isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mention plugins in the sudo manual and add some missing path

Browse Source 
substitution in the sudo_plugin manual.
This commit is contained in:
Todd C. Miller
2010-06-09 12:26:37 -04:00
parent 474392821e
commit 9d09966aad
6 changed files with 248 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
doc/sudo.cat
View File

@@ -11,7 +11,7 @@ SSYYNNOOPPSSIISS
ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --VV
ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]
ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0a2 June 3, 2010 1
1.8.0a2 June 9, 2010 1
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.8.0a2 June 3, 2010 2
1.8.0a2 June 9, 2010 2
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 June 3, 2010 3
1.8.0a2 June 9, 2010 3
@@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 June 3, 2010 4
1.8.0a2 June 9, 2010 4
@@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0a2 June 3, 2010 5
1.8.0a2 June 9, 2010 5
@@ -351,8 +351,55 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
matched is ALL, the user may set variables that would overwise be
forbidden. See _s_u_d_o_e_r_s(4) for more information.
PPLLUUGGIINNSS
ssuuddoo supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute their
own policy and I/O logging modules to work seemlessly with the ssuuddoo
front end.
Plugins are dynamically loaded based on the contents of the
_/_e_t_c_/_s_u_d_o_._c_o_n_f file. If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, ssuuddoo will
use the traditional _s_u_d_o_e_r_s security policy and I/O logging, which
corresponds to the following _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
#
# Default /etc/sudo.conf file
#
# Format:
# Plugin plugin_name plugin_path
#
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
A Plugin line consists of the Plugin keyword, followed by the
_s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.
The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
or relative. If not fully qualified it is relative to the
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
are ignored.
For more information, see the "_s_u_d_o___p_l_u_g_i_n(1m) manual."
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the exit status from ssuuddoo will
1.8.0a2 June 9, 2010 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
simply be the exit status of the program that was executed.
Otherwise, ssuuddoo quits with an exit value of 1 if there is a
@@ -388,18 +435,6 @@ SSEECCUURRIITTYY NNOOTTEESS
environment variables that ssuuddoo allows or denies is contained in the
output of sudo -V when run as root.
1.8.0a2 June 3, 2010 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
setuid executables, including ssuuddoo. Depending on the operating system
@@ -419,6 +454,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
not owned by root or if it is writable by a user other than root. On
systems that allow non-root users to give away files via _c_h_o_w_n(2), if
the time stamp directory is located in a directory writable by anyone
1.8.0a2 June 9, 2010 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
(e.g., _/_t_m_p), it is possible for a user to create the time stamp
directory before ssuuddoo is run. However, because ssuuddoo checks the
ownership and mode of the directory and its contents, the only damage
@@ -431,9 +478,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
appropriate owner (root) and permissions (0700) in the system startup
files.
ssuuddoo will not honor time stamps set far in the future. Timestamps with
a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
will log and complain. This is done to keep a user from creating
ssuuddoo will not honor time stamps set far in the future. Time stamps
with a date greater than current_time + 2 * TIMEOUT will be ignored and
sudo will log and complain. This is done to keep a user from creating
his/her own time stamp with a bogus date on systems that allow users to
give away files.
@@ -455,17 +502,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Administrators should not rely on this feature as it is not universally
available.
1.8.0a2 June 3, 2010 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Please note that ssuuddoo will normally only log the command it explicitly
runs. If a user runs a command such as sudo su or sudo sh, subsequent
commands run from that shell will _n_o_t be logged, nor will ssuuddoo's access
@@ -484,6 +520,18 @@ EENNVVIIRROONNMMEENNTT
HOME In --ss or --HH mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the
1.8.0a2 June 9, 2010 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
target user
PATH Set to a sane value if the _s_e_c_u_r_e___p_a_t_h sudoers option
@@ -517,21 +565,12 @@ EENNVVIIRROONNMMEENNTT
SUDO_EDITOR is not set
FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin configuration
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
_/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing time stamps
1.8.0a2 June 3, 2010 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
_/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on Linux and
AIX
@@ -547,6 +586,18 @@ EEXXAAMMPPLLEESS
$ sudo -u yaz ls ~yaz
1.8.0a2 June 9, 2010 9
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
To edit the _i_n_d_e_x_._h_t_m_l file as user www:
$ sudo -u www vi ~www/htdocs/index.html
@@ -571,7 +622,7 @@ EEXXAAMMPPLLEESS
SSEEEE AALLSSOO
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),
_v_i_s_u_d_o(1m)
"_s_u_d_o___p_l_u_g_i_n(1m), "_s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)""
AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this version consists
@@ -586,18 +637,6 @@ CCAAVVEEAATTSS
There is no easy way to prevent a user from gaining a root shell if
that user is allowed to run arbitrary commands via ssuuddoo. Also, many
programs (such as editors) allow the user to run commands via shell
1.8.0a2 June 3, 2010 9
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
escapes, thus avoiding ssuuddoo's checks. However, on most systems it is
possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality.
See the _s_u_d_o_e_r_s(4) manual for details.
@@ -613,6 +652,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
their own program that gives them a root shell regardless of any '!'
elements in the user specification.
1.8.0a2 June 9, 2010 10
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Running shell scripts via ssuuddoo can expose the same kernel bugs that
make setuid shell scripts unsafe on some operating systems (if your OS
has a /dev/fd/ directory, setuid shell scripts are generally safe).
@@ -633,6 +684,15 @@ DDIISSCCLLAAIIMMEERR
See the LICENSE file distributed with ssuuddoo or
http://www.sudo.ws/sudo/license.html for complete details.
PPOODD EERRRROORRSS
Hey! TThhee aabboovvee ddooccuummeenntt hhaadd ssoommee ccooddiinngg eerrrroorrss,, wwhhiicchh aarree eexxppllaaiinneedd
bbeellooww::
Around line 442:
Unterminated L<...> sequence
Around line 678:
Unterminated L<L<...>> sequence
@@ -655,6 +715,12 @@ DDIISSCCLLAAIIMMEERR
1.8.0a2 June 3, 2010 10
1.8.0a2 June 9, 2010 11

