|
version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.5, 2013/10/14 07:56:34
|
|
Line 793 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
Line 793 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
| to the home directory of the target user (which is root |
to the home directory of the target user (which is root |
| unless the -�-u�u option is used). This effectively means |
unless the -�-u�u option is used). This effectively means |
| that the -�-H�H option is always implied. Note that HOME |
that the -�-H�H option is always implied. Note that HOME |
| is already set when the the _�e_�n_�v_�__�r_�e_�s_�e_�t option is | is already set when the _�e_�n_�v_�__�r_�e_�s_�e_�t option is enabled, so |
| enabled, so _�a_�l_�w_�a_�y_�s_�__�s_�e_�t_�__�h_�o_�m_�e is only effective for | _�a_�l_�w_�a_�y_�s_�__�s_�e_�t_�__�h_�o_�m_�e is only effective for configurations |
| configurations where either _�e_�n_�v_�__�r_�e_�s_�e_�t is disabled or | where either _�e_�n_�v_�__�r_�e_�s_�e_�t is disabled or HOME is present |
| HOME is present in the _�e_�n_�v_�__�k_�e_�e_�p list. This flag is _�o_�f_�f | in the _�e_�n_�v_�__�k_�e_�e_�p list. This flag is _�o_�f_�f by default. |
| by default. | |
| |
|
| authenticate If set, users must authenticate themselves via a |
authenticate If set, users must authenticate themselves via a |
| password (or other means of authentication) before they |
password (or other means of authentication) before they |
|
Line 1049 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
Line 1048 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
| implementations or on operating systems where opening a |
implementations or on operating systems where opening a |
| PAM session changes the utmp or wtmp files. If PAM |
PAM session changes the utmp or wtmp files. If PAM |
| session support is disabled, resource limits may not be |
session support is disabled, resource limits may not be |
| updated for the command being run. This flag is _�o_�n by | updated for the command being run. If _�p_�a_�m_�__�s_�e_�s_�s_�i_�o_�n, |
| default. | _�p_�a_�m_�__�s_�e_�t_�c_�r_�e_�d, and _�u_�s_�e_�__�p_�t_�y are disabled and I/O logging |
| | has not been configured, s�su�ud�do�o will execute the command |
| | directly instead of running it as a child process. |
| | This flag is _�o_�n by default. |
| |
|
| This setting is only supported by version 1.8.7 or |
This setting is only supported by version 1.8.7 or |
| higher. |
higher. |
| |
|
| |
pam_setcred On systems that use PAM for authentication, s�su�ud�do�o will |
| |
attempt to establish credentials for the target user by |
| |
default, if supported by the underlying authentication |
| |
system. One example of a credential is a Kerberos |
| |
ticket. If _�p_�a_�m_�__�s_�e_�s_�s_�i_�o_�n, _�p_�a_�m_�__�s_�e_�t_�c_�r_�e_�d, and _�u_�s_�e_�__�p_�t_�y are |
| |
disabled and I/O logging has not been configured, s�su�ud�do�o |
| |
will execute the command directly instead of running it |
| |
as a child process. This flag is _�o_�n by default. |
| |
|
| |
This setting is only supported by version 1.8.8 or |
| |
higher. |
| |
|
| passprompt_override |
passprompt_override |
| The password prompt specified by _�p_�a_�s_�s_�p_�r_�o_�m_�p_�t will |
The password prompt specified by _�p_�a_�s_�s_�p_�r_�o_�m_�p_�t will |
| normally only be used if the password prompt provided |
normally only be used if the password prompt provided |
|
Line 1119 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
Line 1133 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
| directory of the target user (which is root unless the |
directory of the target user (which is root unless the |
| -�-u�u option is used). This effectively makes the -�-s�s |
-�-u�u option is used). This effectively makes the -�-s�s |
| option imply -�-H�H. Note that HOME is already set when |
option imply -�-H�H. Note that HOME is already set when |
| the the _�e_�n_�v_�__�r_�e_�s_�e_�t option is enabled, so _�s_�e_�t_�__�h_�o_�m_�e is | the _�e_�n_�v_�__�r_�e_�s_�e_�t option is enabled, so _�s_�e_�t_�__�h_�o_�m_�e is only |
| only effective for configurations where either | effective for configurations where either _�e_�n_�v_�__�r_�e_�s_�e_�t is |
