Annotation of embedaddon/sudo/doc/sample.sudo.conf, revision 1.1.1.3

1.1       misho       1: #
                      2: # Sample /etc/sudo.conf file
                      3: #
                      4: # Format:
1.1.1.2   misho       5: #   Plugin plugin_name plugin_path plugin_options ...
1.1       misho       6: #   Path askpass /path/to/askpass
1.1.1.2   misho       7: #   Path noexec /path/to/sudo_noexec.so
                      8: #   Debug sudo /var/log/sudo_debug all@warn
                      9: #   Set disable_coredump true
1.1       misho      10: #
                     11: # Sudo plugins:
                     12: #
                     13: # The plugin_path is relative to ${prefix}/libexec unless fully qualified.
                     14: # The plugin_name corresponds to a global symbol in the plugin
                     15: #   that contains the plugin interface structure.
1.1.1.2   misho      16: # The plugin_options are optional.
1.1       misho      17: #
                     18: # The sudoers plugin is used by default if no Plugin lines are present.
                     19: Plugin sudoers_policy sudoers.so
                     20: Plugin sudoers_io sudoers.so
                     21: 
                     22: #
                     23: # Sudo askpass:
                     24: #
                     25: # An askpass helper program may be specified to provide a graphical
                     26: # password prompt for "sudo -A" support.  Sudo does not ship with its
1.1.1.3 ! misho      27: # own askpass program but can use the OpenSSH askpass.
1.1       misho      28: #
                     29: # Use the OpenSSH askpass
                     30: #Path askpass /usr/X11R6/bin/ssh-askpass
                     31: #
                     32: # Use the Gnome OpenSSH askpass
                     33: #Path askpass /usr/libexec/openssh/gnome-ssh-askpass
                     34: 
                     35: #
                     36: # Sudo noexec:
                     37: #
                     38: # Path to a shared library containing dummy versions of the execv(),
                     39: # execve() and fexecve() library functions that just return an error.
                     40: # This is used to implement the "noexec" functionality on systems that
                     41: # support C<LD_PRELOAD> or its equivalent.
                     42: # The compiled-in value is usually sufficient and should only be changed
                     43: # if you rename or move the sudo_noexec.so file.
                     44: #
                     45: #Path noexec /usr/libexec/sudo_noexec.so
1.1.1.2   misho      46: 
                     47: #
                     48: # Core dumps:
                     49: #
                     50: # By default, sudo disables core dumps while it is executing (they
                     51: # are re-enabled for the command that is run).
                     52: # To aid in debugging sudo problems, you may wish to enable core
                     53: # dumps by setting "disable_coredump" to false.
                     54: #
                     55: #Set disable_coredump false
1.1.1.3 ! misho      56: 
        !            57: #
        !            58: # User groups:
        !            59: #
        !            60: # Sudo passes the user's group list to the policy plugin.
        !            61: # If the user is a member of the maximum number of groups (usually 16),
        !            62: # sudo will query the group database directly to be sure to include
        !            63: # the full list of groups.
        !            64: #
        !            65: # On some systems, this can be expensive so the behavior is configurable.
        !            66: # The "group_source" setting has three possible values:
        !            67: #   static   - use the user's list of groups returned by the kernel.
        !            68: #   dynamic  - query the group database to find the list of groups.
        !            69: #   adaptive - if user is in less than the maximum number of groups.
        !            70: #             use the kernel list, else query the group database.
        !            71: #
        !            72: #Set group_source static

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>