ë¤¿¤á¡¢
+¥Ç¥Õ¥©¥ë¥È¥»¥¯¥·¥ç¥ó¤ÎÇÛÃÖ¾ì½ê¤Ï Host, User, Cmnd ¥¨¥¤¥ê¥¢¥¹¤è¤ê¸å¤Ç¡¢
+¤«¤Ä¥æ¡¼¥¶»ØÄê¤è¤êÁ°¤Ë¤¹¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+
+=begin JM-comment
+
+B<Flags>:
+
+=end JM-comment
+
+B<¥Õ¥é¥°>:
+
+=over 12
+
+=item long_otp_prompt
+
+=begin JM-comment
+
+When validating with a One Time Password scheme (B<S/Key> or B<OPIE>),
+a two-line prompt is used to make it easier to cut and paste the
+challenge to a local window. It's not as pretty as the default but
+some people find it more convenient. This flag is I<@long_otp_prompt@>
+by default.
+
+=end JM-comment
+
+(B<S/Key> ¤ä B<OPIE> ¤Ê¤É¤Î)
+¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë¤³¤Î¥ª¥×¥·¥ç¥ó¤¬Í¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢
+¥í¡¼¥«¥ë¤Ê¥¦¥¤¥ó¥É¥¦¤ËÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤ò
+´Êñ¤Ë¥«¥Ã¥È¡õ¥Ú¡¼¥¹¥È¤Ç¤¤ë¤è¤¦¤Ë¡¢2 ¹Ô¤Î¥×¥í¥ó¥×¥È¤¬»È¤ï¤ì¤ë¡£
+¤³¤ì¤ò¥Ç¥Õ¥©¥ë¥È¤Ë¤¹¤ë¤Î¤ÏÎɤ¯¤Ê¤¤¤¬¡¢ÊØÍø¤À¤È¸À¤¦¿Í¤â¤¤¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@long_otp_prompt@> ¤Ç¤¢¤ë¡£
+
+=item ignore_dot
+
+=begin JM-comment
+
+If set, B<sudo> will ignore '.' or '' (current dir) in the C<PATH>
+environment variable; the C<PATH> itself is not modified. This
+flag is I<@ignore_dot@> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢´Ä¶ÊÑ¿ô C<PATH> ¤Ë¤¢¤ë
+(¥«¥ì¥ó¥È¥Ç¥£¥ì¥¯¥È¥ê¤òɽ¤¹) '.' ¤È '' ¤¬Ìµ»ë¤µ¤ì¤ë¡£
+C<PATH> ¤½¤Î¤â¤Î¤ÏÊѹ¹¤µ¤ì¤Ê¤¤¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@ignore_dot@> ¤Ç¤¢¤ë¡£
+
+=item mail_always
+
+=begin JM-comment
+
+Send mail to the I<mailto> user every time a users runs B<sudo>.
+This flag is I<off> by default.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤¬ B<sudo> ¤ò¼Â¹Ô¤¹¤ëÅ٤ˡ¢I<mailto> ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item mail_badpass
+
+=begin JM-comment
+
+Send mail to the I<mailto> user if the user running sudo does not
+enter the correct password. This flag is I<off> by default.
+
+=end JM-comment
+
+sudo ¤ò¼Â¹Ô¤·¤¿¥æ¡¼¥¶¤¬Àµ¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤«¤Ã¤¿¾ì¹ç¡¢
+I<mailto> ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item mail_no_user
+
+=begin JM-comment
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user is not in the I<sudoers> file. This flag is I<@mail_no_user@>
+by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ I<sudoers> ¥Õ¥¡¥¤¥ë¤Ë¤Ê¤¤¾ì¹ç¡¢
+I<mailto> ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@mail_no_user@> ¤Ç¤¢¤ë¡£
+
+=item mail_no_host
+
+=begin JM-comment
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user exists in the I<sudoers> file, but is not allowed to run
+commands on the current host. This flag is I<@mail_no_host@> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ I<sudoers> ¥Õ¥¡¥¤¥ë¤Ë¸ºß¤¹¤ë¤¬¡¢
+¸½ºß¤Î¥Û¥¹¥È¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢
+I<mailto> ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@mail_no_host@> ¤Ç¤¢¤ë¡£
+
+=item mail_no_perms
+
+=begin JM-comment
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user is allowed to use B<sudo> but the command they are trying is not
+listed in their I<sudoers> file entry. This flag is I<@mail_no_perms@>
+by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+¥æ¡¼¥¶¤¬ B<sudo> ¤ò»È¤¦¤³¤È¤Ïµö²Ä¤µ¤ì¤Æ¤¤¤ë¤¬¡¢
+¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¥³¥Þ¥ó¥É¤¬ I<sudoers> ¥Õ¥¡¥¤¥ë¤Î¥¨¥ó¥È¥ê¤Ë¤Ê¤¤¾ì¹ç¡¢
+I<mailto> ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@mail_no_perms@> ¤Ç¤¢¤ë¡£
+
+=item tty_tickets
+
+=begin JM-comment
+
+If set, users must authenticate on a per-tty basis. Normally,
+B<sudo> uses a directory in the ticket dir with the same name as
+the user running it. With this flag enabled, B<sudo> will use a
+file named for the tty the user is logged in on in that directory.
+This flag is I<@tty_tickets@> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+¥æ¡¼¥¶¤Ï tty Ëè¤Ëǧ¾Ú¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+Ä̾B<sudo> ¤Ï¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë
+¼Â¹Ô¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤ÈƱ¤¸Ì¾Á°¤Î¥Ç¥£¥ì¥¯¥È¥ê¤ò»È¤¦¡£
+¤³¤Î¥Õ¥é¥°¤¬ on ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢B<sudo> ¤Ï
+¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë
+¥æ¡¼¥¶¤¬¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë tty ¤ËÂбþ¤·¤¿¥Õ¥¡¥¤¥ë̾¤ò»È¤¦¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@tty_tickets@> ¤Ç¤¢¤ë¡£
+
+=item lecture
+
+=begin JM-comment
+
+If set, a user will receive a short lecture the first time he/she
+runs B<sudo>. This flag is I<@lecture@> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+½é¤á¤Æ B<sudo> ¤ò¼Â¹Ô¤·¤¿¤È¤¡¢¥æ¡¼¥¶¤Ïû¤¤¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¼è¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@lecture@> ¤Ç¤¢¤ë¡£
+
+=item authenticate
+
+=begin JM-comment
+
+If set, users must authenticate themselves via a password (or other
+means of authentication) before they may run commands. This default
+may be overridden via the C<PASSWD> and C<NOPASSWD> tags.
+This flag is I<on> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É (¤â¤·¤¯¤Ï¡¢Ê̤Îǧ¾ÚÊýË¡) ¤Ç¼«Ê¬¼«¿È¤ËÂФ·¤Æ
+ǧ¾Ú¤ò¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+¤³¤Î¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï C<PASSWD> ¥¿¥°¤È
+C<NOPASSWD> ¥¿¥°¤ò»È¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<on> ¤Ç¤¢¤ë¡£
+
+=item root_sudo
+
+=begin JM-comment
+
+If set, root is allowed to run B<sudo> too. Disabling this prevents users
+from "chaining" B<sudo> commands to get a root shell by doing something
+like C<"sudo sudo /bin/sh">.
+This flag is I<on> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢root ¤â B<sudo> ¤¬¼Â¹Ô¤Ç¤¤ë¡£
+¤³¤Î¥Õ¥é¥°¤ò off ¤Ë¤¹¤ë¤È¡¢
+¥æ¡¼¥¶¤¬ C<"sudo sudo /bin/sh"> ¤Î¤è¤¦¤Ê
+¡ÖÏ¢º¿¤·¤¿¡×B<sudo> ¥³¥Þ¥ó¥É¤Ë¤è¤Ã¤Æ¡¢
+root ¤Î¥·¥§¥ë¤òÆþ¼ê¤·¤è¤¦¤È¤¹¤ë¤³¤È¤¬ËɻߤǤ¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<on> ¤Ç¤¢¤ë¡£
+
+=item log_host
+
+=begin JM-comment
+
+If set, the hostname will be logged in the (non-syslog) B<sudo> log file.
+This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+¥Û¥¹¥È̾¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) B<sudo> ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item log_year
+
+=begin JM-comment
+
+If set, the four-digit year will be logged in the (non-syslog) B<sudo> log file.
+This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+4 ·å¤Îǯ¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) B<sudo> ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item shell_noargs
+
+=begin JM-comment
+
+If set and B<sudo> is invoked with no arguments it acts as if the
+B<-s> flag had been given. That is, it runs a shell as root (the
+shell is determined by the C<SHELL> environment variable if it is
+set, falling back on the shell listed in the invoking user's
+/etc/passwd entry if not). This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë B<sudo> ¤¬°ú¤¿ô¤Ê¤·¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢
+B<-s> ¥Õ¥é¥°¤¬Í¿¤¨¤é¤ì¤¿¾ì¹ç¤ÈƱÍͤËÆ°ºî¤¹¤ë¡£
+¤Ä¤Þ¤ê¡¢sudo ¤Ï¥·¥§¥ë¤ò root ¤È¤·¤Æ¼Â¹Ô¤¹¤ë
+(´Ä¶ÊÑ¿ô C<SHELL> ¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
+¥·¥§¥ë¤Ï¤½¤Î´Ä¶ÊÑ¿ô¤Ç·èÄꤵ¤ì¤ë¡£
+ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢
+µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î /etc/passwd ¤Î¥¨¥ó¥È¥ê¤Ë¤¢¤ë¥·¥§¥ë¤ò»È¤¦)¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item set_home
+
+=begin JM-comment
+
+If set and B<sudo> is invoked with the B<-s> flag the C<HOME>
+environment variable will be set to the home directory of the target
+user (which is root unless the B<-u> option is used). This effectively
+makes the B<-s> flag imply B<-H>. This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë
+B<sudo> ¤¬ B<-s> ¥Õ¥é¥°¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢
+´Ä¶ÊÑ¿ô C<HOME> ¤¬Âоݥ桼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄꤵ¤ì¤ë
+(¤³¤Î¾ì¹ç¤ÎÂоݥ桼¥¶¤Ï¡¢B<-u> ¥ª¥×¥·¥ç¥ó¤Ç»ØÄꤵ¤ì¤Ê¤¤¸Â¤ê root ¤Ç¤¢¤ë)¡£
+¤³¤Î¥Õ¥é¥°¤Ï¡¢B<-s> ¥Õ¥é¥°¤¬»È¤ï¤ì¤¿¾ì¹ç¤Ë
+B<-H> ¤ò°ÅÌۤΤ¦¤Á¤Ë͸ú¤Ë¤¹¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item always_set_home
+
+=begin JM-comment
+
+If set, B<sudo> will set the C<HOME> environment variable to the home
+directory of the target user (which is root unless the B<-u> option is used).
+This effectively means that the B<-H> flag is always implied.
+This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï´Ä¶ÊÑ¿ô C<HOME> ¤ò
+Âоݥ桼¥¶ (B<-u> ¥ª¥×¥·¥ç¥ó¤ò»È¤ï¤Ê¤¤¸Â¤ê¤Ï root) ¤Î
+¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄꤹ¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï B<-H> ¤ò°ÅÌۤΤ¦¤Á¤Ë͸ú¤Ë¤¹¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item path_info
+
+=begin JM-comment
+
+Normally, B<sudo> will tell the user when a command could not be
+found in their C<PATH> environment variable. Some sites may wish
+to disable this as it could be used to gather information on the
+location of executables that the normal user does not have access
+to. The disadvantage is that if the executable is simply not in
+the user's C<PATH>, B<sudo> will tell the user that they are not
+allowed to run it, which can be confusing. This flag is I<off> by
+default.
+
+=end JM-comment
+
+Ä̾ï B<sudo> ¤Ï¥³¥Þ¥ó¥É¤¬ C<PATH>
+´Ä¶ÊÑ¿ô¤Ë¸«¤Ä¤«¤é¤Ê¤¤¾ì¹ç¥æ¡¼¥¶¤Ë¹ðÃΤ¹¤ë¡£
+Ä̾ï¤Î¥æ¡¼¥¶¤¬¡¢¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¤¼Â¹Ô¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤Ë´Ø¤¹¤ë
+¾ðÊó¤ò¼ý½¸¤Ç¤¤Ê¤¤¤è¤¦¤Ë¡¢
+¥µ¥¤¥È¤Ë¤è¤Ã¤Æ¤Ï¤³¤Î¹ðÃΤò¥æ¡¼¥¶¤Ë¹Ô¤ï¤Ê¤¤¤è¤¦¤Ë¤·¤¿¤¤¤³¤È¤¬¤¢¤ë¤«¤â¤·¤ì¤Ê¤¤¡£
+¤·¤«¤·¹ðÃΤò¹Ô¤ï¤Ê¤¤¤È¡¢
+ñ¤Ë¼Â¹Ô¥Õ¥¡¥¤¥ë¤¬¥æ¡¼¥¶¤Î C<PATH> ¤Ë¤Ê¤¤¤À¤±¤Î¾ì¹ç¤Ç¤â¡¢
+B<sudo> ¤Ï¥æ¡¼¥¶¤Ë¡Ö¼Â¹Ôµö²Ä¤¬¤Ê¤¤¡×¤ÈÅÁ¤¨¤Æ¤·¤Þ¤¤¡¢
+ʶ¤é¤ï¤·¤¯¤Ê¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item preserve_groups
+
+=begin JM-comment
+
+By default B<sudo> will initialize the group vector to the list of
+groups the target user is in. When I<preserve_groups> is set, the
+user's existing group vector is left unaltered. The real and
+effective group IDs, however, are still set to match the target
+user. This flag is I<off> by default.
+
+=end JM-comment
+
+¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢B<sudo> ¤Ï¥°¥ë¡¼¥×¥Ù¥¯¥È¥ë¤ò
+Âоݥ桼¥¶¤¬½ê°¤¹¤ë¥°¥ë¡¼¥×¤Î¥ê¥¹¥È¤Ç½é´ü²½¤¹¤ë¡£
+I<preserve_groups> ¤¬ÀßÄꤵ¤ì¤¿¾ì¹ç¡¢
+¥æ¡¼¥¶¤¬´û¤Ë»ý¤Ã¤Æ¤¤¤ë¥°¥ë¡¼¥×¥Ù¥¯¥È¥ë¤ÏÊѹ¹¤µ¤ì¤Ê¤¤¡£
+¤À¤À¤·¼Â¥°¥ë¡¼¥× ID ¤È¼Â¸ú¥°¥ë¡¼¥× ID ¤Ï¡¢
+Âоݥ桼¥¶¤Ë¥Þ¥Ã¥Á¤¹¤ë¤è¤¦¤ËÀßÄꤵ¤ì¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item fqdn
+
+=begin JM-comment
+
+Set this flag if you want to put fully qualified hostnames in the
+I<sudoers> file. I.e., instead of myhost you would use myhost.mydomain.edu.
+You may still use the short form if you wish (and even mix the two).
+Beware that turning on I<fqdn> requires B<sudo> to make DNS lookups
+which may make B<sudo> unusable if DNS stops working (for example
+if the machine is not plugged into the network). Also note that
+you must use the host's official name as DNS knows it. That is,
+you may not use a host alias (C<CNAME> entry) due to performance
+issues and the fact that there is no way to get all aliases from
+DNS. If your machine's hostname (as returned by the C<hostname>
+command) is already fully qualified you shouldn't need to set
+I<fqdn>. This flag is I<@fqdn@> by default.
+
+=end JM-comment
+
+I<sudoers> ¥Õ¥¡¥¤¥ë¤Ë´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¥Û¥¹¥È̾¤òÆþ¤ì¤¿¤¤¾ì¹ç¤Ï¡¢
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¡£
+¤¹¤Ê¤ï¤Á myhost ¤Ç¤Ï¤Ê¤¯ myhost.mydomain.edu ¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ç¤¢¤ë¡£
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤷ¤Æ¤â¡¢»È¤¤¤¿¤±¤ì¤Ðû¤¤·Á¼°¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë
+(û¤¤·Á¼°¤È´°Á´¤Ê·Á¼°¤òº®¤¼¤Æ»È¤¦¤³¤È¤â¤Ç¤¤ë)¡£
+I<fqdn> ¤ò on ¤Ë¤¹¤ë¤È¡¢B<sudo> ¤Ï
+DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤¬É¬ÍפˤʤëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤ò¤¹¤ë¤È¡¢
+DNS ¤¬²ÔƯ¤·¤Æ¤¤¤Ê¤¤¾ì¹ç
+(·×»»µ¡¤¬¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ê¤É¤Ë)
+B<sudo> ¤¬»ÈÍѤǤ¤Ê¤¯¤Ê¤ë¡£
+DNS ¤Ë¤¢¤ë¥Û¥¹¥È¤ÎÀµ¼°¤Ê̾Á°¤ò»È¤ï¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤Ë¤âÃí°Õ¤¹¤ë¤³¤È¡£
+¤Ä¤Þ¤ê¡¢¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤ÎÌäÂê¤È
+DNS ¤«¤éÁ´¤Æ¤Î¥¨¥¤¥ê¥¢¥¹¤ò¼èÆÀ¤Ç¤¤Ê¤¤¤È¤¤¤¦ÌäÂ꤫¤é¡¢
+¥Û¥¹¥È̾¤Î¥¨¥¤¥ê¥¢¥¹ (C<CNAME> ¥¨¥ó¥È¥ê) ¤ò»È¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£
+(C<hostname> ¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë) ·×»»µ¡¤Î¥Û¥¹¥È̾¤¬
+´û¤Ë¥É¥á¥¤¥ó̾ÉÕ¤¤Î´°Á´¤Ê¤â¤Î¤Ç¤¢¤ë¾ì¹ç¡¢
+I<fqdn> ¤òÀßÄꤹ¤ë¤Ù¤¤Ç¤Ï¤Ê¤¤¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@fqdn@> ¤Ç¤¢¤ë¡£
+
+=item insults
+
+=begin JM-comment
+
+If set, B<sudo> will insult users when they enter an incorrect
+password. This flag is I<@insults@> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï
+ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤¿¥æ¡¼¥¶¤òÉî¿«¤¹¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@insults@> ¤Ç¤¢¤ë¡£
+
+=item requiretty
+
+=begin JM-comment
+
+If set, B<sudo> will only run when the user is logged in to a real
+tty. This will disallow things like C<"rsh somehost sudo ls"> since
+rsh(1) does not allocate a tty. Because it is not possible to turn
+off echo when there is no tty present, some sites may with to set
+this flag to prevent a user from entering a visible password. This
+flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢
+¥æ¡¼¥¶¤¬ real tty ¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¤È¤¤Î¤ß B<sudo> ¤¬¼Â¹Ô¤Ç¤¤ë¡£
+rsh(1) ¤Ï tty ¤ò³ÎÊݤ·¤Ê¤¤¤Î¤Ç¡¢
+C<"rsh somehost sudo ls"> ¤È¤¤¤Ã¤¿¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¯¤Ê¤ë¡£
+tty ¤¬¤Ê¤¤¤È¥¨¥³¡¼¤¬¾Ã¤»¤Ê¤¤¤Î¤Ç¡¢
+ÆþÎÏ»þ¤Ë¥Ñ¥¹¥ï¡¼¥É¤¬¸½¤ì¤Æ¤·¤Þ¤¦¤Î¤òËɻߤ¹¤ë¤¿¤á¤Ë¡¢
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤷ¤¿¤¤¤È»×¤¦¥µ¥¤¥È¤â¤¢¤ë¤À¤í¤¦¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item env_editor
+
+=begin JM-comment
+
+If set, B<visudo> will use the value of the EDITOR or VISUAL
+environment variables before falling back on the default editor list.
+Note that this may create a security hole as it allows the user to
+run any arbitrary command as root without logging. A safer alternative
+is to place a colon-separated list of editors in the C<editor>
+variable. B<visudo> will then only use the EDITOR or VISUAL if
+they match a value specified in C<editor>. This flag is C<@env_editor@> by
+default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<visudo> ¤Ï
+¥Ç¥Õ¥©¥ë¥È¤Î¥¨¥Ç¥£¥¿¥ê¥¹¥È¤ò»È¤¦Á°¤Ë¡¢
+´Ä¶ÊÑ¿ô EDITOR ¤È VISUAL ¤ÎÃͤò»È¤¦¡£
+¥æ¡¼¥¶¤Ï¥í¥°¤ËµÏ¿¤µ¤ì¤ë¤³¤È¤Ê¤¯
+Ǥ°Õ¤Î¥³¥Þ¥ó¥É¤ò root ¤È¤·¤Æ¼Â¹Ô¤Ç¤¤Æ¤·¤Þ¤¦¤Î¤Ç¡¢
+¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤òºî¤Ã¤Æ¤·¤Þ¤¦ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+°ÂÁ´¤ÊÂåÂذƤȤ·¤Æ¤Ï¡¢
+¥³¥í¥ó¤Ç¶èÀڤä¿¥¨¥Ç¥£¥¿¤Î¥ê¥¹¥È¤ò
+C<editor> ÊÑ¿ô¤ËÀßÄꤹ¤ë¤³¤È¤Ç¤¢¤ë¡£
+¤½¤¦¤¹¤ë¤ÈB<visudo> ¤Ï¡¢
+C<editor> ¤Ë»ØÄꤵ¤ì¤¿ÃͤË
+EDITOR ¤Þ¤¿¤Ï VISUAL ¤¬¥Þ¥Ã¥Á¤¹¤ë¤È¤¤Ë¤Î¤ß¡¢
+¤½¤Î´Ä¶ÊÑ¿ô¤ò»È¤¦¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<@env_editor@> ¤Ç¤¢¤ë¡£
+
+=item rootpw
+
+=begin JM-comment
+
+If set, B<sudo> will prompt for the root password instead of the password
+of the invoking user. This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï
+µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢
+root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ׵᤹¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item runaspw
+
+=begin JM-comment
+
+If set, B<sudo> will prompt for the password of the user defined by the
+I<runas_default> option (defaults to C<root>) instead of the password
+of the invoking user. This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï
+µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢
+I<runas_default> ¥ª¥×¥·¥ç¥ó¤ÇÄêµÁ¤µ¤ì¤¿¥æ¡¼¥¶
+(¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï C<root>) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ׵᤹¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item targetpw
+
+=begin JM-comment
+
+If set, B<sudo> will prompt for the password of the user specified by
+the B<-u> flag (defaults to C<root>) instead of the password of the
+invoking user. This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï
+µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢
+B<-u> ¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤¿¥æ¡¼¥¶
+(¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï C<root>) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ׵᤹¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=item set_logname
+
+=begin JM-comment
+
+Normally, B<sudo> will set the C<LOGNAME> and C<USER> environment variables
+to the name of the target user (usually root unless the B<-u> flag is given).
+However, since some programs (including the RCS revision control system)
+use C<LOGNAME> to determine the real identity of the user, it may be desirable
+to change this behavior. This can be done by negating the set_logname option.
+
+=end JM-comment
+
+Ä̾ï B<sudo> ¤Ï´Ä¶ÊÑ¿ô C<LOGNAME> ¤È
+C<USER> ¤òÂоݥ桼¥¶
+(B<-u> ¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤Ê¤¤¤±¤ì¤Ð¤Õ¤Ä¤¦¤Ï root) ¤Î̾Á°¤ËÀßÄꤹ¤ë¡£
+¤·¤«¤·¡¢¼ÂºÝ¤Î¥æ¡¼¥¶¤Î¼±Ê̤Ë
+C<LOGNAME> ¤ò»È¤¦¥×¥í¥°¥é¥à
+(RCS revision control system ¤Ê¤É¤¬´Þ¤Þ¤ì¤ë) ¤¬¤¢¤ë¤Î¤Ç¡¢
+¤³¤ÎµóÆ°¤òÊѹ¹¤·¤¿¤¤¤³¤È¤â¤¢¤ë¡£
+¤³¤ì¤Ë¤Ï set_logname ¥ª¥×¥·¥ç¥ó¤ò I<off> ¤Ë¤¹¤ì¤Ð¤è¤¤¡£
+
+=item stay_setuid
+
+=begin JM-comment
+
+Normally, when B<sudo> executes a command the real and effective
+UIDs are set to the target user (root by default). This option
+changes that behavior such that the real UID is left as the invoking
+user's UID. In other words, this makes B<sudo> act as a setuid
+wrapper. This can be useful on systems that disable some potentially
+dangerous functionality when a program is run setuid. Note, however,
+that this means that sudo will run with the real uid of the invoking
+user which may allow that user to kill B<sudo> before it can log a
+failure, depending on how your OS defines the interaction between
+signals and setuid processes.
