--- embedaddon/sudo/doc/sudo.conf.cat 2013/10/14 07:56:34 1.1.1.2 +++ embedaddon/sudo/doc/sudo.conf.cat 2014/06/15 16:12:54 1.1.1.3 @@ -39,12 +39,12 @@ DDEESSCCRRIIPPTTIIOONN end. Plugins are dynamically loaded based on the contents of ssuuddoo..ccoonnff. A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e - and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e - is the name of the struct policy_plugin or struct io_plugin in the plugin - shared object. The _p_a_t_h may be fully qualified or relative. If not - fully qualified, it is relative to the directory specified by the - _p_l_u_g_i_n___d_i_r Path setting, which defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. In - other words: + and the _p_a_t_h to the dynamic shared object that contains the plugin. The + _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct io_plugin + symbol contained in the plugin. The _p_a_t_h may be fully qualified or + relative. If not fully qualified, it is relative to the directory + specified by the _p_l_u_g_i_n___d_i_r Path setting, which defaults to + _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. In other words: Plugin sudoers_policy sudoers.so @@ -52,17 +52,24 @@ DDEESSCCRRIIPPTTIIOONN Plugin sudoers_policy /usr/local/libexec/sudo/sudoers.so + If the plugin was compiled statically into the ssuuddoo binary instead of + being installed as a dynamic shared object, the _p_a_t_h should be specified + without a leading directory, as it does not actually exist in the file + system. For example: + + Plugin sudoers_policy sudoers.so + Starting with ssuuddoo 1.8.5, any additional parameters after the _p_a_t_h are passed as arguments to the plugin's _o_p_e_n function. For example, to override the compile-time default sudoers file mode: Plugin sudoers_policy sudoers.so sudoers_mode=0440 - The same shared object may contain multiple plugins, each with a - different symbol name. The shared object file must be owned by uid 0 and - only writable by its owner. Because of ambiguities that arise from - composite policies, only a single policy plugin may be specified. This - limitation does not apply to I/O plugins. + The same dynamic shared object may contain multiple plugins, each with a + different symbol name. The file must be owned by uid 0 and only writable + by its owner. Because of ambiguities that arise from composite policies, + only a single policy plugin may be specified. This limitation does not + apply to I/O plugins. If no ssuuddoo..ccoonnff file is present, or if it contains no Plugin lines, the ssuuddooeerrss plugin will be used as the default security policy and for I/O @@ -197,6 +204,21 @@ DDEESSCCRRIIPPTTIIOONN This setting is only available in ssuuddoo version 1.8.7 and higher. + probe_interfaces + By default, ssuuddoo will probe the system's network interfaces and + pass the IP address of each enabled interface to the policy + plugin. This makes it possible for the plugin to match rules + based on the IP address without having to query DNS. On Linux + systems with a large number of virtual interfaces, this may + take a non-negligible amount of time. If IP-based matching is + not required, network interface probing can be disabled as + follows: + + Set probe_interfaces false + + This setting is only available in ssuuddoo version 1.8.10 and + higher. + DDeebbuugg ffllaaggss ssuuddoo versions 1.8.4 and higher support a flexible debugging framework that can help track down what ssuuddoo is doing internally if there is a @@ -237,6 +259,8 @@ DDEESSCCRRIIPPTTIIOONN _e_d_i_t sudoedit + _e_v_e_n_t event subsystem + _e_x_e_c command execution _m_a_i_n ssuuddoo main function @@ -367,4 +391,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.8 August 13, 2013 Sudo 1.8.8 +Sudo 1.8.10 January 22, 2014 Sudo 1.8.10