1: static struct def_values def_data_lecture[] = {
2: { "never", never },
3: { "once", once },
4: { "always", always },
5: { NULL, 0 },
6: };
7:
8: static struct def_values def_data_listpw[] = {
9: { "never", never },
10: { "any", any },
11: { "all", all },
12: { "always", always },
13: { NULL, 0 },
14: };
15:
16: static struct def_values def_data_verifypw[] = {
17: { "never", never },
18: { "all", all },
19: { "any", any },
20: { "always", always },
21: { NULL, 0 },
22: };
23:
24: struct sudo_defs_types sudo_defs_table[] = {
25: {
26: "syslog", T_LOGFAC|T_BOOL,
27: N_("Syslog facility if syslog is being used for logging: %s"),
28: NULL,
29: }, {
30: "syslog_goodpri", T_LOGPRI,
31: N_("Syslog priority to use when user authenticates successfully: %s"),
32: NULL,
33: }, {
34: "syslog_badpri", T_LOGPRI,
35: N_("Syslog priority to use when user authenticates unsuccessfully: %s"),
36: NULL,
37: }, {
38: "long_otp_prompt", T_FLAG,
39: N_("Put OTP prompt on its own line"),
40: NULL,
41: }, {
42: "ignore_dot", T_FLAG,
43: N_("Ignore '.' in $PATH"),
44: NULL,
45: }, {
46: "mail_always", T_FLAG,
47: N_("Always send mail when sudo is run"),
48: NULL,
49: }, {
50: "mail_badpass", T_FLAG,
51: N_("Send mail if user authentication fails"),
52: NULL,
53: }, {
54: "mail_no_user", T_FLAG,
55: N_("Send mail if the user is not in sudoers"),
56: NULL,
57: }, {
58: "mail_no_host", T_FLAG,
59: N_("Send mail if the user is not in sudoers for this host"),
60: NULL,
61: }, {
62: "mail_no_perms", T_FLAG,
63: N_("Send mail if the user is not allowed to run a command"),
64: NULL,
65: }, {
66: "tty_tickets", T_FLAG,
67: N_("Use a separate timestamp for each user/tty combo"),
68: NULL,
69: }, {
70: "lecture", T_TUPLE|T_BOOL,
71: N_("Lecture user the first time they run sudo"),
72: def_data_lecture,
73: }, {
74: "lecture_file", T_STR|T_PATH|T_BOOL,
75: N_("File containing the sudo lecture: %s"),
76: NULL,
77: }, {
78: "authenticate", T_FLAG,
79: N_("Require users to authenticate by default"),
80: NULL,
81: }, {
82: "root_sudo", T_FLAG,
83: N_("Root may run sudo"),
84: NULL,
85: }, {
86: "log_host", T_FLAG,
87: N_("Log the hostname in the (non-syslog) log file"),
88: NULL,
89: }, {
90: "log_year", T_FLAG,
91: N_("Log the year in the (non-syslog) log file"),
92: NULL,
93: }, {
94: "shell_noargs", T_FLAG,
95: N_("If sudo is invoked with no arguments, start a shell"),
96: NULL,
97: }, {
98: "set_home", T_FLAG,
99: N_("Set $HOME to the target user when starting a shell with -s"),
100: NULL,
101: }, {
102: "always_set_home", T_FLAG,
103: N_("Always set $HOME to the target user's home directory"),
104: NULL,
105: }, {
106: "path_info", T_FLAG,
107: N_("Allow some information gathering to give useful error messages"),
108: NULL,
109: }, {
110: "fqdn", T_FLAG,
111: N_("Require fully-qualified hostnames in the sudoers file"),
112: NULL,
113: }, {
114: "insults", T_FLAG,
115: N_("Insult the user when they enter an incorrect password"),
116: NULL,
117: }, {
118: "requiretty", T_FLAG,
119: N_("Only allow the user to run sudo if they have a tty"),
120: NULL,
121: }, {
122: "env_editor", T_FLAG,
123: N_("Visudo will honor the EDITOR environment variable"),
124: NULL,
125: }, {
126: "rootpw", T_FLAG,
127: N_("Prompt for root's password, not the users's"),
128: NULL,
129: }, {
130: "runaspw", T_FLAG,
131: N_("Prompt for the runas_default user's password, not the users's"),
132: NULL,
133: }, {
134: "targetpw", T_FLAG,
135: N_("Prompt for the target user's password, not the users's"),
