isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

No longer used now that we have configure options for everything.

Browse Source
This commit is contained in:
Todd C. Miller
1999-01-17 21:33:55 +00:00
parent ab576d5bd4
commit 2853eeffaa
1 changed files with 0 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

248
OPTIONS
View File

@@ -1,248 +0,0 @@
The following options may be used to configure sudo 1.4
RUNAS_DEFAULT
The default user to run commands as if the -u flag is not specified
on the command line. This defaults to "root".
FQDN
Define this if you want to put fully qualified hostnames in the sudoers
file. Ie: instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
Beware that turning FQDN on requires sudo to make DNS lookups which
may make sudo unusable if your DNS is totally hosed.
Also note that you must use the host's official name as DNS knows it.
That is, you may not use a host alias (CNAME entry) due to performance
issues and the fact that there is no way to get all aliases from DNS.
This is off by default.
LOGGING
How you want to do your logging. Your choices are SLOG_SYSLOG, SLOG_FILE,
or SLOG_BOTH. Setting this to SYSLOG is nice because you can keep all
your sudo logs in one place. If you don't have syslog or if your syslog
is of an ancient vintage (4.2BSD, SunOS 3.x and all versions of Ultrix)
you should probably use FILE logging (the pathname for the log file is
in pathnames.h). If you are really serious about security you may want
to set LOGGING to SLOG_BOTH (to keep people from killing your syslog with
a denial of service attack while they do something nasty).
The default is to use SLOG_SYSLOG.
LOGFAC
What syslog facility to log to. This requires a 4.3BSD or later
version of syslog. You can still set this for ancient syslogs
but it will have no effect.
The default is to use LOG_LOCAL2 but you may want to use LOG_AUTH.
MAXLOGFILELEN
Number of characters per line for the file log. This is only
used if you are LOGGING to FILE or BOTH. MAXLOGFILELEN is used to
decide when to wrap lines for nicer log files. You can set it to 0
if you don't want any word wrapping in your log files.
The default is 80.
NO_ROOT_SUDO
Don't let root run sudo. This can be used to prevent people from
"chaining" sudo commands to get a root shell by doing something
like "sudo sudo /bin/sh".
This is off by default.
ALERTMAIL
User that mail from sudo is sent to. This should go to a sysadmin
at your site.
The default is "root".
SEND_MAIL_WHEN_NO_USER
Send mail to ALERMAIL if the user invoking sudo is not in the sudoers file.
You probably want this on so you can yell at people trying to use sudo
when they are not allowed to.
This is on by default.
SEND_MAIL_WHEN_NOT_OK
Send mail to ALERMAIL if the user is allowed to use sudo but the
command they are trying is not listed in their sudoers file entry.
This is off by default.
EXEMPTGROUP
If this is defined then users in the group defined by EXEMPTGROUP
don't need to enter a password when running sudo. This may be useful
for sites that don't want their "core" sysadmins to have to enter
a password but where Jr. sysadmins need to.
This is off by default.
ENV_EDITOR
Makes visudo consult the EDITOR and VISUAL environmental variables
before falling back on the default editor. Note that this may create
a security hole as most editors allow a user to get a shell (which would
be a root shell and hence, no logging).
This is off by default.
SHORT_MESSAGE
Omits the copyright message from the "lecture" one gets when running
sudo for the first time on a machine.
This is on by default.
NO_MESSAGE
Omits the "lecture" one gets when running sudo for the first time
on a machine.
This is off by default.
TIMEOUT
Number of minutes that can elapse before sudo will ask for a passwd again.
The default is 5, set this to 0 to always prompt for a password.
PASSWORD_TIMEOUT
Number of minutes before the sudo password prompt times out.
The default is 5, set this to 0 for no password timeout.
TRIES_FOR_PASSWORD
Number of tries a user gets to enter his/her password before sudo
logs the failure and exits.
The default is 3.
USE_INSULTS
Define this if you want to be insulted for typing an incorrect password
just like the original sudo(8).
This is off by default.
CLASSIC_INSULTS
Uses insults from sudo "classic." If you just define USE_INSULTS
you will get the classic and CSOps insults.
This is on by default if USE_INSULTS is defined.
HAL_INSULTS
Uses 2001-like insults when an incorrect password is entered. You must
define USE_INSULTS as well for this to have any effect.
This is off by default.
GOONS_INSULTS
Insults the user with lines from the "Goon Show" when an incorrect
password is entered. You must define USE_INSULTS as well for this
to have any effect.
This is off by default.
CSOPS_INSULTS
Insults the user with an extra set of insults (some quotes, some original)
