simplify macro usage, in part suggested by jmc@,

and fix a few markup bugs;
ok millert@

1 files changed, 48 insertions, 55 deletions

diff --git a/usr.bin/sudo/sudo.mdoc.in b/usr.bin/sudo/sudo.mdoc.in
index c70ad591587..a262af7e6cb 100644
--- a/usr.bin/sudo/sudo.mdoc.in
+++ b/usr.bin/sudo/sudo.mdoc.in
@@ -28,43 +28,43 @@
 .Nd execute a command as another user
 .Sh SYNOPSIS
 .Nm sudo
-.Fl h No | Fl K No | Fl k No | Fl L No | Fl V
+.Fl h | K | k | L | V
 .Nm sudo
 .Fl v
 .Op Fl AknS
 .Op Fl a Ar auth_type
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl g Ar group name | #gid
 .Op Fl p Ar prompt
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | #uid
 .Nm sudo
 .Fl l Ns Op Ar l
 .Op Fl AknS
 .Op Fl a Ar auth_type
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl g Ar group name | #gid
 .Op Fl p Ar prompt
 .Op Fl U Ar user name
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | #uid
 .Op Ar command
 .Nm sudo
 .Op Fl AbEHnPS
 .Op Fl a Ar auth_type
 .Op Fl C Ar fd
-.Op Fl c Ar class No | Ar -
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl c Ar class | -
+.Op Fl g Ar group name | #gid
 .Op Fl p Ar prompt
-.Op Fl u Ar user name No | Ar #uid
+.Op Fl u Ar user name | #uid
 .Op Ar VAR Ns = Ns Ar value
-.Fl i No | Fl s
+.Fl i | s
 .Op Ar command
 .Nm sudoedit
 .Op Fl AnS
 .Op Fl a Ar auth_type
 .Op Fl C Ar fd
-.Op Fl c Ar class No | Ar -
-.Op Fl g Ar group name No | Ar #gid
+.Op Fl c Ar class | -
+.Op Fl g Ar group name | #gid
 .Op Fl p Ar prompt
-.Op Fl u Ar user name No | Ar #uid
-file ...
+.Op Fl u Ar user name | #uid
+.Ar
 .Sh DESCRIPTION
 .Nm sudo
 allows a permitted user to execute a
@@ -111,7 +111,7 @@ Normally, if
 .Nm sudo
 requires a password, it will read it from the user's terminal.
 If the
-.Fl A No ( Em askpass Ns No )
+.Fl A Pq Em askpass
 option is specified, a (possibly graphical) helper program is
 executed to read the user's password and output the password to the
 standard output.
@@ -129,7 +129,7 @@ If no askpass program is available,
 will exit with an error.
 .It Fl a Ar type
 The
-.Fl a No ( Em "authentication type" Ns No )
+.Fl a Pq Em authentication type
 option causes
 .Nm sudo
 to use the specified authentication type when validating the user,
@@ -143,7 +143,7 @@ entry in
 This option is only available on systems that support BSD authentication.
 .It Fl b
 The
-.Fl b No ( Em background Ns No )
+.Fl b Pq Em background
 option tells
 .Nm sudo
 to run the given command in the background.
@@ -158,7 +158,7 @@ Normally,
 will close all open file descriptors other than standard input,
 standard output and standard error.
 The
-.Fl C No ( Em close from Ns No )
+.Fl C Pq Em close from
 option allows the user to specify a starting point above the standard
 error (file descriptor three).
 Values less than three are not permitted.
@@ -168,14 +168,14 @@ option in
 .Xr sudoers @mansectform@ .
 .It Fl c Ar class
 The
-.Fl c No ( Em class Ns No )
+.Fl c Pq Em class
 option causes
 .Nm sudo
 to run the command with resource limits and scheduling priority of
 the specified login
 .Ar class .
 The
-.Em class
+.Ar class
 argument can be either a class name as defined in
 .Pa /etc/login.conf ,
 or a single
@@ -196,7 +196,7 @@ be applied, if present.