59
doc/sudo.man.in
View File

@@ -148,7 +148,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "June 3, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "June 9, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,7 +163,7 @@ sudo, sudoedit \- execute a command as another user
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
.PP
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
@@ -502,6 +502,44 @@ variables with one important exception. If the \fIsetenv\fR option
is set in \fIsudoers\fR, the command to be run has the \f(CW\*(C`SETENV\*(C'\fR tag
set or the command matched is \f(CW\*(C`ALL\*(C'\fR, the user may set variables
that would overwise be forbidden. See \fIsudoers\fR\|(@mansectform@) for more information.
.SH "PLUGINS"
.IX Header "PLUGINS"
\&\fBsudo\fR supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute
their own policy and I/O logging modules to work seemlessly with
the \fBsudo\fR front end.
.PP
Plugins are dynamically loaded based on the contents of the
\&\fI@sysconfdir@/sudo.conf\fR file. If no \fI@sysconfdir@/sudo.conf\fR
file is present, \fBsudo\fR will use the traditional \fIsudoers\fR security
policy and I/O logging, which corresponds to the following
\&\fI@sysconfdir@/sudo.conf\fR file.
.PP
.Vb 10
\& #
\& # Default @sysconfdir@/sudo.conf file
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
\& #
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
\& # The plugin_name corresponds to a global symbol in the plugin
\& # that contains the plugin interface structure.
\& #
\& Plugin policy_plugin sudoers.so
\& Plugin io_plugin sudoers.so
.Ve
.PP
A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword, followed by the
\&\fIsymbol_name\fR and the \fIpath\fR to the shared object containing the
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is
relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
after the \fIpath\fR are ignored.
.PP
For more information, see the \*(L"\fIsudo_plugin\fR\|(@mansectsu@) manual.\*(R"
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the exit status from \fBsudo\fR
@@ -574,7 +612,7 @@ instance) or create \fI@timedir@\fR with the appropriate owner (root)
and permissions (0700) in the system startup files.
.PP
\&\fBsudo\fR will not honor time stamps set far in the future.
Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
Time stamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
will be ignored and sudo will log and complain. This is done to
keep a user from creating his/her own time stamp with a bogus
date on systems that allow users to give away files.
@@ -672,6 +710,10 @@ Default editor to use in \fB\-e\fR (sudoedit) mode if \f(CW\*(C`SUDO_EDITOR\*(C'
is not set
.SH "FILES"
.IX Header "FILES"
.ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.el .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.IX Item "@sysconfdir@/sudo.conf"
\&\fBsudo\fR plugin configuration
.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
.el .IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers"
@@ -735,7 +777,7 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.IX Header "SEE ALSO"
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
.if \n(LC \&\fIlogin_cap\fR\|(3),
\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@)
\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), "\fIsudo_plugin\fR\|(@mansectsu@), "\fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)""
.SH "AUTHORS"
.IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years; this
@@ -790,3 +832,12 @@ including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0
file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
for complete details.
.SH "POD ERRORS"
.IX Header "POD ERRORS"
Hey! \fBThe above document had some coding errors, which are explained below:\fR
.IP "Around line 442:" 4
.IX Item "Around line 442:"
Unterminated L<...> sequence
.IP "Around line 678:" 4
.IX Item "Around line 678:"
Unterminated L<L<...>> sequence