from a sysadmin group at CU (CSOps). You must define USE_INSULTS as well
for this to have any effect.
This is on by default if USE_INSULTS is defined.
EDITOR
This is the default editor used by visudo (and the only editor used unless
ENV_EDITOR is defined).
The default is _PATH_VI (where vi lives).
MAILER
Mailer used to send mail when someone tries to sudo and access is denied.
As such, this should not be /usr/ucb/Mail or mailx. Sudo is setup to
use sendmail, but it should be possible to use smail as well.
The default is _PATH_SENDMAIL (where sendmail lives).
UMASK
Umask to use when running the root command. If you do not define this
sudo will preserve the umask of the user invoking sudo.
The default is 0022.
INCORRECT_PASSWORD
Message that is displayed if a user enters an incorrect password.
The default is "Sorry, try again."
MAILSUBJECT
Subject of the mail sent to the ALERTMAIL user. The token "%h"
will expand to the hostname of the machine.
Default is "*** SECURITY information for %h ***".
PASSPROMPT
Default prompt to use when asking for a password. Can be overridden
via the -p option. Supports two escapes: "%u" expands to the
user's login name and "%h" expands to the local hostname.
Default is "Password:".
SECURE_PATH
Path used for every command run from sudo(8). If you don't trust
the people running sudo to have a sane PATH environmental variable
you may want to define SECURE_PATH. Another use is if you want to
have the "root path" be separate from the "user path." You will
need to customize the path for your site.
NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP.
This is off by default.
IGNORE_DOT_PATH
If defined, sudo will ignore '.' or '' (current dir) in $PATH.
The $PATH itself is not modified.
This is off by default.
USE_EXECV
Use execv() to exec the command instead of execvp(). I can't think of
a reason to actually do this since execvp() is passed a fully qualified
pathname but someone might thoroughly distrust execvp(). Note that if
you define this you lose the ability to exec scripts that are missing the
'#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
This is off by default.
SHELL_IF_NO_ARGS
If sudo is invoked with no arguments it acts as if the "-s" flag
had been given. Namely, it runs a shell as root (the shell is
determined by the SHELL envariable, falling back on the shell listed
in the invoking user's /etc/passwd entry).
This is off by default.
SHELL_SETS_HOME
If sudo is invoked with the "-s" flag the HOME environmental variable
will be set to the home directory of the target user (which is root
unless the "-u" option is used). This option effectively makes the
"-s" flag imply "-H".
This is off by default.
USE_TTY_TICKETS
This makes sudo use a different ticket file for each tty (per user).
Ie: instead of the ticket file being "username" it is "username.tty".
This offers increased security in an open lab or with "shared"
accounts like "operator." Note that this means that there will
be more files in the timestamp dir. This is not a problem is your
system has a cron job to remove of files from /tmp (or wherever
you specified the timestamp dir to be).
This feature is off by default.
STUB_LOAD_INTERFACES
This option keeps sudo from trying to glean the ip address from
each attached ethernet interface. It is only useful on a machine
where sudo's interface reading support does not work, which may
be the case on some SysV-based OS's.
FAST_MATCH
When matching a given command to a path listed in the sudoers file,
only check the inodes for a match if the basenames match.
If you want links to a command to be allowed then you should turn
this off, but it will make things take a little longer.
This is on by default.
OTP_ONLY
When validating the user, only allow a One Time Password (OTP)
passkey. Do not compare against the passwd file or use any
other authentication scheme. This is only useful if you want
to force people to use s/key or opie.
This feature is off by default.
LONG_OTP_PROMPT
When validating with a One Time Password scheme (s/key or opie)
a two-line prompt is used to make it easier to cut and paste
the challenge to a local window. It's not as pretty as the
default but some people find it more convenient.
This feature is off by default.
SUDOERS_MODE
File mode for the sudoers file (octal). Note that if you
wish to NFS-mount the sudoers file this must be group
readable. Also Note that this is usually set in the Makefile.
The default mode is 0440.
SUDOERS_UID
User id that "owns" the sudoers file. Note that this is the
numeric id, *not* the symbolic name. Also Note that this is
usually set in the Makefile.
The default is 0.
SUDOERS_GID
Group id that "owns" the sudoers file. Note that this is the
numeric id, *not* the symbolic name. Also note that this is
usually set in the Makefile.
The default is 0.