+
+=end JM-comment
+
+Ä̾ï B<sudo> ¤¬¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¡¢
+¼Â UID ¤È¼Â¹Ô UID ¤ÏÂоݥ桼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ï root) ¤ËÀßÄꤵ¤ì¤ë¡£
+¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¼Â UID ¤ò
+µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î UID ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤è¤¦¤ËÆ°ºî¤òÊѹ¹¤¹¤ë¡£
+¸À¤¤´¹¤¨¤ë¤È¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï B<sudo> ¤ò setuid ¥é¥Ã¥Ñ¡¼¤È¤·¤Æ
+Æ°ºî¤µ¤»¤ë¤È¤¤¤¦¤³¤È¤Ç¤¢¤ë¡£
+¤³¤ì¤Ï¥×¥í¥°¥é¥à¤¬ setuid ¤µ¤ì¤Æ¼Â¹Ô¤µ¤ì¤ë¤È¤¤Î
+ÀøºßŪ¤Ë´í¸±¤Êµ¡Ç½¤ò̵¸ú¤Ë¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤ÇÌòΩ¤Ä¡£
+¤¿¤À¤· B<sudo> ¤Ïµ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¼Â UID ¤Ç¼Â¹Ô¤µ¤ì¤ë¤Î¤Ç¡¢
+OS ¤Ë¤ª¤±¤ë¥·¥°¥Ê¥ë¤È setuid ¥×¥í¥»¥¹¤ÎÁê¸ßºîÍѤÎÄêµÁ¤Ë¤è¤Ã¤Æ¤Ï¡¢
+B<sudo> ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¤¬ kill ¤Ç¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+
+=item env_reset
+
+=begin JM-comment
+
+If set, B<sudo> will reset the environment to only contain the
+following variables: C<HOME>, C<LOGNAME>, C<PATH>, C<SHELL>, C<TERM>,
+and C<USER> (in addition to the C<SUDO_*> variables).
+Of these, only C<TERM> is copied unaltered from the old environment.
+The other variables are set to default values (possibly modified
+by the value of the I<set_logname> option). If B<sudo> was compiled
+with the C<SECURE_PATH> option, its value will be used for the C<PATH>
+environment variable.
+Other variables may be preserved with the I<env_keep> option.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï°Ê²¼¤ÎÊÑ¿ô¤Î¤ß¤ò´Þ¤à¤è¤¦¤Ë
+´Ä¶¤ò¥ê¥»¥Ã¥È¤¹¤ë: C<HOME>, C<LOGNAME>,
+C<PATH>, C<SHELL>, C<TERM>,
+C<USER> (C<SUDO_*> °Ê³°¤Ë)¡£
+¤³¤ì¤é¤Î¤¦¤Á¤Ç C<TERM> ¤À¤±¤¬
+°ÊÁ°¤Î´Ä¶¤«¤é¥³¥Ô¡¼¤µ¤ì¤ë¡£
+¾¤ÎÊÑ¿ô¤Ï¥Ç¥Õ¥©¥ë¥È¤ÎÃͤËÀßÄꤵ¤ì¤ë
+(I<set_logname> ¥ª¥×¥·¥ç¥ó¤ÎÃͤÇÊѹ¹²Äǽ)¡£
+B<sudo> ¤¬ C<SECURE_PATH> ¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤Æ
+¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
+¤½¤ÎÃͤϴĶÊÑ¿ô C<PATH> ¤Ë»È¤ï¤ì¤ë¡£
+¾¤ÎÊÑ¿ô¤Ï I<env_keep> ¥ª¥×¥·¥ç¥ó¤ÇÊݸ¤¹¤ë¤³¤È¤â¤Ç¤¤ë¡£
+
+=item use_loginclass
+
+=begin JM-comment
+
+If set, B<sudo> will apply the defaults specified for the target user's
+login class if one exists. Only available if B<sudo> is configured with
+the --with-logincap option. This flag is I<off> by default.
+
+=end JM-comment
+
+¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢B<sudo> ¤Ï¡¢
+Âоݥ桼¥¶¤Î¥í¥°¥¤¥ó¥¯¥é¥¹¤¬¤¢¤ì¤Ð¡¢¤½¤ì¤Ë»ØÄꤵ¤ì¤¿¥Ç¥Õ¥©¥ë¥È¤ÎÃͤòŬÍѤ¹¤ë¡£
+B<sudo> ¤Î (¥³¥ó¥Ñ¥¤¥ë»þ¤Ë) --with-logincap ¥ª¥×¥·¥ç¥ó¤¬
+ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ß¡¢Í¸ú¤Ç¤¢¤ë¡£
+¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï I<off> ¤Ç¤¢¤ë¡£
+
+=back
+
+=begin JM-comment
+
+B<Integers>:
+
+=end JM-comment
+
+B<À°¿ô>:
+
+=over 12
+
+=item passwd_tries
+
+=begin JM-comment
+
+The number of tries a user gets to enter his/her password before
+B<sudo> logs the failure and exits. The default is C<@passwd_tries@>.
+
+=end JM-comment
+
+B<sudo> ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤·¤Æ½ªÎ»¤¹¤ë¤Þ¤Ç¤Ë¡¢
+¥æ¡¼¥¶¤¬¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤǤ¤ë²ó¿ô¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@passwd_tries@>¡£
+
+=back
+
+=begin JM-comment
+
+B<Integers that can be used in a boolean context>:
+
+=end JM-comment
+
+B<¿¿µ¶ÃͤȤ·¤Æ¤â»ÈÍѤµ¤ì¤ëÀ°¿ô>:
+
+=over 12
+
+=item loglinelen
+
+=begin JM-comment
+
+Number of characters per line for the file log. This value is used
+to decide when to wrap lines for nicer log files. This has no
+effect on the syslog log file, only the file log. The default is
+C<@loglen@> (use 0 or negate the option to disable word wrap).
+
+=end JM-comment
+
+¥Õ¥¡¥¤¥ë¥í¥°¤Î 1 ¹ÔÅö¤¿¤ê¤Îʸ»ú¿ô¡£
+¤³¤ÎÃͤϡ¢¥í¥°¥Õ¥¡¥¤¥ë¤ò¸«¤ä¤¹¤¯¤¹¤ë¤¿¤á¤Ë¡¢
+¹Ô¤ò²¿·å¤ÇÀÞ¤êÊÖ¤¹¤«¤ò·èÄꤹ¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¡£
+syslog ¥Õ¥¡¥¤¥ë¤Ë¤Ï²¿¤â±Æ¶Á¤»¤º¡¢¥Õ¥¡¥¤¥ë¥í¥°¤À¤±¤Ë±Æ¶Á¤¹¤ë¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@loglen@>
+(ÀÞ¤êÊÖ¤·¤ò¤·¤Ê¤¤¾ì¹ç¤Ï 0 ¤ò»ØÄꤹ¤ë¤«¡¢
+¤³¤Î¥ª¥×¥·¥ç¥ó¤ò̵¸ú¤Ë¤¹¤ë)¡£
+
+=item timestamp_timeout
+
+=begin JM-comment
+
+Number of minutes that can elapse before B<sudo> will ask for a
+passwd again. The default is C<@timeout@>. Set this to C<0> to always
+prompt for a password.
+If set to a value less than C<0> the user's timestamp will never
+expire. This can be used to allow users to create or delete their
+own timestamps via C<sudo -v> and C<sudo -k> respectively.
+
+=end JM-comment
+
+B<sudo> ¤¬ºÆÅ٥ѥ¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤Þ¤Ç¤Ë·Ð²á¤¹¤ëʬ¿ô¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@timeout@>¡£
+¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÍ׵ᤵ¤»¤ë¤Ë¤Ï C<0> ¤ËÀßÄꤹ¤ë¡£
+C<0> ¤è¤ê¾®¤µ¤¤ÃͤËÀßÄꤹ¤ë¤È¡¢
+¥æ¡¼¥¶¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ï¼º¸ú¤·¤Ê¤¤¡£
+¤³¤ì¤Ï¥æ¡¼¥¶¤¬¼«¿È¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤ÎºîÀ®¡¦ºï½ü¤ò
+C<sudo -v> ¤ä
+C<sudo -k> ¤Ç²Äǽ¤Ë¤¹¤ë¤¿¤á¤Ë»È¤¦¡£
+
+=item passwd_timeout
+
+=begin JM-comment
+
+Number of minutes before the B<sudo> password prompt times out.
+The default is C<@password_timeout@>, set this to C<0> for no password timeout.
+
+=end JM-comment
+
+B<sudo> ¤Î¥Ñ¥¹¥ï¡¼¥ÉÍ׵᤬»þ´ÖÀÚ¤ì¤Ë¤Ê¤ë¤Þ¤Ç¤Îʬ¿ô¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@password_timeout@>¡£
+¥Ñ¥¹¥ï¡¼¥ÉÍ×µá¤Î»þ´ÖÀÚ¤ì¤ò¤Ê¤¯¤¹¤Ë¤Ï C<0> ¤ËÀßÄꤹ¤ë¡£
+
+=item umask
+
+=begin JM-comment
+
+Umask to use when running the command. Negate this option or set
+it to 0777 to preserve the user's umask. The default is C<@sudo_umask@>.
+
+=end JM-comment
+
+¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤Î umask¡£
+¥æ¡¼¥¶¤Î umask ¤ò¾å½ñ¤¤·¤Ê¤¤¤¿¤á¤Ë¤Ï¡¢
+¤³¤Î¥ª¥×¥·¥ç¥ó¤ò̵¸ú¤Ë¤¹¤ë¤« 0777 ¤ËÀßÄꤹ¤ë¤³¤È¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@sudo_umask@>¡£
+
+=back
+
+=begin JM-comment
+
+B<Strings>:
+
+=end JM-comment
+
+B<ʸ»úÎó>:
+
+=over 12
+
+=item mailsub
+
+=begin JM-comment
+
+Subject of the mail sent to the I<mailto> user. The escape C<%h>
+will expand to the hostname of the machine.
+Default is C<@mailsub@>.
+
+=end JM-comment
+
+I<mailto> ¥æ¡¼¥¶¤ËÁ÷¤é¤ì¤ë¥á¡¼¥ë¤Î Subject (Âê̾)¡£
+¥¨¥¹¥±¡¼¥× C<%h> ¤Ï·×»»µ¡¤Î¥Û¥¹¥È̾¤ËŸ³«¤µ¤ì¤ë¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@mailsub@>¡£
+
+=item badpass_message
+
+=begin JM-comment
+
+Message that is displayed if a user enters an incorrect password.
+The default is C<@badpass_message@> unless insults are enabled.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤¬ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤¿¾ì¹ç¤Ëɽ¼¨¤µ¤ì¤ë¥á¥Ã¥»¡¼¥¸¡£
+insults ¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¸Â¤ê¡¢
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@badpass_message@>¡£
+
+=item timestampdir
+
+=begin JM-comment
+
+The directory in which B<sudo> stores its timestamp files.
+The default is F<@timedir@>.
+
+=end JM-comment
+
+B<sudo> ¤¬¥¿¥¤¥à¥¹¥¿¥ó¥×¥Õ¥¡¥¤¥ë¤òÃÖ¤¯¥Ç¥£¥ì¥¯¥È¥ê¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï F<@timedir@>¡£
+
+=item timestampowner
+
+=begin JM-comment
+
+The owner of the timestamp directory and the timestamps stored therein.
+The default is C<root>.
+
+=end JM-comment
+
+¥¿¥¤¥à¥¹¥¿¥ó¥×¥Ç¥£¥ì¥¯¥È¥ê¤È¡¢
+¤½¤³¤Ë³ÊǼ¤µ¤ì¤ë¥¿¥¤¥à¥¹¥¿¥ó¥×¥Õ¥¡¥¤¥ë¤Î½êͼԡ£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<root>¡£
+
+=item passprompt
+
+=begin JM-comment
+
+The default prompt to use when asking for a password; can be overridden
+via the B<-p> option or the C<SUDO_PROMPT> environment variable.