47
doc/sudo.pod
View File

@@ -32,7 +32,7 @@ B<sudo> B<-v> [B<-AknS>]
S<[B<-a> I<auth_type>]>
S<[B<-D> I<level>]>
S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
S<[B<-u> I<username>|I<#uid>]>
S<[B<-u> I<user name>|I<#uid>]>
B<sudo> B<-l[l]> [B<-AknS>]
S<[B<-a> I<auth_type>]>
@@ -404,6 +404,43 @@ is set in I<sudoers>, the command to be run has the C<SETENV> tag
set or the command matched is C<ALL>, the user may set variables
that would overwise be forbidden. See L<sudoers(5)> for more information.
=head1 PLUGINS
B<sudo> supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute
their own policy and I/O logging modules to work seemlessly with
the B<sudo> front end.
Plugins are dynamically loaded based on the contents of the
F<@sysconfdir@/sudo.conf> file. If no F<@sysconfdir@/sudo.conf>
file is present, B<sudo> will use the traditional I<sudoers> security
policy and I/O logging, which corresponds to the following
F<@sysconfdir@/sudo.conf> file.
#
# Default @sysconfdir@/sudo.conf file
#
# Format:
# Plugin plugin_name plugin_path
#
# The plugin_path is relative to @prefix@/libexec unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
A C<Plugin> line consists of the C<Plugin> keyword, followed by the
I<symbol_name> and the I<path> to the shared object containing the
plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is
relative to the F<@prefix@/libexec> directory. Any additional parameters
after the I<path> are ignored.
For more information, see the L<sudo_plugin(8) manual.
=head1 RETURN VALUES
Upon successful execution of a program, the exit status from B<sudo>
@@ -477,7 +514,7 @@ instance) or create F<@timedir@> with the appropriate owner (root)
and permissions (0700) in the system startup files.
B<sudo> will not honor time stamps set far in the future.
Timestamps with a date greater than current_time + 2 * C<TIMEOUT>
Time stamps with a date greater than current_time + 2 * C<TIMEOUT>
will be ignored and sudo will log and complain. This is done to
keep a user from creating his/her own time stamp with a bogus
date on systems that allow users to give away files.
@@ -583,6 +620,10 @@ is not set
=over 24
=item F<@sysconfdir@/sudo.conf>
B<sudo> plugin configuration
=item F<@sysconfdir@/sudoers>
List of who can run what
@@ -636,7 +677,7 @@ to make the C<cd> and file redirection work.
L<grep(1)>, L<su(1)>, L<stat(2)>,
L<login_cap(3)>,
L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
L<passwd(5)>, L<sudoers(5)>, L<sudo_plugin(8), L<sudoreplay(8), L<visudo(8)>
=head1 AUTHORS

14
doc/sudo_plugin.cat
View File

@@ -30,8 +30,8 @@ SSuuddoo PPlluuggiinn AAPPII
The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
or relative. If not fully qualified it is relative to the
$prefix/libexec directory where the prefix is specified at build time
(/usr/local by default).
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
are ignored.
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid 0
@@ -45,9 +45,10 @@ SSuuddoo PPlluuggiinn AAPPII
# Format:
# Plugin plugin_name plugin_path
#
# The plugin_path relative to prefix/libexec unless fully qualified
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface.
# that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
@@ -57,7 +58,6 @@ SSuuddoo PPlluuggiinn AAPPII
global scope. This structure contains pointers to the functions that
implement the ssuuddoo policy checks. The name of the symbol should be
specified in _/_e_t_c_/_s_u_d_o_._c_o_n_f along with a path to the plugin so that
ssuuddoo can load it.
@@ -70,6 +70,8 @@ SSuuddoo PPlluuggiinn AAPPII
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
ssuuddoo can load it.
struct policy_plugin {
#define SUDO_POLICY_PLUGIN 1
unsigned int type; /* always SUDO_POLICY_PLUGIN */
@@ -125,8 +127,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a2 June 9, 2010 2

