version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.5, 2013/10/14 07:56:34
|
Line 793 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
Line 793 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
to the home directory of the target user (which is root |
to the home directory of the target user (which is root |
unless the --uu option is used). This effectively means |
unless the --uu option is used). This effectively means |
that the --HH option is always implied. Note that HOME |
that the --HH option is always implied. Note that HOME |
is already set when the the _e_n_v___r_e_s_e_t option is | is already set when the _e_n_v___r_e_s_e_t option is enabled, so |
enabled, so _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for | _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for configurations |
configurations where either _e_n_v___r_e_s_e_t is disabled or | where either _e_n_v___r_e_s_e_t is disabled or HOME is present |
HOME is present in the _e_n_v___k_e_e_p list. This flag is _o_f_f | in the _e_n_v___k_e_e_p list. This flag is _o_f_f by default. |
by default. | |
|
|
authenticate If set, users must authenticate themselves via a |
authenticate If set, users must authenticate themselves via a |
password (or other means of authentication) before they |
password (or other means of authentication) before they |
Line 1049 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
Line 1048 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
implementations or on operating systems where opening a |
implementations or on operating systems where opening a |
PAM session changes the utmp or wtmp files. If PAM |
PAM session changes the utmp or wtmp files. If PAM |
session support is disabled, resource limits may not be |
session support is disabled, resource limits may not be |
updated for the command being run. This flag is _o_n by | updated for the command being run. If _p_a_m___s_e_s_s_i_o_n, |
default. | _p_a_m___s_e_t_c_r_e_d, and _u_s_e___p_t_y are disabled and I/O logging |
| has not been configured, ssuuddoo will execute the command |
| directly instead of running it as a child process. |
| This flag is _o_n by default. |
|
|
This setting is only supported by version 1.8.7 or |
This setting is only supported by version 1.8.7 or |
higher. |
higher. |
|
|
|
pam_setcred On systems that use PAM for authentication, ssuuddoo will |
|
attempt to establish credentials for the target user by |
|
default, if supported by the underlying authentication |
|
system. One example of a credential is a Kerberos |
|
ticket. If _p_a_m___s_e_s_s_i_o_n, _p_a_m___s_e_t_c_r_e_d, and _u_s_e___p_t_y are |
|
disabled and I/O logging has not been configured, ssuuddoo |
|
will execute the command directly instead of running it |
|
as a child process. This flag is _o_n by default. |
|
|
|
This setting is only supported by version 1.8.8 or |
|
higher. |
|
|
passprompt_override |
passprompt_override |
The password prompt specified by _p_a_s_s_p_r_o_m_p_t will |
The password prompt specified by _p_a_s_s_p_r_o_m_p_t will |
normally only be used if the password prompt provided |
normally only be used if the password prompt provided |
Line 1119 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
Line 1133 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
directory of the target user (which is root unless the |
directory of the target user (which is root unless the |
--uu option is used). This effectively makes the --ss |
--uu option is used). This effectively makes the --ss |
option imply --HH. Note that HOME is already set when |
option imply --HH. Note that HOME is already set when |
the the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is | the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is only |
only effective for configurations where either | effective for configurations where either _e_n_v___r_e_s_e_t is |
_e_n_v___r_e_s_e_t is disabled or HOME is present in the | disabled or HOME is present in the _e_n_v___k_e_e_p list. This |
_e_n_v___k_e_e_p list. This flag is _o_f_f by default. | flag is _o_f_f by default. |
|
|
set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME |
set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME |
environment variables to the name of the target user |
environment variables to the name of the target user |
Line 1376 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
Line 1390 SSUUDDOOEERRSS OOPPTTIIOONNSS
|
supported. The path to the noexec file should now be |
supported. The path to the noexec file should now be |
set in the sudo.conf(4) file. |
set in the sudo.conf(4) file. |
|
|
|
pam_login_service |
|
On systems that use PAM for authentication, this is the |
|
service name used when the --ii option is specified. The |
|
default value is ``sudo''. See the description of |
|
_p_a_m___s_e_r_v_i_c_e for more information. |
|
|
|
This setting is only supported by version 1.8.8 or |
|
higher. |
|
|
|
pam_service On systems that use PAM for authentication, the service |
|
name specifies the PAM policy to apply. This usually |
|
corresponds to an entry in the _p_a_m_._c_o_n_f file or a file |
|
in the _/_e_t_c_/_p_a_m_._d directory. The default value is |
|
``sudo''. |
|
|
|
This setting is only supported by version 1.8.8 or |
|
higher. |
|
|
passprompt The default prompt to use when asking for a password; |
passprompt The default prompt to use when asking for a password; |
can be overridden via the --pp option or the SUDO_PROMPT |
can be overridden via the --pp option or the SUDO_PROMPT |
environment variable. The following percent (`%') |
environment variable. The following percent (`%') |
Line 1888 EEXXAAMMPPLLEESS
|
Line 1920 EEXXAAMMPPLLEESS
|
file and make sure we log the year in each log line since the log entries |
file and make sure we log the year in each log line since the log entries |
will be kept around for several years. Lastly, we disable shell escapes |
will be kept around for several years. Lastly, we disable shell escapes |
for the commands in the PAGERS Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and |
for the commands in the PAGERS Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and |
_/_u_s_r_/_b_i_n_/_l_e_s_s). | _/_u_s_r_/_b_i_n_/_l_e_s_s). Note that this will not effectively constrain users with |
| ssuuddoo AALLLL privileges. |
|
|
# Override built-in defaults |
# Override built-in defaults |
Defaults syslog=auth |
Defaults syslog=auth |
Line 1993 EEXXAAMMPPLLEESS
|
Line 2026 EEXXAAMMPPLLEESS
|
|
|
For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run any commands in |
For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run any commands in |
the directory _/_u_s_r_/_b_i_n_/ except for those commands belonging to the _S_U and |
the directory _/_u_s_r_/_b_i_n_/ except for those commands belonging to the _S_U and |
_S_H_E_L_L_S Cmnd_Aliases. | _S_H_E_L_L_S Cmnd_Aliases. While not specifically mentioned in the rule, the |
| commands in the _P_A_G_E_R_S Cmnd_Alias all reside in _/_u_s_r_/_b_i_n and have the |
| _n_o_e_x_e_c option set. |
|
|
steve CSNETS = (operator) /usr/local/op_commands/ |
steve CSNETS = (operator) /usr/local/op_commands/ |
|
|
Line 2237 DDIISSCCLLAAIIMMEERR
|
Line 2272 DDIISSCCLLAAIIMMEERR
|
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for |
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for |
complete details. |
complete details. |
|
|
Sudo 1.8.7 April 30, 2013 Sudo 1.8.7 | Sudo 1.8.8 August 31, 2013 Sudo 1.8.8 |