136: NULL,
137: }, {
138: "use_loginclass", T_FLAG,
139: N_("Apply defaults in the target user's login class if there is one"),
140: NULL,
141: }, {
142: "set_logname", T_FLAG,
143: N_("Set the LOGNAME and USER environment variables"),
144: NULL,
145: }, {
146: "stay_setuid", T_FLAG,
147: N_("Only set the effective uid to the target user, not the real uid"),
148: NULL,
149: }, {
150: "preserve_groups", T_FLAG,
151: N_("Don't initialize the group vector to that of the target user"),
152: NULL,
153: }, {
154: "loglinelen", T_UINT|T_BOOL,
155: N_("Length at which to wrap log file lines (0 for no wrap): %u"),
156: NULL,
157: }, {
158: "timestamp_timeout", T_FLOAT|T_BOOL,
159: N_("Authentication timestamp timeout: %.1f minutes"),
160: NULL,
161: }, {
162: "passwd_timeout", T_FLOAT|T_BOOL,
163: N_("Password prompt timeout: %.1f minutes"),
164: NULL,
165: }, {
166: "passwd_tries", T_UINT,
167: N_("Number of tries to enter a password: %u"),
168: NULL,
169: }, {
170: "umask", T_MODE|T_BOOL,
171: N_("Umask to use or 0777 to use user's: 0%o"),
172: NULL,
173: }, {
174: "logfile", T_STR|T_BOOL|T_PATH,
175: N_("Path to log file: %s"),
176: NULL,
177: }, {
178: "mailerpath", T_STR|T_BOOL|T_PATH,
179: N_("Path to mail program: %s"),
180: NULL,
181: }, {
182: "mailerflags", T_STR|T_BOOL,
183: N_("Flags for mail program: %s"),
184: NULL,
185: }, {
186: "mailto", T_STR|T_BOOL,
187: N_("Address to send mail to: %s"),
188: NULL,
189: }, {
190: "mailfrom", T_STR|T_BOOL,
191: N_("Address to send mail from: %s"),
192: NULL,
193: }, {
194: "mailsub", T_STR,
195: N_("Subject line for mail messages: %s"),
196: NULL,
197: }, {
198: "badpass_message", T_STR,
199: N_("Incorrect password message: %s"),
200: NULL,
201: }, {
202: "lecture_status_dir", T_STR|T_PATH,
203: N_("Path to lecture status dir: %s"),
204: NULL,
205: }, {
206: "timestampdir", T_STR|T_PATH,
207: N_("Path to authentication timestamp dir: %s"),
208: NULL,
209: }, {
210: "timestampowner", T_STR,
211: N_("Owner of the authentication timestamp dir: %s"),
212: NULL,
213: }, {
214: "exempt_group", T_STR|T_BOOL,
215: N_("Users in this group are exempt from password and PATH requirements: %s"),
216: NULL,
217: }, {
218: "passprompt", T_STR,
219: N_("Default password prompt: %s"),
220: NULL,
221: }, {
222: "passprompt_override", T_FLAG,
223: N_("If set, passprompt will override system prompt in all cases."),
224: NULL,
225: }, {
226: "runas_default", T_STR,
227: N_("Default user to run commands as: %s"),
228: NULL,
229: }, {
230: "secure_path", T_STR|T_BOOL,
231: N_("Value to override user's $PATH with: %s"),
232: NULL,
233: }, {
234: "editor", T_STR|T_PATH,
235: N_("Path to the editor for use by visudo: %s"),
236: NULL,
237: }, {
238: "listpw", T_TUPLE|T_BOOL,
239: N_("When to require a password for 'list' pseudocommand: %s"),
240: def_data_listpw,
241: }, {
242: "verifypw", T_TUPLE|T_BOOL,
243: N_("When to require a password for 'verify' pseudocommand: %s"),
244: def_data_verifypw,
245: }, {
246: "noexec", T_FLAG,
247: N_("Preload the dummy exec functions contained in the sudo_noexec library"),
248: NULL,
249: }, {
250: "ignore_local_sudoers", T_FLAG,
251: N_("If LDAP directory is up, do we ignore local sudoers file"),
252: NULL,
253: }, {
254: "closefrom", T_INT,
255: N_("File descriptors >= %d will be closed before executing a command"),
256: NULL,
257: }, {
258: "closefrom_override", T_FLAG,
259: N_("If set, users may override the value of `closefrom' with the -C option"),
260: NULL,