| _�e_�n_�v_�__�r_�e_�s_�e_�t is disabled or HOME is present in the | disabled or HOME is present in the _�e_�n_�v_�__�k_�e_�e_�p list. This |
| _�e_�n_�v_�__�k_�e_�e_�p list. This flag is _�o_�f_�f by default. | flag is _�o_�f_�f by default. |
| |
|
| set_logname Normally, s�su�ud�do�o will set the LOGNAME, USER and USERNAME |
set_logname Normally, s�su�ud�do�o will set the LOGNAME, USER and USERNAME |
| environment variables to the name of the target user |
environment variables to the name of the target user |
|
Line 1376 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
Line 1390 S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S
|
| supported. The path to the noexec file should now be |
supported. The path to the noexec file should now be |
| set in the sudo.conf(4) file. |
set in the sudo.conf(4) file. |
| |
|
| |
pam_login_service |
| |
On systems that use PAM for authentication, this is the |
| |
service name used when the -�-i�i option is specified. The |
| |
default value is ``sudo''. See the description of |
| |
_�p_�a_�m_�__�s_�e_�r_�v_�i_�c_�e for more information. |
| |
|
| |
This setting is only supported by version 1.8.8 or |
| |
higher. |
| |
|
| |
pam_service On systems that use PAM for authentication, the service |
| |
name specifies the PAM policy to apply. This usually |
| |
corresponds to an entry in the _�p_�a_�m_�._�c_�o_�n_�f file or a file |
| |
in the _�/_�e_�t_�c_�/_�p_�a_�m_�._�d directory. The default value is |
| |
``sudo''. |
| |
|
| |
This setting is only supported by version 1.8.8 or |
| |
higher. |
| |
|
| passprompt The default prompt to use when asking for a password; |
passprompt The default prompt to use when asking for a password; |
| can be overridden via the -�-p�p option or the SUDO_PROMPT |
can be overridden via the -�-p�p option or the SUDO_PROMPT |
| environment variable. The following percent (`%') |
environment variable. The following percent (`%') |
|
Line 1888 E�EX�XA�AM�MP�PL�LE�ES�S
|
Line 1920 E�EX�XA�AM�MP�PL�LE�ES�S
|
| file and make sure we log the year in each log line since the log entries |
file and make sure we log the year in each log line since the log entries |
| will be kept around for several years. Lastly, we disable shell escapes |
will be kept around for several years. Lastly, we disable shell escapes |
| for the commands in the PAGERS Cmnd_Alias (_�/_�u_�s_�r_�/_�b_�i_�n_�/_�m_�o_�r_�e, _�/_�u_�s_�r_�/_�b_�i_�n_�/_�p_�g and |
for the commands in the PAGERS Cmnd_Alias (_�/_�u_�s_�r_�/_�b_�i_�n_�/_�m_�o_�r_�e, _�/_�u_�s_�r_�/_�b_�i_�n_�/_�p_�g and |
| _�/_�u_�s_�r_�/_�b_�i_�n_�/_�l_�e_�s_�s). | _�/_�u_�s_�r_�/_�b_�i_�n_�/_�l_�e_�s_�s). Note that this will not effectively constrain users with |
| | s�su�ud�do�o A�AL�LL�L privileges. |
| |
|
| # Override built-in defaults |
# Override built-in defaults |
| Defaults syslog=auth |
Defaults syslog=auth |
|
Line 1993 E�EX�XA�AM�MP�PL�LE�ES�S
|
Line 2026 E�EX�XA�AM�MP�PL�LE�ES�S
|
| |
|
| For any machine in the _�S_�E_�R_�V_�E_�R_�S Host_Alias, j�ji�il�ll�l may run any commands in |
For any machine in the _�S_�E_�R_�V_�E_�R_�S Host_Alias, j�ji�il�ll�l may run any commands in |
| the directory _�/_�u_�s_�r_�/_�b_�i_�n_�/ except for those commands belonging to the _�S_�U and |
the directory _�/_�u_�s_�r_�/_�b_�i_�n_�/ except for those commands belonging to the _�S_�U and |
| _�S_�H_�E_�L_�L_�S Cmnd_Aliases. | _�S_�H_�E_�L_�L_�S Cmnd_Aliases. While not specifically mentioned in the rule, the |
| | commands in the _�P_�A_�G_�E_�R_�S Cmnd_Alias all reside in _�/_�u_�s_�r_�/_�b_�i_�n and have the |
| | _�n_�o_�e_�x_�e_�c option set. |
| |
|
| steve CSNETS = (operator) /usr/local/op_commands/ |
steve CSNETS = (operator) /usr/local/op_commands/ |
| |
|
|
Line 2237 D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
|
Line 2272 D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
|
| file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for |
file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for |
| complete details. |
complete details. |
| |
|
| Sudo 1.8.7 April 30, 2013 Sudo 1.8.7 | Sudo 1.8.8 August 31, 2013 Sudo 1.8.8 |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoers.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc