[docs] mention logfile and remove exempt_group

README.md

@@ -24,7 +24,7 @@ To avoid that and/or to get the latest version, you can use our prepackaged bina
 
 ### Ubuntu 25.10 (Questing Quokka)
 
-sudo-rs is installed and enabled by default; you can control which sudo version is being used by running 
+sudo-rs is installed and enabled by default; you can control which sudo version is being used by running
 ```sh
 update-alternatives --config sudo
 ```
@@ -70,7 +70,7 @@ We are maintaining the FreeBSD port of sudo-rs ourselves, which is available in
 pkg install sudo-rs
 ```
 To get sudo-rs using the commands `sudo`, `visudo` and `sudoedit`. This conflicts with the `security/sudo` package and so you cannot have both
-installed at the same time. 
+installed at the same time.
 
 Alternatively,
 ```
@@ -206,6 +206,7 @@ Exceptions to the above, with respect to your `/etc/sudoers` configuration:
   compatibility reasons.
 * `timestamp_type` is always set at `tty`.
 * `sudoedit_checkdir` is always `on`, and `sudoedit_follow` is always `off`.
+* `logfile` is not supported --- logging is always done via syslog.
 
 Some other notable restrictions to be aware of:
 

docs/man/sudoers.5.md

@@ -290,8 +290,6 @@ would allow the user queen to run /bin/kill, /bin/ls, and /usr/bin/lprm as root
 
        queen     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
 
-Note, however, that the PASSWD tag has no effect on users who are in the group specified by the exempt_group setting.
-
 By default, if the NOPASSWD tag is applied to any of a user's entries for the current host, the user will be able to run “sudo -l” without a password.  Additionally, a user may only run “sudo -v” without a password if all of the user's entries for the current host have the NOPASSWD tag.
 
 ### SETENV and NOSETENV