+The following percent (`C<%>') escapes are supported:
+
+=end JM-comment
+
+¥Ñ¥¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤È¤¤Ë»È¤ï¤ì¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥×¥í¥ó¥×¥È¡£
+B<-p> ¥ª¥×¥·¥ç¥ó¤ä´Ä¶ÊÑ¿ô
+C<SUDO_PROMPT> ¤ò»È¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£
+°Ê²¼¤Î¤è¤¦¤Ê¥Ñ¡¼¥»¥ó¥È (`C<%>') ¥¨¥¹¥±¡¼¥×¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£
+
+=over 8
+
+=item C<%u>
+
+=begin JM-comment
+
+expanded to the invoking user's login name
+
+=end JM-comment
+
+µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó̾¤ËŸ³«¤µ¤ì¤ë¡£
+
+=item C<%U>
+
+=begin JM-comment
+
+expanded to the login name of the user the command will
+be run as (defaults to root)
+
+=end JM-comment
+
+¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó̾¤ËŸ³«¤µ¤ì¤ë
+(¥Ç¥Õ¥©¥ë¥È¤Ï root ¤Ç¤¢¤ë)¡£
+
+=item C<%h>
+
+=begin JM-comment
+
+expanded to the local hostname without the domain name
+
+=end JM-comment
+
+¥É¥á¥¤¥ó̾¤ò´Þ¤Þ¤Ê¤¤¥í¡¼¥«¥ë¥Û¥¹¥È̾¤ËŸ³«¤µ¤ì¤ë¡£
+
+=item C<%H>
+
+=begin JM-comment
+
+expanded to the local hostname including the domain name
+(on if the machine's hostname is fully qualified or the I<fqdn>
+option is set)
+
+=end JM-comment
+
+(¥Þ¥·¥ó¤Î¥Û¥¹¥È̾¤¬´°Á´Ì¾¤Ç¤¢¤ë¾ì¹ç¡¢
+¤Þ¤¿¤Ï I<fqdn> sudoers ¥ª¥×¥·¥ç¥ó¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç)
+¥É¥á¥¤¥ó̾¤ò´Þ¤à¥í¡¼¥«¥ë¥Û¥¹¥È̾¤ËŸ³«¤µ¤ì¤ë¡£
+
+=item C<%%>
+
+=begin JM-comment
+
+two consecutive C<%> characters are collaped into a single C<%> character
+
+=end JM-comment
+
+2 ¤ÄϢ³¤·¤¿ C<%> ʸ»ú¤Ï 1 ¤Ä¤Î C<%> ʸ»ú¤Ë¤µ¤ì¤ë¡£
+
+=back 8
+
+=begin JM-comment
+
+The default value is C<@passprompt@>.
+
+=end JM-comment
+
+¥Ç¥Õ¥©¥ë¥ÈÃÍ¤Ï C<@passprompt@>¡£
+
+=item runas_default
+
+=begin JM-comment
+
+The default user to run commands as if the B<-u> flag is not specified
+on the command line. This defaults to C<@runas_default@>.
+
+=end JM-comment
+
+B<-u> ¥Õ¥é¥°¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë¡¢
+¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥æ¡¼¥¶¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@runas_default@>¡£
+
+=item syslog_goodpri
+
+=begin JM-comment
+
+Syslog priority to use when user authenticates successfully.
+Defaults to C<@goodpri@>.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤¬Ç§¾Ú¤ËÀ®¸ù¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤ÎÍ¥ÀèÅÙ (priority)¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@goodpri@>¡£
+
+=item syslog_badpri
+
+=begin JM-comment
+
+Syslog priority to use when user authenticates unsuccessfully.
+Defaults to C<@badpri@>.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤¬Ç§¾Ú¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤ÎÍ¥ÀèÅÙ¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@badpri@>¡£
+
+=item editor
+
+=begin JM-comment
+
+A colon (':') separated list of editors allowed to be used with
+B<visudo>. B<visudo> will choose the editor that matches the user's
+USER environment variable if possible, or the first editor in the
+list that exists and is executable. The default is the path to vi
+on your system.
+
+=end JM-comment
+
+B<visudo> ¤Ç»ÈÍѲÄǽ¤Ê¥¨¥Ç¥£¥¿¤Î¥ê¥¹¥È¡£
+¥ê¥¹¥È¤Ï¥³¥í¥ó (':') ¤Ç¶èÀڤ롣
+B<visudo> ¤Ï¥æ¡¼¥¶¤Î USER ´Ä¶ÊÑ¿ô¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢
+¤½¤ì¤Ë¥Þ¥Ã¥Á¤¹¤ë¥¨¥Ç¥£¥¿¤òÁªÂò¤¹¤ë¡£
+ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢
+¥ê¥¹¥ÈÃæ¤Ë¸ºß¤¹¤ë¼Â¹Ô²Äǽ¤ÊºÇ½é¤Î¥¨¥Ç¥£¥¿¤òÁªÂò¤¹¤ë¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï¥·¥¹¥Æ¥à¾å¤Î vi ¤Î¥Ñ¥¹¡£
+
+=back
+
+=begin JM-comment
+
+B<Strings that can be used in a boolean context>:
+
+=end JM-comment
+
+B<¿¿µ¶ÃͤȤ·¤Æ¤â»ÈÍѤµ¤ì¤ëʸ»úÎó>:
+
+=over 12
+
+=item logfile
+
+=begin JM-comment
+
+Path to the B<sudo> log file (not the syslog log file). Setting a path
+turns on logging to a file; negating this option turns it off.
+
+=end JM-comment
+
+(syslog ¥í¥°¥Õ¥¡¥¤¥ë¤Ç¤Ï¤Ê¤¯) B<sudo> ¥í¥°¥Õ¥¡¥¤¥ë¤Ø¤Î¥Ñ¥¹¡£
+¥Ñ¥¹¤òÀßÄꤹ¤ë¤È¡¢¤½¤Î¥Õ¥¡¥¤¥ë¤Ø¥í¥°¤¬µÏ¿¤µ¤ì¤ë¡£
+¤³¤Î¥ª¥×¥·¥ç¥ó¤ò̵¸ú¤Ë¤¹¤ì¤Ð¡¢µÏ¿¤µ¤ì¤Ê¤¤¡£
+
+=item syslog
+
+=begin JM-comment
+
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to C<@logfac@>.
+
+=end JM-comment
+
+¥í¥°¤ÎµÏ¿¤Ë syslog ¤¬»È¤ï¤ì¤Æ¤¤¤ë¾ì¹ç¤Î syslog ¤Îµ¡Ç½Ê¬Îà (facility)
+(syslog ¤Ë¤è¤ë¥í¥°¤ÎµÏ¿¤ò¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄꤷ¤Ê¤¤¤³¤È)¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@logfac@>¡£
+
+=item mailerpath
+
+=begin JM-comment
+
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+
+=end JM-comment
+
+·Ù¹ð¥á¡¼¥ë¤òÁ÷¤ë¤Î¤Ë»È¤ï¤ì¤ë¥á¡¼¥ë¥×¥í¥°¥é¥à¤Î¥Ñ¥¹¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï¡¢(¥³¥ó¥Ñ¥¤¥ë¤Î) ÀßÄê»þ¤Ë¸«¤Ä¤«¤Ã¤¿ sendmail ¤Î¥Ñ¥¹¡£
+
+=item mailerflags
+
+=begin JM-comment
+
+Flags to use when invoking mailer. Defaults to B<-t>.
+
+=end JM-comment
+
+¥á¡¼¥é¡¼¤òµ¯Æ°¤¹¤ë¤È¤¤Ë»È¤ï¤ì¤ë¥Õ¥é¥°¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï B<-t>¡£
+
+=item mailto
+
+=begin JM-comment
+
+Address to send warning and error mail to. The address should
+be enclosed in double quotes (C<">) to protect against sudo
+interpreting the C<@> sign. Defaults to C<@mailto@>.
+
+=end JM-comment
+
+·Ù¹ð¥á¡¼¥ë¤È¥¨¥é¡¼¥á¡¼¥ë¤òÁ÷¤ë¥¢¥É¥ì¥¹¡£
+¥¢¥É¥ì¥¹¤Ï¡¢sudo ¤¬ C<@> µ¹æ¤ò²ò¼á¤·¤Ê¤¤¤è¤¦¤Ë¡¢
+¥À¥Ö¥ë¥¯¥©¡¼¥È (C<">) ¤Ç³ç¤é¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+¥Ç¥Õ¥©¥ë¥È¤Ï C<@mailto@>¡£
+
+=item exempt_group
+
+=begin JM-comment
+
+Users in this group are exempt from password and PATH requirements.
+This is not set by default.
+
+=end JM-comment
+
+¤³¤Î¥°¥ë¡¼¥×¤Ë°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤È PATH ¤¬É¬Íפʤ¤¡£
+¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¡£
+
+=item verifypw
+
+=begin JM-comment
+
+This option controls when a password will be required when a user runs
+B<sudo> with the B<-v> flag. It has the following possible values:
+
+=end JM-comment
+
+¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ B<sudo> ¤ò B<-v> ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢
+¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפȤµ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£
+¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃͤΤ¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£
+
+=over 8
+
+=item all
+
+=begin JM-comment
+
+All the user's I<sudoers> entries for the current host must have
+the C<NOPASSWD> flag set to avoid entering a password.
+
+=end JM-comment
+
+¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
+¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î I<sudoers> ¥¨¥ó¥È¥ê¤Ë
+C<NOPASSWD> ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=item any
+
+=begin JM-comment
+
+At least one of the user's I<sudoers> entries for the current host
+must have the C<NOPASSWD> flag set to avoid entering a password.
+
+=end JM-comment
+
+¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
+¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î
+I<sudoers> ¥¨¥ó¥È¥ê¤Ë C<NOPASSWD> ¥Õ¥é¥°¤¬
+ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=item never
+
+=begin JM-comment
+
+The user need never enter a password to use the B<-v> flag.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤Ï¡¢B<-v> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¥Ñ¥¹¥ï¡¼¥É¤òɬÍפȤ·¤Ê¤¤¡£
+
+=item always
+
+=begin JM-comment
+
+The user must always enter a password to use the B<-v> flag.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤Ï¡¢B<-v> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=back
+
+=begin JM-comment
+
+The default value is `all'.
+
+=end JM-comment
+
+¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `all' ¤Ç¤¢¤ë¡£
+
+=item listpw
+
+=begin JM-comment
+
+This option controls when a password will be required when a
+user runs B<sudo> with the B<-l> flag. It has the following possible values:
+
+=end JM-comment
+
+¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ B<sudo> ¤ò B<-l> ¥Õ¥é¥°¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢
+¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפȤµ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£
+¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃͤΤ¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£
+
+=over 8
+
+=item all
+
+=begin JM-comment
+
+All the user's I<sudoers> entries for the current host must have
+the C<NOPASSWD> flag set to avoid entering a password.
+
+=end JM-comment
+
+¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
+¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î I<sudoers> ¥¨¥ó¥È¥ê¤Ë
+C<NOPASSWD> ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=item any
+
+=begin JM-comment
+
+At least one of the user's I<sudoers> entries for the current host
+must have the C<NOPASSWD> flag set to avoid entering a password.
+
+=end JM-comment
+
+¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
+¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î I<sudoers> ¥¨¥ó¥È¥ê¤Ë
+C<NOPASSWD> ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=item never
+
+=begin JM-comment
+
+The user need never enter a password to use the B<-l> flag.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤Ï¡¢B<-l> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¥Ñ¥¹¥ï¡¼¥É¤òɬÍפȤ·¤Ê¤¤¡£
+
+=item always
+
+=begin JM-comment
+
+The user must always enter a password to use the B<-l> flag.
+
+=end JM-comment
+
+¥æ¡¼¥¶¤Ï¡¢B<-l> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=back
+
+=begin JM-comment
+
+The default value is `any'.
+
+=end JM-comment
+
+¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `any' ¤Ç¤¢¤ë¡£
+
+=back
+
+=begin JM-comment
+
+B<Lists that can be used in a boolean context>:
+
+=end JM-comment
+
+B<¿¿µ¶ÃͤȤ·¤Æ¤â»ÈÍѤµ¤ì¤ë¥ê¥¹¥È>:
+
+=over 12
+
+=item env_check
+
+=begin JM-comment
+
+Environment variables to be removed from the user's environment if
+the variable's value contains C<%> or C</> characters. This can
+be used to guard against printf-style format vulnerabilities in
+poorly-written programs. The argument may be a double-quoted,
+space-separated list or a single value without double-quotes. The
+list can be replaced, added to, deleted from, or disabled by using
+the C<=>, C<+=>, C<-=>, and C<!> operators respectively. The default
+list of environment variables to check is printed when B<sudo> is
+run by root with the I<-V> option.
+
+=end JM-comment
+
+ÊÑ¿ô¤ÎÃÍ¤Ë C<%> ʸ»ú¤Þ¤¿¤Ï C</> ʸ»ú¤ò
+´Þ¤ó¤Ç¤¤¤ë¾ì¹ç¤Ë¡¢¥æ¡¼¥¶¤Î´Ä¶¤«¤éºï½ü¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£
+¤³¤ì¤ÏÎɤ¯¹Í¤¨¤º¤Ë½ñ¤«¤ì¤¿¥×¥í¥°¥é¥à¤Ë¤ª¤±¤ë
+printf ·Á¼°¤ÎÀȼåÀ¤òËɤ°¤¿¤á¤Ë¤¢¤ë¡£
+°ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢
+¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃͤǤ¢¤ë¡£
+¥ê¥¹¥È¤ÎÃÖ´¹¡¦Äɲᦺï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì
+C<=>, C<+=>,
+C<-=>, C<!> ¥ª¥Ú¥ì¡¼¥¿¤Ç¤Ç¤¤ë¡£
+¥Á¥§¥Ã¥¯¤µ¤ì¤ë´Ä¶ÊÑ¿ô¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥ê¥¹¥È¤Ï¡¢
+B<sudo> ¤Ë I<-V> ¤ò¤Ä¤±¤Æ¼Â¹Ô¤¹¤ë¤Èɽ¼¨¤µ¤ì¤ë¡£
+
+=item env_delete
+
+=begin JM-comment
+
+Environment variables to be removed from the user's environment.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes. The list can be replaced, added
+to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
+C<!> operators respectively. The default list of environment
+variables to remove is printed when B<sudo> is run by root with the
+I<-V> option. Note that many operating systems will remove potentially
+dangerous variables from the environment of any setuid process (such
+as B<sudo>).
+
+=end JM-comment
+
+¥æ¡¼¥¶¤Î´Ä¶¤«¤éºï½ü¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£
+°ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢
+¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃͤǤ¢¤ë¡£
+¥ê¥¹¥È¤ÎÃÖ´¹¡¦Äɲᦺï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì
+C<=>, C<+=>,
+C<-=>, C<!> ¥ª¥Ú¥ì¡¼¥¿¤Ç¤Ç¤¤ë¡£
+¥Á¥§¥Ã¥¯¤µ¤ì¤ë´Ä¶ÊÑ¿ô¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥ê¥¹¥È¤Ï¡¢
+B<sudo> ¤Ë I<-V> ¤ò¤Ä¤±¤Æ¼Â¹Ô¤¹¤ë¤Èɽ¼¨¤µ¤ì¤ë¡£
+¿¤¯¤Î OS ¤Ç¤Ï (B<sudo> ¤Î¤è¤¦¤Ê) setuid ¥×¥í¥»¥¹¤Î´Ä¶ÊÑ¿ô¤«¤é
+´í¸±À¤¬Â¸ºß¤¹¤ë²ÄǽÀ¤Î¤¢¤ë¤â¤Î¤ò¼è¤ê½ü¤¯¡£
+
+=item env_keep
+
+=begin JM-comment
+
+Environment variables to be preserved in the user's environment
+when the I<env_reset> option is in effect. This allows fine-grained
+control over the environment B<sudo>-spawned processes will receive.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes. The list can be replaced, added
+to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
+C<!> operators respectively. This list has no default members.
+
+=end JM-comment
+
+I<env_reset> ¥ª¥×¥·¥ç¥ó¤¬¼Â¹Ô¤µ¤ì¤ë¤È¤¤Ë¡¢
+¥æ¡¼¥¶¤Î´Ä¶¤ÇÊݸ¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£
+¤³¤ì¤Ë¤è¤ê B<sudo> ¤¬µ¯Æ°¤·¤¿¥×¥í¥»¥¹¤¬¼õ¤±¼è¤ë´Ä¶¤òºÙ¤«¤¯À©¸æ¤Ç¤¤ë¡£
+°ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢
+¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃͤǤ¢¤ë¡£
+¥ê¥¹¥È¤ÎÃÖ´¹¡¦Äɲᦺï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì
+C<=>, C<+=>,
+C<-=>, C<!> ¥ª¥Ú¥ì¡¼¥¿¤Ç¤Ç¤¤ë¡£
+¤³¤Î¥ê¥¹¥È¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï²¿¤â´Þ¤Þ¤Ê¤¤¡£
+
+=back
+
+=begin JM-comment
+
+When logging via syslog(3), B<sudo> accepts the following values for the syslog
+facility (the value of the B<syslog> Parameter): B<authpriv> (if your OS
+supports it), B<auth>, B<daemon>, B<user>, B<local0>, B<local1>, B<local2>,
+B<local3>, B<local4>, B<local5>, B<local6>, and B<local7>. The following
+syslog priorities are supported: B<alert>, B<crit>, B<debug>, B<emerg>,
+B<err>, B<info>, B<notice>, and B<warning>.
+
+=end JM-comment
+
+syslog(3) ¤Ç¥í¥°¤òµÏ¿¤·¤Æ¤¤¤ë¾ì¹ç¡¢
+B<sudo> ¤Ï syslog ¤Îµ¡Ç½Ê¬Îà (B<syslog> ¥Ñ¥é¥á¡¼¥¿¤ÎÃÍ) ¤È¤·¤Æ¡¢
+B<authpriv> (OS ¤¬¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾ì¹ç),
+B<auth>, B<daemon>, B<user>, B<local0>, B<local1>, B<local2>,
+B<local3>, B<local4>, B<local5>, B<local6>, B<local7>
+¤ò¼õ¤±ÉÕ¤±¤ë¡£
+syslog ¤ÎÍ¥ÀèÅ٤Ȥ·¤Æ¤Ï¡¢
+B<alert>, B<crit>, B<debug>, B<emerg>,
+B<err>, B<info>, B<notice>, B<warning>
+¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£
+
+=head2 User Specification
+
+ User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
+ (':' User_Spec)*
+
+ Cmnd_Spec_List ::= Cmnd_Spec |
+ Cmnd_Spec ',' Cmnd_Spec_List
+
+ Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd
+
+ Runas_Spec ::= '(' Runas_List ')'
+
+=begin JM-comment
+
+A B<user specification> determines which commands a user may run
+(and as what user) on specified hosts. By default, commands are
+run as B<root>, but this can be changed on a per-command basis.
+
+=end JM-comment
+
+B<¥æ¡¼¥¶ÀßÄê>¤Ï¡¢»ØÄꤷ¤¿¥Û¥¹¥È¾å¤Ç¥æ¡¼¥¶¤¬ (¤É¤Î¥æ¡¼¥¶¤È¤·¤Æ)
+¤É¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò·èÄꤹ¤ë¡£
+¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥³¥Þ¥ó¥É¤Ï B<root> ¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¤¬¡¢
+¤³¤ì¤Ï¥³¥Þ¥ó¥ÉËè¤ËÊѹ¹²Äǽ¤Ç¤¢¤ë¡£
+
+=begin JM-comment
+
+Let's break that down into its constituent parts:
+
+=end JM-comment
+
+¥æ¡¼¥¶ÀßÄê¤ò¹½À®Í×ÁǤ´¤È¤Ëʬ¤±¤Æ¤ß¤ë¡£
+
+=head2 Runas_Spec
+
+=begin JM-comment
+
+A C<Runas_Spec> is simply a C<Runas_List> (as defined above)
+enclosed in a set of parentheses. If you do not specify a
+C<Runas_Spec> in the user specification, a default C<Runas_Spec>
+of B<root> will be used. A C<Runas_Spec> sets the default for
+commands that follow it. What this means is that for the entry:
+
+=end JM-comment
+
+C<Runas_Spec> ¤Ïñ¤Ë
+(¾å¤ÇÄêµÁ¤·¤¿) C<Runas_List> ¤ò³ç¸Ì¤Ç³ç¤Ã¤¿¤â¤Î¤Ç¤¢¤ë¡£
+¥æ¡¼¥¶ÀßÄê¤Ç C<Runas_Spec> ¤ò»ØÄꤷ¤Ê¤¤¤È¡¢
+B<root> ¤Î¥Ç¥Õ¥©¥ë¥È¤Î C<Runas_Spec> ¤¬»È¤ï¤ì¤ë¡£
+C<Runas_Spec> ¤Ï¡¢¤½¤Î¸å¤Ë³¤¯¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤òÀßÄꤹ¤ë¡£
+¤Ä¤Þ¤ê:
+
+ dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
+
+=begin JM-comment
+
+The user B<dgb> may run F</bin/ls>, F</bin/kill>, and
+F</usr/bin/lprm> -- but only as B<operator>. E.g.,
+
+=end JM-comment
+
+¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤¬¤¢¤ë¾ì¹ç¡¢
+¥æ¡¼¥¶ B<dgb> ¤Ï¡¢I</bin/ls>, I</bin/kill>, I</usr/bin/lprm> ¤ò
+¼Â¹Ô¤Ç¤¤ë -- ¤¿¤À¤· B<operator> ¤È¤·¤Æ¤Î¤ß¡£Î㤨¤Ð:
+
+ sudo -u operator /bin/ls
+
+=begin JM-comment
+
+It is also possible to override a C<Runas_Spec> later on in an
+entry. If we modify the entry like so:
+
+=end JM-comment
+
+C<Runas_Spec> ¤ò¸å¤«¤é¥¨¥ó¥È¥ê¤ÎÃæ¤Ç¾å½ñ¤¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¢¤ë¡£
+
+ dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+
+=begin JM-comment
+
+Then user B<dgb> is now allowed to run F</bin/ls> as B<operator>,
+but F</bin/kill> and F</usr/bin/lprm> as B<root>.
+
+=end JM-comment
+
+¤Î¤è¤¦¤Ë½¤Àµ¤¹¤ë¤È¡¢
+¥æ¡¼¥¶ B<dgb> ¤Ï I</bin/ls> ¤ò B<operator> ¤È¤·¤Æ¡¢
+¤Þ¤¿ I</bin/kill> ¤È I</usr/bin/lprm> ¤ò B<root> ¤È¤·¤Æ
+¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤ë¡£
+
+=head2 NOPASSWD and PASSWD
+
+=begin JM-comment
+
+By default, B<sudo> requires that a user authenticate him or herself
+before running a command. This behavior can be modified via the
+C<NOPASSWD> tag. Like a C<Runas_Spec>, the C<NOPASSWD> tag sets
+a default for the commands that follow it in the C<Cmnd_Spec_List>.
+Conversely, the C<PASSWD> tag can be used to reverse things.
+For example:
+
+=end JM-comment
+
+¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢B<sudo> ¤Ï
+¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¼«¿È¤Îǧ¾Ú¤òɬÍפȤ¹¤ë¡£
+¤³¤ÎÆ°ºî¤Ï C<NOPASSWD> ¥¿¥°¤ÇÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+C<Runas_Spec> ¤ÈƱÍͤˡ¢C<NOPASSWD> ¥¿¥°¤Ï
+¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤ò¤½¤Î¸å¤Ë³¤¯
+C<Cmnd_Spec_List> ¤ËÀßÄꤹ¤ë¡£
+µÕ¤Ë C<PASSWD> ¤Ï¤³¤ì¤ò¸µ¤ËÌ᤹¤¿¤á¤Ë»È¤ï¤ì¤ë¡£
+Î㤨¤Ð:
+
+ ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+
+=begin JM-comment
+
+would allow the user B<ray> to run F</bin/kill>, F</bin/ls>, and
+F</usr/bin/lprm> as root on the machine rushmore as B<root> without
+authenticating himself. If we only want B<ray> to be able to
+run F</bin/kill> without a password the entry would be:
+
+=end JM-comment
+
+¤È¤¹¤ë¤È¡¢¥æ¡¼¥¶ B<ray> ¤ÏÈ༫¿È¤Ø¤Îǧ¾Ú¤Ê¤·¤Ç
+·×»»µ¡ rushmore ¤Î B<root> ¤È¤·¤Æ
+I</bin/kill>, I</bin/ls>, I</usr/bin/lprm>
+¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+B<ray> ¤Ë I</bin/kill> ¤À¤±¤ò
+¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤·¤¿¤¤¾ì¹ç¡¢¥¨¥ó¥È¥ê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ë¡£
+
+ ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
+
+=begin JM-comment
+
+Note, however, that the C<PASSWD> tag has no effect on users who are
+in the group specified by the exempt_group option.