19
doc/sudo_plugin.man.in
View File

@@ -151,7 +151,7 @@ for policy and session logging. By default, the \fIsudoers\fR policy
plugin and an associated I/O logging plugin are used. Via the plugin
\&\s-1API\s0, \fBsudo\fR can be configured to use alternate policy and/or I/O
logging plugins provided by third parties. The plugins to be used
are specified via the \fI/etc/sudo.conf\fR file.
are specified via the \fI@sysconfdir@/sudo.conf\fR file.
.PP
The \s-1API\s0 is versioned with a major and minor number. The minor
version number is incremented when additions are made. The major
@@ -162,7 +162,7 @@ major version matches.
The plugin \s-1API\s0 is defined by the \f(CW\*(C`sudo_plugin.h\*(C'\fR header file.
.SS "The sudo.conf File"
.IX Subsection "The sudo.conf File"
The \fI/etc/sudo.conf\fR file contains plugin configuration directives.
The \fI@sysconfdir@/sudo.conf\fR file contains plugin configuration directives.
Currently, the only supported keyword is the \f(CW\*(C`Plugin\*(C'\fR directive,
which causes a plugin plugin to be loaded.
.PP
@@ -171,8 +171,8 @@ A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is
relative to the \f(CW$prefix\fR/libexec directory where the prefix is
specified at build time (/usr/local by default).
relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
after the \fIpath\fR are ignored.
.PP
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
@@ -180,16 +180,17 @@ different symbol name. The shared object file must be owned by uid
from composite policies, only a single policy plugin may be specified.
This limitation does not apply to I/O plugins.
.PP
.Vb 12
.Vb 10
\& #
\& # Default /etc/sudo.conf file
\& # Default @sysconfdir@/sudo.conf file
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
\& #
\& # The plugin_path relative to prefix/libexec unless fully qualified
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
\& # The plugin_name corresponds to a global symbol in the plugin
\& # that contains the plugin interface.
\& # that contains the plugin interface structure.
\& #
\& Plugin policy_plugin sudoers.so
\& Plugin io_plugin sudoers.so
@@ -199,7 +200,7 @@ This limitation does not apply to I/O plugins.
A policy plugin must declare and populate a \f(CW\*(C`policy_plugin\*(C'\fR struct
in the global scope. This structure contains pointers to the functions
that implement the \fBsudo\fR policy checks. The name of the symbol should
be specified in \fI/etc/sudo.conf\fR along with a path to the plugin
be specified in \fI@sysconfdir@/sudo.conf\fR along with a path to the plugin
so that \fBsudo\fR can load it.
.PP
.Vb 10

17
doc/sudo_plugin.pod
View File

@@ -22,7 +22,7 @@ for policy and session logging. By default, the I<sudoers> policy
plugin and an associated I/O logging plugin are used. Via the plugin
API, B<sudo> can be configured to use alternate policy and/or I/O
logging plugins provided by third parties. The plugins to be used
are specified via the F</etc/sudo.conf> file.
are specified via the F<@sysconfdir@/sudo.conf> file.
The API is versioned with a major and minor number. The minor
version number is incremented when additions are made. The major
@@ -34,7 +34,7 @@ The plugin API is defined by the C<sudo_plugin.h> header file.
=head2 The sudo.conf File
The F</etc/sudo.conf> file contains plugin configuration directives.
The F<@sysconfdir@/sudo.conf> file contains plugin configuration directives.
Currently, the only supported keyword is the C<Plugin> directive,
which causes a plugin plugin to be loaded.
@@ -43,8 +43,8 @@ I<symbol_name> and the I<path> to the shared object containing the
plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is
relative to the $prefix/libexec directory where the prefix is
specified at build time (/usr/local by default).
relative to the F<@prefix@/libexec> directory. Any additional parameters
after the I<path> are ignored.
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
@@ -53,14 +53,15 @@ from composite policies, only a single policy plugin may be specified.
This limitation does not apply to I/O plugins.
#
# Default /etc/sudo.conf file
# Default @sysconfdir@/sudo.conf file
#
# Format:
# Plugin plugin_name plugin_path
#
# The plugin_path relative to prefix/libexec unless fully qualified
# The plugin_path is relative to @prefix@/libexec unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface.
# that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
@@ -70,7 +71,7 @@ This limitation does not apply to I/O plugins.
A policy plugin must declare and populate a C<policy_plugin> struct
in the global scope. This structure contains pointers to the functions
that implement the B<sudo> policy checks. The name of the symbol should
be specified in F</etc/sudo.conf> along with a path to the plugin
be specified in F<@sysconfdir@/sudo.conf> along with a path to the plugin
so that B<sudo> can load it.
struct policy_plugin {