 This option is only available on systems with BSD login classes.
 .It Fl E
 The
-.Fl E No ( Em preserve environment Ns No )
+.Fl E Pq Em preserve environment
 option will override the
 .Em env_reset
 option in
@@ -214,7 +214,7 @@ option is specified and the user does not have permission to preserve
 the environment.
 .It Fl e
 The
-.Fl e No ( Em edit Ns No )
+.Fl e Pq Em edit
 option indicates that, instead of running a command, the user wishes
 to edit one or more files.
 In lieu of a command, the string "sudoedit" is used when consulting the
@@ -264,18 +264,14 @@ runs a command with the primary group set to the one specified by
 the password database for the user the command is being run as (by
 default, root).
 The
-.Fl g No ( Em group Ns No )
+.Fl g Pq Em group
 option causes
 .Nm sudo
 to run the command with the primary group set to
 .Ar group
 instead.
-To specify a
-.Em gid
-instead of a
-.Em "group name" ,
-use
-.Em #gid .
+To specify a gid instead of a group name, use
+.Ar #gid .
 When running commands as a
 .Em gid ,
 many shells require that the
@@ -290,7 +286,7 @@ In either case, the primary group will be set to
 .Em group .
 .It Fl H
 The
-.Fl H No ( Em HOME Ns No )
+.Fl H Pq Em HOME
 option option sets the
 .Ev HOME
 environment variable to the home directory of the target user (root
@@ -312,13 +308,13 @@ in
 .Xr sudoers @mansectform@ ) .
 .It Fl h
 The
-.Fl h No ( Em help Ns No )
+.Fl h Pq Em help
 option causes
 .Nm sudo
 to print a short help message to the standard output and exit.
 .It Fl i Op Ar command
 The
-.Fl i No ( Em simulate initial login Ns No )
+.Fl i Pq Em simulate initial login
 option runs the shell specified by the password database entry of
 the target user as a login shell.
 This means that login-specific resource files such as
@@ -343,7 +339,7 @@ section below documents in detail how the
 option affects the environment in which a command is run.
 .It Fl K
 The
-.Fl K No ( sure Em kill Ns No )
+.Fl K Pq sure Em kill
 option is like
 .Fl k
 except that it removes the user's time stamp file entirely and
@@ -351,7 +347,7 @@ may not be used in conjunction with a command or other option.
 This option does not require a password.
 .It Fl k Op Ar command
 When used alone, the
-.Fl k No ( Em kill Ns No )
+.Fl k Pq Em kill
 option to
 .Nm sudo
 invalidates the user's time stamp file.
@@ -378,7 +374,7 @@ will prompt for a password (if one is required by
 and will not update the user's time stamp file.
 .It Fl L
 The
-.Fl L No ( Em list No defaults Ns )
+.Fl L Pq Em list defaults
 option will list the parameters that
 may be set in a
 .Em Defaults
@@ -389,7 +385,7 @@ This option will be removed from a future version of
 If no
 .Ar command
 is specified, the
-.Fl l No ( Em list Ns No )
+.Fl l Pq Em list
 option will list the allowed (and forbidden) commands for the
 invoking user (or the user specified by the
 .Fl U
@@ -417,7 +413,7 @@ or if
 is specified multiple times, a longer list format is used.
 .It Fl n
 The
-.Fl n No ( Em non-interactive Ns No )
+.Fl n Pq Em non-interactive
 option prevents
 .Nm sudo
 from prompting the user for a password.
@@ -426,7 +422,7 @@ If a password is required for the command to run,
 will display an error message and exit.
 .It Fl P
 The
-.Fl P No ( Em preserve group vector Ns No )
+.Fl P Pq Em preserve group vector
 option causes
 .Nm sudo
 to preserve the invoking user's group vector unaltered.
@@ -438,7 +434,7 @@ The real and effective group IDs, however, are still set to match
 the target user.