+
+=end JM-comment
+
+¤¿¤À¤·¡¢C<PASSWD> ¥¿¥°¤Ï exempt_group ¥ª¥×¥·¥ç¥ó¤Ç
+»ØÄꤵ¤ì¤¿¥°¥ë¡¼¥×¤Ë°¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ë¤Ï¸ú²Ì¤¬¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+
+=begin JM-comment
+
+By default, if the C<NOPASSWD> tag is applied to any of the entries
+for a user on the current host, he or she will be able to run
+C<sudo -l> without a password. Additionally, a user may only run
+C<sudo -v> without a password if the C<NOPASSWD> tag is present
+for all a user's entries that pertain to the current host.
+This behavior may be overridden via the verifypw and listpw options.
+
+=end JM-comment
+
+¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¸½ºß¤Î¥Û¥¹¥È¾å¤Î¤¢¤ë¥æ¡¼¥¶¤Î¤É¤ì¤«¤Î¥¨¥ó¥È¥ê¤Ë
+C<NOPASSWD> ¥¿¥°¤¬Å¬ÍѤµ¤ì¤Æ¤¤¤ì¤Ð¡¢
+¤½¤Î¥æ¡¼¥¶¤Ï C<sudo -l> ¤ò
+¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£
+¤µ¤é¤Ë¡¢¤¢¤ë¥æ¡¼¥¶¤Î¸½ºß¤Î¥Û¥¹¥È¤Ë´ØÏ¢¤¹¤ëÁ´¤Æ¤Î¥¨¥ó¥È¥ê¤Ë
+C<NOPASSWD> ¥¿¥°¤¬¤¢¤ë¾ì¹ç¤Ë¸Â¤ê¡¢
+¤½¤Î¥æ¡¼¥¶¤Ï C<sudo -v> ¤ò
+¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£
+¤³¤ÎÆ°ºî¤Ï verifypw ¤È listpw ¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£
+
+=head2 Wildcards (aka meta characters):
+
+=begin JM-comment
+
+B<sudo> allows shell-style I<wildcards> to be used in pathnames
+as well as command line arguments in the I<sudoers> file. Wildcard
+matching is done via the B<POSIX> C<fnmatch(3)> routine. Note that
+these are I<not> regular expressions.
+
+=end JM-comment
+
+B<sudo> ¤Ï I<sudoers> ¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ¡¢
+¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ä¥Ñ¥¹Ì¾¤ËÂФ·¤Æ
+¥·¥§¥ë·Á¼°¤ÎI<¥ï¥¤¥ë¥É¥«¡¼¥É>¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£
+¥ï¥¤¥ë¥É¥«¡¼¥É¤Î¥Þ¥Ã¥Á¥ó¥°¤Ï¡¢
+B<POSIX> ¤Î C<fnmatch(3)> ¥ë¡¼¥Á¥ó¤ò»È¤Ã¤Æ¹Ô¤ï¤ì¤ë¡£
+Àµµ¬É½¸½I<¤Ç¤Ï¤Ê¤¤>ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+
+=over 8
+
+=item C<*>
+
+=begin JM-comment
+
+Matches any set of zero or more characters.
+
+=end JM-comment
+
+Ǥ°Õ¤Î 0 ¸Ä°Ê¾å¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
+
+=item C<?>
+
+=begin JM-comment
+
+Matches any single character.
+
+=end JM-comment
+
+Ǥ°Õ¤Î 1 ¸Ä¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
+
+=item C<[...]>
+
+=begin JM-comment
+
+Matches any character in the specified range.
+
+=end JM-comment
+
+»ØÄꤷ¤¿ÈϰϤˤ¢¤ëǤ°Õ¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
+
+=item C<[!...]>
+
+=begin JM-comment
+
+Matches any character B<not> in the specified range.
+
+=end JM-comment
+
+»ØÄꤷ¤¿ÈϰϤËB<¤Ê¤¤>Ǥ°Õ¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
+
+=item C<\x>
+
+=begin JM-comment
+
+For any character "x", evaluates to "x". This is used to
+escape special characters such as: "*", "?", "[", and "}".
+
+=end JM-comment
+
+"x" ¤Çɾ²Á¤µ¤ì¤ëǤ°Õ¤Îʸ»ú "x"¡£
+¤³¤ì¤Ï¡¢"*", "?", "[", "}" ¤Î¤è¤¦¤Ê
+¥¨¥¹¥±¡¼¥×ʸ»ú¤ËÂФ·¤Æ»È¤ï¤ì¤ë¡£
+
+=back
+
+=begin JM-comment
+
+Note that a forward slash ('/') will B<not> be matched by
+wildcards used in the pathname. When matching the command
+line arguments, however, a slash B<does> get matched by
+wildcards. This is to make a path like:
+
+=end JM-comment
+
+¥Õ¥©¥ï¡¼¥É¥¹¥é¥Ã¥·¥å ('/') ¤Ï¡¢¥Ñ¥¹Ì¾¤Ç»È¤ï¤ì¤ë¥ï¥¤¥ë¥É¥«¡¼¥É¤ËÂФ·¤Æ¤Ï
+¥Þ¥Ã¥ÁB<¤·¤Ê¤¤>ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ËÂФ·¤Æ¥Þ¥Ã¥Á¥ó¥°¤ò¤¹¤ë¾ì¹ç¡¢
+¥¹¥é¥Ã¥·¥å¤Ï¥ï¥¤¥ë¥É¥«¡¼¥É¤Ë¥Þ¥Ã¥ÁB<¤¹¤ë>¡£
+¤³¤ì¤Ï
+
+ /usr/bin/*
+
+=begin JM-comment
+
+match C</usr/bin/who> but not C</usr/bin/X11/xterm>.
+
+=end JM-comment
+
+¤Î¤è¤¦¤Ê¥Ñ¥¹¤ò¡¢
+C</usr/bin/who> ¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¡¢
+C</usr/bin/X11/xterm> ¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£
+
+=head2 Exceptions to wildcard rules:
+
+=begin JM-comment
+
+The following exceptions apply to the above rules:
+
+=end JM-comment
+
+¾å¤Îµ¬Â§¤ËÂФ·¤Æ¡¢¼¡¤ÎÎã³°¤¬Å¬ÍѤµ¤ì¤ë¡£
+
+=over 8
+
+=item C<"">
+
+=begin JM-comment
+
+If the empty string C<""> is the only command line argument in the
+I<sudoers> entry it means that command is not allowed to be run
+with B<any> arguments.
+
+=end JM-comment
+
+¶õ¤Îʸ»úÎó C<""> ¤¬ I<sudoers> ¥¨¥ó¥È¥ê¤Î
+Í£°ì¤Î¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤Ç¤¢¤ë¾ì¹ç¡¢
+¡Ö¥³¥Þ¥ó¥É¤Ë°ú¤¿ô¤òB<¤Ä¤±¤¿>¤È¤¤Ï¡¢¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¤¡×
+¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤¹¤ë¡£
+
+=back
+
+=head2 Other special characters and reserved words:
+
+=begin JM-comment
+
+The pound sign ('#') is used to indicate a comment (unless it
+occurs in the context of a user name and is followed by one or
+more digits, in which case it is treated as a uid). Both the
+comment character and any text after it, up to the end of the line,
+are ignored.
+
+=end JM-comment
+
+¥·¥ã¡¼¥×µ¹æ ('#') ¤Ï¥³¥á¥ó¥È¤òɽ¤¹¤¿¤á¤Ë»È¤ï¤ì¤ë¡£
+(¥æ¡¼¥¶Ì¾¤Ç»È¤ï¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï½ü¤¯¡£
+¤Þ¤¿¡¢1 ¸Ä°Ê¾å¤Î¿ô»ú¤¬Â³¤¤¤Æ¤¤¤Æ¡¢¥æ¡¼¥¶ ID ¤È¤·¤Æ°·¤ï¤ì¤ë¾ì¹ç¤â½ü¤¯¡£)
+¥³¥á¥ó¥Èʸ»ú¤È¤½¤ì°Ê¹ß¤Î¥Æ¥¥¹¥È¤Ï¡¢¹ÔËö¤Þ¤Ç̵»ë¤µ¤ì¤ë¡£
+
+=begin JM-comment
+
+The reserved word B<ALL> is a built in I<alias> that always causes
+a match to succeed. It can be used wherever one might otherwise
+use a C<Cmnd_Alias>, C<User_Alias>, C<Runas_Alias>, or C<Host_Alias>.
+You should not try to define your own I<alias> called B<ALL> as the
+built in alias will be used in preference to your own. Please note
+that using B<ALL> can be dangerous since in a command context, it
+allows the user to run B<any> command on the system.
+
+=end JM-comment
+
+ͽÌó¸ì B<ALL> ¤ÏÁȹþ¤ß¤ÎI<¥¨¥¤¥ê¥¢¥¹>¤Ç¡¢
+¾ï¤Ë¥Þ¥Ã¥Á¤òÀ®¸ù¤µ¤»¤ë¡£
+¤³¤ÎͽÌó¸ì¤Ï¤É¤³¤Ç¤â»È¤¨¤ë¡£
+¤³¤ì¤ò»È¤¤¤¿¤¯¤Ê¤¤¾ì¹ç¤Ï¡¢
+C<Cmnd_Alias>, C<User_Alias>,
+C<Runas_Alias>, C<Host_Alias>
+¤ò»È¤¦¤³¤È¡£
+B<ALL> ¤È¤¤¤¦ I<¥¨¥¤¥ê¥¢¥¹> ¤ò¼«Ê¬¤ÇÄêµÁ¤·¤è¤¦¤È¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£
+Áȹþ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤¬Í¥À褵¤ì¤ë¤«¤é¤Ç¤¢¤ë¡£
+B<ALL> ¤ò»È¤¦¤È´í¸±¤Ë¤Ê¤ë²ÄǽÀ¤¬¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+¤Ê¤¼¤Ê¤é¡¢¤³¤ì¤ò¥³¥Þ¥ó¥É¤Î»ØÄê¤Ç»È¤¦¤È¡¢
+¥æ¡¼¥¶¤Ï¥·¥¹¥Æ¥à¾å¤ÎB<Á´¤Æ¤Î>¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤«¤é¤Ç¤¢¤ë¡£
+
+=begin JM-comment
+
+An exclamation point ('!') can be used as a logical I<not> operator
+both in an I<alias> and in front of a C<Cmnd>. This allows one to
+exclude certain values. Note, however, that using a C<!> in
+conjunction with the built in C<ALL> alias to allow a user to
+run "all but a few" commands rarely works as intended (see SECURITY
+NOTES below).
+
+=end JM-comment
+
+´¶Ã²Éä ('!') ¤Ï¡¢I<¥¨¥¤¥ê¥¢¥¹>¤ÎÃæ¤È C<Cmnd> ¤ÎÁ°¤Ç¡¢
+ÏÀÍý³Ø¤Î I<not> ¥ª¥Ú¥ì¡¼¥¿¤È¤·¤Æ»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£
+¤³¤ì¤Ë¤è¤ê¡¢¤¢¤ëÃͤòÇÓ½ü¤Ç¤¤ë¡£
+¤·¤«¤· C<!> ¤ò
+Áȹþ¤ß¤Î C<ALL> ¥¨¥¤¥ê¥¢¥¹¤ÈÁȤ߹ç¤ï¤»¤Æ¡¢
+¥æ¡¼¥¶¤¬ "Á´¤Æ¤Ç¤Ï¤Ê¤¯°ìÉô¤Î" ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë
+¤·¤è¤¦¤È¤·¤Æ¤â¡¢°Õ¿Þ¤·¤¿¤è¤¦¤ËÆ°ºî¤¹¤ë¤³¤È¤Ïµ©¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È
+(°Ê²¼¤Î¡Ö¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ¡×¤ò»²¾È)¡£
+
+=begin JM-comment
+
+Long lines can be continued with a backslash ('\') as the last
+character on the line.
+
+=end JM-comment
+
+Ť¤¹Ô¤Ï¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ('\') ¤ò¹Ô¤ÎºÇ¸å¤Îʸ»ú¤Ë¤¹¤ì¤Ð
+³¤±¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+
+=begin JM-comment
+
+Whitespace between elements in a list as well as special syntactic
+characters in a I<User Specification> ('=', ':', '(', ')') is optional.
+
+=end JM-comment
+
+¥ê¥¹¥È¤Ë¤ª¤±¤ë¹½À®Í×ÁǴ֤ζõÇò¤ä¡¢
+I<¥æ¡¼¥¶ÀßÄê>¤Ë¤ª¤±¤ëÆüì¤Ê¹½Ê¸Ê¸»ú
+('=', ':', '(', ')') ¤Ï¡¢¤Ê¤¯¤Æ¤â¤è¤¤¡£
+
+=begin JM-comment
+
+The following characters must be escaped with a backslash ('\') when
+used as part of a word (e.g. a username or hostname):
+'@', '!', '=', ':', ',', '(', ')', '\'.
+
+=end JM-comment
+
+'@', '!', '=', ':', ',', '(', ')', '\'
+¤È¤¤¤¦Ê¸»ú¤ò¥ï¡¼¥É (Î㤨¤Ð¡¢¥æ¡¼¥¶Ì¾¤ä¥Û¥¹¥È̾) ¤Î°ìÉô¤È¤·¤Æ»È¤¦¾ì¹ç¤Ï¡¢
+¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ('\') ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=head1 EXAMPLES
+
+=begin JM-comment
+
+Below are example I<sudoers> entries. Admittedly, some of
+these are a bit contrived. First, we define our I<aliases>:
+
+=end JM-comment
+
+°Ê²¼¤Ï I<sudoers> ¥¨¥ó¥È¥ê¤ÎÎã¤Ç¤¢¤ë¡£
+ÀµÄ¾¤Ê¤È¤³¤í¡¢¤¤¤¯¤Ä¤«¤Ï¾¯¤·¤ï¤¶¤È¤é¤·¤¤¡£
+»Ï¤á¤ËI<¥¨¥¤¥ê¥¢¥¹>¤òÄêµÁ¤¹¤ë¡£
+
+ # User alias specification
+ User_Alias FULLTIMERS = millert, mikef, dowdy
+ User_Alias PARTTIMERS = bostley, jwfox, crawl
+ User_Alias WEBMASTERS = will, wendy, wim
+
+ # Runas alias specification
+ Runas_Alias OP = root, operator
+ Runas_Alias DB = oracle, sybase
+
+ # Host alias specification
+ Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
+ SGI = grolsch, dandelion, black :\
+ ALPHA = widget, thalamus, foobar :\
+ HPPA = boa, nag, python
+ Host_Alias CUNETS = 128.138.0.0/255.255.0.0
+ Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+ Host_Alias SERVERS = master, mail, www, ns
+ Host_Alias CDROM = orion, perseus, hercules
+
+ # Cmnd alias specification
+ Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
+ /usr/sbin/restore, /usr/sbin/rrestore
+ Cmnd_Alias KILL = /usr/bin/kill
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+ Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
+ Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
+ Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+ /usr/local/bin/tcsh, /usr/bin/rsh, \
+ /usr/local/bin/zsh
+ Cmnd_Alias SU = /usr/bin/su
+
+=begin JM-comment
+
+Here we override some of the compiled in default values. We want
+B<sudo> to log via syslog(3) using the I<auth> facility in all
+cases. We don't want to subject the full time staff to the B<sudo>
+lecture, user B<millert> need not give a password, and we don't
+want to set the C<LOGNAME> or C<USER> environment variables when
+running commands as root. Additionally, on the machines in the
+I<SERVERS> C<Host_Alias>, we keep an additional local log file and
+make sure we log the year in each log line since the log entries
+will be kept around for several years.
+
+=end JM-comment
+
+°Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢¥³¥ó¥Ñ¥¤¥ë»þ¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤΤ¤¤¯¤Ä¤«¤ò¾å½ñ¤¤¹¤ë¡£
+B<sudo> ¤Ë syslog(3) ¤ò»È¤Ã¤Æ
+Á´¤Æ¤Î¾ì¹ç¤Ë¤Ä¤¤¤Æ I<auth> µ¡Ç½Ê¬Îà¤Ç¥í¥°¤òµÏ¿¤µ¤»¤ë¡£
+¥Õ¥ë¥¿¥¤¥à¤Î¥¹¥¿¥Ã¥Õ¤Ë¤Ï¡¢B<sudo> ¤Î¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¤ëɬÍפò¤Ê¤¯¤¹¡£
+¤Þ¤¿¥æ¡¼¥¶ B<millert> ¤Ï¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤¯¤Æ¤è¤¤¤è¤¦¤Ë¤¹¤ë¡£
+¤½¤·¤Æ¥³¥Þ¥ó¥É¤¬ root ¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¤È¤¤Ë
+´Ä¶ÊÑ¿ô C<LOGNAME> ¤È C<USER> ¤òÀßÄꤷ¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¡£
+¤µ¤é¤Ë C<Host_Alias> ¤Î I<SERVERS> ¤Ë¤¢¤ë·×»»µ¡¤Ë
+(syslog ¤È¤ÏÊ̤Ë) ¥í¡¼¥«¥ë¤Î¥í¥°¥Õ¥¡¥¤¥ë¤òÊݸ¤·¡¢
+Ť¤¥í¥°¥¨¥ó¥È¥ê¤ò¿ôǯ¤ËÅϤêÊݸ¤¹¤ë¤¿¤á¤Ë¥í¥°¤Î³Æ¹Ô¤Ëǯ¤òµÏ¿¤¹¤ë¡£
+
+ # Override built in defaults
+ Defaults syslog=auth
+ Defaults>root !set_logname
+ Defaults:FULLTIMERS !lecture
+ Defaults:millert !authenticate
+ Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+
+=begin JM-comment
+
+The I<User specification> is the part that actually determines who may
+run what.
+
+=end JM-comment
+
+I<¥æ¡¼¥¶ÀßÄê>¤Ï¡¢Ã¯¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò¼ÂºÝ¤Ë·èÄꤷ¤Æ¤¤¤ëÉôʬ¤Ç¤¢¤ë¡£
+
+ root ALL = (ALL) ALL
+ %wheel ALL = (ALL) ALL
+
+=begin JM-comment
+
+We let B<root> and any user in group B<wheel> run any command on any
+host as any user.
+
+=end JM-comment
+
+B<root> ¤È B<wheel> ¥°¥ë¡¼¥×¤Î¥æ¡¼¥¶¤Ë¡¢
+Á´¤Æ¤Î¥æ¡¼¥¶¤È¤·¤Æ¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤¤¤ë¡£
+
+ FULLTIMERS ALL = NOPASSWD: ALL
+
+=begin JM-comment
+
+Full time sysadmins (B<millert>, B<mikef>, and B<dowdy>) may run any
+command on any host without authenticating themselves.
+
+=end JM-comment
+
+¥Õ¥ë¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (B<millert>, B<mikef>, B<dowdy>) ¤Ï¡¢
+¼«Ê¬¼«¿È¤Îǧ¾Ú¤ò¤¹¤ë¤³¤È¤Ê¤¯¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¡£
+
+ PARTTIMERS ALL = ALL
+
+=begin JM-comment
+
+Part time sysadmins (B<bostley>, B<jwfox>, and B<crawl>) may run any
+command on any host but they must authenticate themselves first
+(since the entry lacks the C<NOPASSWD> tag).
+
+=end JM-comment
+
+¥Ñ¡¼¥È¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (B<bostley>, B<jwfox>, B<crawl>) ¤Ï¡¢
+Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¤¬¡¢
+(¥¨¥ó¥È¥ê¤Ë C<NOPASSWD> ¥¿¥°¤¬¤Ê¤¤¤Î¤Ç)
+ºÇ½é¤Ë¼«Ê¬¼«¿È¤Îǧ¾Ú¤¬É¬ÍפǤ¢¤ë¡£
+
+ jack CSNETS = ALL
+
+=begin JM-comment
+
+The user B<jack> may run any command on the machines in the I<CSNETS> alias
+(the networks C<128.138.243.0>, C<128.138.204.0>, and C<128.138.242.0>).
+Of those networks, only C<128.138.204.0> has an explicit netmask (in
+CIDR notation) indicating it is a class C network. For the other
+networks in I<CSNETS>, the local machine's netmask will be used
+during matching.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<jack> ¤Ï¡¢I<CSNETS> ¥¨¥¤¥ê¥¢¥¹
+(¥Í¥Ã¥È¥ï¡¼¥¯ C<128.138.243.0>,
+C<128.138.204.0>, C<128.138.242.0>)
+¤Ë¤¢¤ë·×»»µ¡¾å¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+¤³¤ì¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤¦¤Á¡¢
+¥Í¥Ã¥È¥ï¡¼¥¯ C<128.138.204.0> ¤À¤±¤Ë
+¥¯¥é¥¹ C ¥Í¥Ã¥È¥ï¡¼¥¯¤ò¼¨¤¹ÌÀ¼¨Åª¤Ê (CIDR ɽµ¤Î) ¥Í¥Ã¥È¥Þ¥¹¥¯¤¬¤¢¤ë¡£
+I<CSNETS> ¤Ë¤¢¤ë¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë¥í¡¼¥«¥ë¤Î·×»»µ¡¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬»È¤ï¤ì¤ë¡£
+
+ lisa CUNETS = ALL
+
+=begin JM-comment
+
+The user B<lisa> may run any command on any host in the I<CUNETS> alias
+(the class B network C<128.138.0.0>).
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<lisa> ¤Ï¡¢I<CUNETS> ¥¨¥¤¥ê¥¢¥¹
+(¥¯¥é¥¹ B ¥Í¥Ã¥È¥ï¡¼¥¯ C<128.138.0.0>) ¤Ë¤¢¤ë
+Á´¤Æ¤Î¥Û¥¹¥È¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+
+ operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
+ /usr/oper/bin/
+
+=begin JM-comment
+
+The B<operator> user may run commands limited to simple maintenance.
+Here, those are commands related to backups, killing processes, the
+printing system, shutting down the system, and any commands in the
+directory F</usr/oper/bin/>.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<operator> ¤Ï¡¢
+´Êñ¤Ê¥á¥ó¥Æ¥Ê¥ó¥¹ÍѤΥ³¥Þ¥ó¥É¤Ë¸Â¤Ã¤Æ¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
+¤³¤ì¤é¤Ï¥Ç¥£¥ì¥¯¥È¥ê I</usr/oper/bin/> ¤Ë¤¢¤ë¥³¥Þ¥ó¥ÉÁ´¤Æ¤Ç¡¢
+¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥×¥í¥»¥¹¤Î kill¡¦°õºþ¥·¥¹¥Æ¥à¡¦¥·¥¹¥Æ¥à¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¡¢
+¤È¤¤¤Ã¤¿¤³¤È¤Ë´ØÏ¢¤·¤¿¤â¤Î¤Ç¤¢¤ë¡£
+
+ joe ALL = /usr/bin/su operator
+
+=begin JM-comment
+
+The user B<joe> may only su(1) to operator.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<joe> ¤Ï¡¢operator ¤Ë¤Ê¤ë¤¿¤á¤Î su(1) ¤·¤«¼Â¹Ô¤Ç¤¤Ê¤¤¡£
+
+ pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+
+=begin JM-comment
+
+The user B<pete> is allowed to change anyone's password except for
+root on the I<HPPA> machines. Note that this assumes passwd(1)
+does not take multiple usernames on the command line.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<pete> ¤Ï¡¢I<HPPA> ·×»»µ¡¾å¤Ç
+root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£
+¤³¤³¤Ç¤Ï¡¢passwd(1) ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤«¤é
+Ê£¿ô¤Î¥æ¡¼¥¶Ì¾¤ò¼õ¤±ÉÕ¤±¤Ê¤¤¤³¤È¤ò²¾Äꤷ¤Æ¤¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
+
+ bob SPARC = (OP) ALL : SGI = (OP) ALL
+
+=begin JM-comment
+
+The user B<bob> may run anything on the I<SPARC> and I<SGI> machines
+as any user listed in the I<OP> C<Runas_Alias> (B<root> and B<operator>).
