Annotation of embedaddon/sudo/doc/sample.sudo.conf, revision 1.1.1.3
1.1 misho 1: #
2: # Sample /etc/sudo.conf file
3: #
4: # Format:
1.1.1.2 misho 5: # Plugin plugin_name plugin_path plugin_options ...
1.1 misho 6: # Path askpass /path/to/askpass
1.1.1.2 misho 7: # Path noexec /path/to/sudo_noexec.so
8: # Debug sudo /var/log/sudo_debug all@warn
9: # Set disable_coredump true
1.1 misho 10: #
11: # Sudo plugins:
12: #
13: # The plugin_path is relative to ${prefix}/libexec unless fully qualified.
14: # The plugin_name corresponds to a global symbol in the plugin
15: # that contains the plugin interface structure.
1.1.1.2 misho 16: # The plugin_options are optional.
1.1 misho 17: #
18: # The sudoers plugin is used by default if no Plugin lines are present.
19: Plugin sudoers_policy sudoers.so
20: Plugin sudoers_io sudoers.so
21:
22: #
23: # Sudo askpass:
24: #
25: # An askpass helper program may be specified to provide a graphical
26: # password prompt for "sudo -A" support. Sudo does not ship with its
1.1.1.3 ! misho 27: # own askpass program but can use the OpenSSH askpass.
1.1 misho 28: #
29: # Use the OpenSSH askpass
30: #Path askpass /usr/X11R6/bin/ssh-askpass
31: #
32: # Use the Gnome OpenSSH askpass
33: #Path askpass /usr/libexec/openssh/gnome-ssh-askpass
34:
35: #
36: # Sudo noexec:
37: #
38: # Path to a shared library containing dummy versions of the execv(),
39: # execve() and fexecve() library functions that just return an error.
40: # This is used to implement the "noexec" functionality on systems that
41: # support C<LD_PRELOAD> or its equivalent.
42: # The compiled-in value is usually sufficient and should only be changed
43: # if you rename or move the sudo_noexec.so file.
44: #
45: #Path noexec /usr/libexec/sudo_noexec.so
1.1.1.2 misho 46:
47: #
48: # Core dumps:
49: #
50: # By default, sudo disables core dumps while it is executing (they
51: # are re-enabled for the command that is run).
52: # To aid in debugging sudo problems, you may wish to enable core
53: # dumps by setting "disable_coredump" to false.
54: #
55: #Set disable_coredump false
1.1.1.3 ! misho 56:
! 57: #
! 58: # User groups:
! 59: #
! 60: # Sudo passes the user's group list to the policy plugin.
! 61: # If the user is a member of the maximum number of groups (usually 16),
! 62: # sudo will query the group database directly to be sure to include
! 63: # the full list of groups.
! 64: #
! 65: # On some systems, this can be expensive so the behavior is configurable.
! 66: # The "group_source" setting has three possible values:
! 67: # static - use the user's list of groups returned by the kernel.
! 68: # dynamic - query the group database to find the list of groups.
! 69: # adaptive - if user is in less than the maximum number of groups.
! 70: # use the kernel list, else query the group database.
! 71: #
! 72: #Set group_source static
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>