 .It Fl p Ar prompt
 The
-.Fl p No ( Em prompt Ns No )
+.Fl p Pq Em prompt
 option allows you to override the default password prompt and use
 a custom one.
 The following percent
@@ -486,7 +482,7 @@ flag is disabled in
 .Em sudoers .
 .It Fl S
 The
-.Fl S ( Em stdin Ns No )
+.Fl S Pq Em stdin
 option causes
 .Nm sudo
 to read the password from the standard input instead of the terminal
@@ -494,7 +490,7 @@ device.
 The password must be followed by a newline character.
 .It Fl s Op Ar command
 The
-.Fl s ( Em shell Ns No )
+.Fl s Pq Em shell
 option runs the shell specified by the
 .Ev SHELL
 environment variable if it is set or the shell as specified in the
@@ -506,7 +502,7 @@ option.
 If no command is specified, an interactive shell is executed.
 .It Fl U Ar user
 The
-.Fl U ( Em other user Ns No )
+.Fl U Pq other Em user
 option is used in conjunction with the
 .Fl l
 option to specify the user whose privileges should be listed.
@@ -515,16 +511,13 @@ Only root or a user with the
 privilege on the current host may use this option.
 .It Fl u Ar user
 The
-.Fl u ( Em user Ns No )
+.Fl u Pq Em user
 option causes
 .Nm sudo
 to run the specified command as a user other than
 .Em root .
-To specify a
-.Em uid
-instead of a
-.Em user name ,
-.Em #uid .
+To specify a uid instead of a user name, use
+.Ar #uid .
 When running commands as a
 .Em uid ,
 many shells require that the
@@ -539,7 +532,7 @@ it is not possible to run commands with a uid not listed in the
 password database.
 .It Fl V
 The
-.Fl V ( Em version Ns No )
+.Fl V Pq Em version
 option causes
 .Nm sudo
 to print its version string and exit.
@@ -552,7 +545,7 @@ was built as well a list of the defaults
 was compiled with as well as the machine's local network addresses.
 .It Fl v
 When given the
-.Fl v ( Em validate Ns No )
+.Fl v Pq Em validate
 option,
 .Nm sudo
 will update the user's time stamp file, authenticating the user's
@@ -576,7 +569,7 @@ Environment variables to be set for the command may also be passed
 on the command line in the form of
 .Ar VAR Ns No = Ns Ar value ,
 e.g.\&
-.Ev LD_LIBRARY_PATH Ns No = Ns Pa /usr/local/pkg/lib .
+.Ev LD_LIBRARY_PATH Ns = Ns Pa /usr/local/pkg/lib .
 Variables passed on the command line are subject to the same
 restrictions as normal environment variables with one important
 exception.
@@ -812,7 +805,7 @@ and, as such, it is not possible for
 to preserve them.
 .Pp
 As a special case, if
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 .Fl i
 option (initial login) is
 specified,
@@ -1218,7 +1211,7 @@ If a user runs a command such as
 or
 .Li sudo sh ,
 subsequent commands run from that shell are not subject to
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 security policy.
 The same is true for commands that offer shell escapes (including
 most editors).
@@ -1334,7 +1327,7 @@ mode on AIX and Linux systems
 .El
 .Sh EXAMPLES
 Note: the following examples assume suitable
-.Xr sudoers 5
+.Xr sudoers @mansectform@
 entries.
 .Pp
 To get a file listing of an unreadable directory:
@@ -1411,10 +1404,10 @@ if that user is allowed to run arbitrary commands via
 .Nm sudo .
 Also, many programs (such as editors) allow the user to run commands
 via shell escapes, thus avoiding
-.Nm sudo Ns No 's
+.Nm sudo Ns 's
 checks.
 However, on most systems it is possible to prevent shell escapes with
-.Nm sudo ' s
+.Nm sudo Ns 's
 .Em noexec
 functionality.
 See the