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<bob> ¤Ï¡¢I<SPARC> ¤È I<SGI> ·×»»µ¡¾å¤Ç¡¢
+C<Runas_Alias> ¤Î I<OP> ¤Ë¥ê¥¹¥È¤µ¤ì¤¿¥æ¡¼¥¶
+(B<root> ¤È B<operator>) ¤È¤·¤Æ¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+
+ jim +biglab = ALL
+
+=begin JM-comment
+
+The user B<jim> may run any command on machines in the I<biglab> netgroup.
+B<Sudo> knows that "biglab" is a netgroup due to the '+' prefix.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<jim> ¤Ï¡¢I<biglab> ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë¤¢¤ëÁ´¤Æ¤Î·×»»µ¡¤Ç¡¢
+Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+B<sudo> ¤Ï¡¢"biglab" ¤¬¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ç¤¢¤ë¤³¤È¤ò
+¥×¥ì¥Õ¥£¥Ã¥¯¥¹ '+' ¤Ë¤è¤Ã¤ÆÃΤ롣
+
+ +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+
+=begin JM-comment
+
+Users in the B<secretaries> netgroup need to help manage the printers
+as well as add and remove users, so they are allowed to run those
+commands on all machines.
+
+=end JM-comment
+
+B<secretaries> ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢
+¥æ¡¼¥¶¤ÎÄɲᦺï½ü¤À¤±¤Ç¤Ê¤¯¥×¥ê¥ó¥¿´ÉÍý¤ÎÊä½õ¤ò¤¹¤ëɬÍפ¬¤¢¤ë¤Î¤Ç¡¢
+¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÁ´¤Æ¤Î·×»»µ¡¾å¤Ç¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£
+
+ fred ALL = (DB) NOPASSWD: ALL
+
+=begin JM-comment
+
+The user B<fred> can run commands as any user in the I<DB> C<Runas_Alias>
+(B<oracle> or B<sybase>) without giving a password.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<fred> ¤Ï¡¢C<Runas_Alias> ¤Î
+I<DB> ¤Ë¤¢¤ë¥æ¡¼¥¶
+(B<oracle> ¤È B<sybase>) ¤È¤·¤Æ¡¢¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+
+ john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+=begin JM-comment
+
+On the I<ALPHA> machines, user B<john> may su to anyone except root
+but he is not allowed to give su(1) any flags.
+
+=end JM-comment
+
+I<ALPHA> ·×»»µ¡¾å¤Ç¡¢¥æ¡¼¥¶ B<john> ¤Ï¡¢
+su ¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤Ê¤ì¤ë¡£
+¤·¤«¤· su(1) ¤Ë¥Õ¥é¥°¤ò»ØÄꤹ¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£
+
+ jen ALL, !SERVERS = ALL
+
+=begin JM-comment
+
+The user B<jen> may run any command on any machine except for those
+in the I<SERVERS> C<Host_Alias> (master, mail, www and ns).
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<jen> ¤Ï¡¢C<Host_Alias> ¤Î
+I<SERVERS> ¤Ë¤¢¤ë·×»»µ¡
+(master, mail, www, ns) °Ê³°¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+
+ jill SERVERS = /usr/bin/, !SU, !SHELLS
+
+=begin JM-comment
+
+For any machine in the I<SERVERS> C<Host_Alias>, B<jill> may run
+any commands in the directory /usr/bin/ except for those commands
+belonging to the I<SU> and I<SHELLS> C<Cmnd_Aliases>.
+
+=end JM-comment
+
+C<Host_Alias> ¤Î I<SERVERS> ¤Ë¤¢¤ë·×»»µ¡¤Ç¡¢
+B<jill> ¤Ï /usr/bin ¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ëÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+¤¿¤À¤·¡¢C<Cmnd_Aliases> ¤Î
+I<SU> ¤È I<SHELLS> ¤Ë°¤·¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤Ï½ü¤¯¡£
+
+ steve CSNETS = (operator) /usr/local/op_commands/
+
+=begin JM-comment
+
+The user B<steve> may run any command in the directory /usr/local/op_commands/
+but only as user operator.
+
+=end JM-comment
+
+¥æ¡¼¥¶ B<steve> ¤Ï¡¢¥Ç¥£¥ì¥¯¥È¥ê /usr/local/op_commands/ ¤Ë¤¢¤ë
+Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£¤¿¤À¤·¡¢¥æ¡¼¥¶ operator ¤È¤·¤Æ¤Î¤ß¼Â¹Ô¤Ç¤¤ë¡£
+
+ matt valkyrie = KILL
+
+=begin JM-comment
+
+On his personal workstation, valkyrie, B<matt> needs to be able to
+kill hung processes.
+
+=end JM-comment
+
+B<matt> ¤Ï¡¢Èà¤Î¸Ä¿Í¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó valkyrie ¤Ç¡¢
+¥Ï¥ó¥°¤·¤¿¥×¥í¥»¥¹¤ò kill ¤Ç¤¤ëɬÍפ¬¤¢¤ë¡£
+
+ WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+
+=begin JM-comment
+
+On the host www, any user in the I<WEBMASTERS> C<User_Alias> (will,
+wendy, and wim), may run any command as user www (which owns the
+web pages) or simply su(1) to www.
+
+=end JM-comment
+
+¥Û¥¹¥È www ¤Ç¡¢C<User_Alias> ¤Î
+I<WEBMASTERS> ¤Ë¤¢¤ë¥æ¡¼¥¶
+(will, wendy, wim) ¤Ï¡¢(web ¥Ú¡¼¥¸¤ò½êͤ·¤Æ¤¤¤ë) ¥æ¡¼¥¶ www ¤È¤·¤Æ
+Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
+¤Þ¤¿¡¢Ã±¤Ë su(1) ¤Ç www ¤Ë¤Ê¤ì¤ë¡£
+
+ ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
+ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
+
+=begin JM-comment
+
+Any user may mount or unmount a CD-ROM on the machines in the CDROM
+C<Host_Alias> (orion, perseus, hercules) without entering a password.
+This is a bit tedious for users to type, so it is a prime candidate
+for encapsulating in a shell script.
+
+=end JM-comment
+
+Á´¤Æ¤Î¥æ¡¼¥¶¤Ï¡¢C<Host_Alias> ¤Î
+CD-ROM ¤Ë¤¢¤ë·×»»µ¡ (orion, perseus, hercules) ¤Ç
+¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç CD-ROM ¤Î¥Þ¥¦¥ó¥È¤È¥¢¥ó¥Þ¥¦¥ó¥È¤¬¤Ç¤¤ë¡£
+¤³¤Î¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤¬ÆþÎϤ¹¤ë¤Î¤ÏŤ¯¤ÆÂçÊѤʤΤǡ¢
+¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤Ë½ñ¤¤¤Æ¥«¥×¥»¥ë²½¤·¤Æ¤·¤Þ¤¦Êý¤¬¤è¤¤¡£
+
+=head1 SECURITY NOTES
+
+=begin JM-comment
+
+It is generally not effective to "subtract" commands from C<ALL>
+using the '!' operator. A user can trivially circumvent this
+by copying the desired command to a different name and then
+executing that. For example:
+
+=end JM-comment
+
+'!' ¥ª¥Ú¥ì¡¼¥¿¤ò»È¤Ã¤Æ C<ALL> ¤«¤é
+¥³¥Þ¥ó¥É¤ò¡Öº¹¤·°ú¤¯¡×¤³¤È¤Ï¡¢°ìÈ̤˸ú²ÌŪ¤Ç¤Ï¤Ê¤¤¡£
+¥æ¡¼¥¶¤Ï¡¢Íߤ·¤¤¥³¥Þ¥ó¥É¤òÊ̤Ê̾Á°¤Ç¥³¥Ô¡¼¤·¤Æ¼Â¹Ô¤¹¤ì¤Ð¡¢
+¤³¤ì¤ò´Êñ¤Ë²óÈò¤Ç¤¤Æ¤·¤Þ¤¦¡£
+Îã¤òµó¤²¤ë¡£
+
+ bill ALL = ALL, !SU, !SHELLS
+
+=begin JM-comment
+
+Doesn't really prevent B<bill> from running the commands listed in
+I<SU> or I<SHELLS> since he can simply copy those commands to a
+different name, or use a shell escape from an editor or other
+program. Therefore, these kind of restrictions should be considered
+advisory at best (and reinforced by policy).
+
+=end JM-comment
+
+¾å¤ÎÎã¤Ç¤Ï¡¢¼ÂºÝ¤Ë¤Ï I<SU> ¤È
+I<SHELLS> ¤Ë¥ê¥¹¥È¤µ¤ì¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤ò
+B<bill> ¤Ë¼Â¹Ô¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¡£
+¤Ê¤¼¤Ê¤é¡¢bill ¤Ï¡¢¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÊ̤Ê̾Á°¤Ë¥³¥Ô¡¼¤·¤¿¤ê¡¢
+¥¨¥Ç¥£¥¿¤ä¾¤Î¥³¥Þ¥ó¥É¤Î¥·¥§¥ë¥¨¥¹¥±¡¼¥×¤«¤é»È¤¨¤ë¤«¤é¤Ç¤¢¤ë¡£
+¤è¤Ã¤Æ¡¢¤³¤Î¤è¤¦¤ÊÀ©¸Â¤Ï¡¢¤»¤¤¤¼¤¤Êä½õŪ¤Ê¤â¤Î¤È¹Í¤¨¤ë¤Ù¤¤Ç¤¢¤ë
+(¤µ¤é¤Ë¥Ý¥ê¥·¡¼¤Ç¶¯²½¤¹¤Ù¤¤Ç¤¢¤ë)¡£
+
+=head1 CAVEATS
+
+=begin JM-comment
+
+The I<sudoers> file should B<always> be edited by the B<visudo>
+command which locks the file and does grammatical checking. It is
+imperative that I<sudoers> be free of syntax errors since B<sudo>
+will not run with a syntactically incorrect I<sudoers> file.
+
+=end JM-comment
+
+I<sudoers> ¥Õ¥¡¥¤¥ë¤Ï¡¢B<¾ï¤Ë> B<visudo> ¥³¥Þ¥ó¥É¤ÇÊÔ½¸¤¹¤Ù¤¤Ç¤¢¤ë¡£
+¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Õ¥¡¥¤¥ë¤ò¥í¥Ã¥¯¤·¡¢Ê¸Ë¡¥Á¥§¥Ã¥¯¤ò¤¹¤ë¡£
+B<sudo> ¤Ï
+I<sudoers> ¥Õ¥¡¥¤¥ë¤¬Ê¸Ë¡Åª¤Ë´Ö°ã¤Ã¤Æ¤¤¤ë¤È¼Â¹Ô¤Ç¤¤Ê¤¤¤Î¤Ç¡¢
+I<sudoers> ¤Ë¤Ï¥¨¥é¡¼¤¬¤Ò¤È¤Ä¤â̵¤¤¤è¤¦¤Ë¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
+
+=begin JM-comment
+
+When using netgroups of machines (as opposed to users), if you
+store fully qualified hostnames in the netgroup (as is usually the
+case), you either need to have the machine's hostname be fully qualified
+as returned by the C<hostname> command or use the I<fqdn> option in
+I<sudoers>.
+
+=end JM-comment
+
+(¥æ¡¼¥¶¤Î¤Ç¤Ï¤Ê¤¯) ·×»»µ¡¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×¤ò»È¤¦¾ì¹ç¡¢
+(¤è¤¯¤¢¤ë¤è¤¦¤Ë) ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë
+´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¥Û¥¹¥È̾¤òÆþ¤ì¤ë¾ì¹ç¡¢
+¥Û¥¹¥È̾¤Ï C<hostname> ¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë
+´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¤â¤Î¤Ç¤¢¤ëɬÍפ¬¤¢¤ë¡£
+¤Þ¤¿ I<sudoers> ¤Ë I<fqdn> ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¡£
+
+=head1 FILES
+
+=begin JM-comment
+
+ @sysconfdir@/sudoers List of who can run what
+ /etc/group Local groups file
+ /etc/netgroup List of network groups
+
+=end JM-comment
+
+ @sysconfdir@/sudoers 郎²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥È
+ /etc/group ¥í¡¼¥«¥ë¤Î¥°¥ë¡¼¥×¥Õ¥¡¥¤¥ë
+ /etc/netgroup ¥Í¥Ã¥È¥ï¡¼¥¯¥°¥ë¡¼¥×¤Î¥ê¥¹¥È
+
+=head1 SEE ALSO
+
+rsh(1), su(1), fnmatch(3), sudo(8), visudo(8)
OSDN Git Service