261: }, {
262: "setenv", T_FLAG,
263: N_("Allow users to set arbitrary environment variables"),
264: NULL,
265: }, {
266: "env_reset", T_FLAG,
267: N_("Reset the environment to a default set of variables"),
268: NULL,
269: }, {
270: "env_check", T_LIST|T_BOOL,
271: N_("Environment variables to check for sanity:"),
272: NULL,
273: }, {
274: "env_delete", T_LIST|T_BOOL,
275: N_("Environment variables to remove:"),
276: NULL,
277: }, {
278: "env_keep", T_LIST|T_BOOL,
279: N_("Environment variables to preserve:"),
280: NULL,
281: }, {
282: "role", T_STR,
283: N_("SELinux role to use in the new security context: %s"),
284: NULL,
285: }, {
286: "type", T_STR,
287: N_("SELinux type to use in the new security context: %s"),
288: NULL,
289: }, {
290: "env_file", T_STR|T_PATH|T_BOOL,
291: N_("Path to the sudo-specific environment file: %s"),
292: NULL,
293: }, {
294: "sudoers_locale", T_STR,
295: N_("Locale to use while parsing sudoers: %s"),
296: NULL,
297: }, {
298: "visiblepw", T_FLAG,
299: N_("Allow sudo to prompt for a password even if it would be visible"),
300: NULL,
301: }, {
302: "pwfeedback", T_FLAG,
303: N_("Provide visual feedback at the password prompt when there is user input"),
304: NULL,
305: }, {
306: "fast_glob", T_FLAG,
307: N_("Use faster globbing that is less accurate but does not access the filesystem"),
308: NULL,
309: }, {
310: "umask_override", T_FLAG,
311: N_("The umask specified in sudoers will override the user's, even if it is more permissive"),
312: NULL,
313: }, {
314: "log_input", T_FLAG,
315: N_("Log user's input for the command being run"),
316: NULL,
317: }, {
318: "log_output", T_FLAG,
319: N_("Log the output of the command being run"),
320: NULL,
321: }, {
322: "compress_io", T_FLAG,
323: N_("Compress I/O logs using zlib"),
324: NULL,
325: }, {
326: "use_pty", T_FLAG,
327: N_("Always run commands in a pseudo-tty"),
328: NULL,
329: }, {
330: "group_plugin", T_STR,
331: N_("Plugin for non-Unix group support: %s"),
332: NULL,
333: }, {
334: "iolog_dir", T_STR|T_PATH,
335: N_("Directory in which to store input/output logs: %s"),
336: NULL,
337: }, {
338: "iolog_file", T_STR,
339: N_("File in which to store the input/output log: %s"),
340: NULL,
341: }, {
342: "set_utmp", T_FLAG,
343: N_("Add an entry to the utmp/utmpx file when allocating a pty"),
344: NULL,
345: }, {
346: "utmp_runas", T_FLAG,
347: N_("Set the user in utmp to the runas user, not the invoking user"),
348: NULL,
349: }, {
350: "privs", T_STR,
351: N_("Set of permitted privileges"),
352: NULL,
353: }, {
354: "limitprivs", T_STR,
355: N_("Set of limit privileges"),
356: NULL,
357: }, {
358: "exec_background", T_FLAG,
359: N_("Run commands on a pty in the background"),
360: NULL,
361: }, {
362: "pam_service", T_STR,
363: N_("PAM service name to use"),
364: NULL,
365: }, {
366: "pam_login_service", T_STR,
367: N_("PAM service name to use for login shells"),
368: NULL,
369: }, {
370: "pam_setcred", T_FLAG,
371: N_("Attempt to establish PAM credentials for the target user"),
372: NULL,
373: }, {
374: "pam_session", T_FLAG,
375: N_("Create a new PAM session for the command to run in"),
376: NULL,
377: }, {
378: "maxseq", T_UINT,
379: N_("Maximum I/O log sequence number: %u"),
380: NULL,
381: }, {
382: "use_netgroups", T_FLAG,
383: N_("Enable sudoers netgroup support"),
384: NULL,
385: }, {
386: NULL, 0, NULL
387: }
388: };
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to def_data.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers