reordered
This commit is contained in:
Todd C. Miller
38
OPTIONS
38
OPTIONS
@@ -31,21 +31,14 @@ MAXLOGFILELEN
|
|||||||
if you don't want any word wrapping in your log files.
|
if you don't want any word wrapping in your log files.
|
||||||
The default is 80.
|
The default is 80.
|
||||||
|
|
||||||
NO_ROOT_SUDO
|
|
||||||
Don't let root run sudo. This is historical from when doing "sudo sudo"
|
|
||||||
would give you a root shell. You probably don't want to define this.
|
|
||||||
This is off by default.
|
|
||||||
|
|
||||||
SUDOERS_OWNER
|
SUDOERS_OWNER
|
||||||
Who should own the sudoers file. This must be a username, *not* a uid.
|
Who should own the sudoers file. This must be a username, *not* a uid.
|
||||||
The default is "root" (remember the quotes).
|
The default is "root" (remember the quotes).
|
||||||
|
|
||||||
EXEMPTGROUP
|
NO_ROOT_SUDO
|
||||||
If this is defined then the gid EXEMPTGROUP is set to doesn't need
|
Don't let root run sudo. This is historical from when doing "sudo sudo"
|
||||||
to enter a password when running sudo. This may be useful for sites
|
would give you a root shell. You probably don't want to define this.
|
||||||
that don't want their "core" sysadmins to have to enter a password
|
This is off by default.
|
||||||
but where Jr. sysadmins need to.
|
|
||||||
This is of by default.
|
|
||||||
|
|
||||||
ALERTMAIL
|
ALERTMAIL
|
||||||
User that mail from sudo is sent to. This should go to a sysadmin
|
User that mail from sudo is sent to. This should go to a sysadmin
|
||||||
@@ -63,6 +56,13 @@ SEND_MAIL_WHEN_NOT_OK
|
|||||||
command they are trying is not listed in their sudoers file entry.
|
command they are trying is not listed in their sudoers file entry.
|
||||||
This is off by default.
|
This is off by default.
|
||||||
|
|
||||||
|
EXEMPTGROUP
|
||||||
|
If this is defined then the gid EXEMPTGROUP is set to doesn't need
|
||||||
|
to enter a password when running sudo. This may be useful for sites
|
||||||
|
that don't want their "core" sysadmins to have to enter a password
|
||||||
|
but where Jr. sysadmins need to.
|
||||||
|
This is of by default.
|
||||||
|
|
||||||
ENV_EDITOR
|
ENV_EDITOR
|
||||||
Makes visudo consult the EDITOR and VISUAL environmental variables
|
Makes visudo consult the EDITOR and VISUAL environmental variables
|
||||||
before falling back on the default editor. Note that this may create
|
before falling back on the default editor. Note that this may create
|
||||||
@@ -98,14 +98,6 @@ HAL
|
|||||||
define USE_INSULTS as well for this to have any effect.
|
define USE_INSULTS as well for this to have any effect.
|
||||||
This is off by default.
|
This is off by default.
|
||||||
|
|
||||||
USE_EXECV
|
|
||||||
Use execv() to exec the command instead of execvp(). I can't think of
|
|
||||||
a reason to actually do this since execvp() is passed a fully qualified
|
|
||||||
pathname but someone might thoroughly distrust execvp(). Note that if
|
|
||||||
you define this you lose the ability to exec scripts that are missing the
|
|
||||||
'#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
|
|
||||||
This is off by default.
|
|
||||||
|
|
||||||
EDITOR
|
EDITOR
|
||||||
This is the default editor used by visudo (and the only editor used unless
|
This is the default editor used by visudo (and the only editor used unless
|
||||||
ENV_EDITOR is defined).
|
ENV_EDITOR is defined).
|
||||||
@@ -135,3 +127,11 @@ SECURE_PATH
|
|||||||
the people running sudo to have a sane PATH environmental variable
|
the people running sudo to have a sane PATH environmental variable
|
||||||
you may want to define SECURE_PATH.
|
you may want to define SECURE_PATH.
|
||||||
This is turned off by default.
|
This is turned off by default.
|
||||||
|
|
||||||
|
USE_EXECV
|
||||||
|
Use execv() to exec the command instead of execvp(). I can't think of
|
||||||
|
a reason to actually do this since execvp() is passed a fully qualified
|
||||||
|
pathname but someone might thoroughly distrust execvp(). Note that if
|
||||||
|
you define this you lose the ability to exec scripts that are missing the
|
||||||
|
'#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
|
||||||
|
This is off by default.
|
||||||
|
|||||||
@@ -33,12 +33,12 @@
|
|||||||
#define LOGGING SLOG_SYSLOG /* log via SLOG_SYSLOG, SLOG_FILE, SLOG_BOTH */
|
#define LOGGING SLOG_SYSLOG /* log via SLOG_SYSLOG, SLOG_FILE, SLOG_BOTH */
|
||||||
#define LOGFAC LOG_LOCAL2 /* syslog facility for sudo to use */
|
#define LOGFAC LOG_LOCAL2 /* syslog facility for sudo to use */
|
||||||
#define MAXLOGFILELEN 80 /* max chars per log line (for line wrapping) */
|
#define MAXLOGFILELEN 80 /* max chars per log line (for line wrapping) */
|
||||||
/*#define NO_ROOT_SUDO /* root is not allowed to use sudo */
|
|
||||||
#define SUDOERS_OWNER "root" /* sudoers file owner (usually root) */
|
#define SUDOERS_OWNER "root" /* sudoers file owner (usually root) */
|
||||||
/*#define EXEMPTGROUP 100 /* no passwd needed for users in this group */
|
/*#define NO_ROOT_SUDO /* root is not allowed to use sudo */
|
||||||
#define ALERTMAIL "root" /* user that gets sudo mail */
|
#define ALERTMAIL "root" /* user that gets sudo mail */
|
||||||
#define SEND_MAIL_WHEN_NO_USER /* send mail when user not in sudoers file */
|
#define SEND_MAIL_WHEN_NO_USER /* send mail when user not in sudoers file */
|
||||||
/*#define SEND_MAIL_WHEN_NOT_OK /* send mail if no permissions to run command */
|
/*#define SEND_MAIL_WHEN_NOT_OK /* send mail if no permissions to run command */
|
||||||
|
/*#define EXEMPTGROUP 100 /* no passwd needed for users in this group */
|
||||||
/*#define ENV_EDITOR /* visudo honors EDITOR and VISUAL envars */
|
/*#define ENV_EDITOR /* visudo honors EDITOR and VISUAL envars */
|
||||||
#define SHORT_MESSAGE /* short sudo message, no copyright printed */
|
#define SHORT_MESSAGE /* short sudo message, no copyright printed */
|
||||||
#define TIMEOUT 5 /* minutes before sudo asks for passwd again */
|
#define TIMEOUT 5 /* minutes before sudo asks for passwd again */
|
||||||
@@ -46,13 +46,13 @@
|
|||||||
#define TRIES_FOR_PASSWORD 3 /* number of tries to enter passwd correctly */
|
#define TRIES_FOR_PASSWORD 3 /* number of tries to enter passwd correctly */
|
||||||
/*#define USE_INSULTS /* insult the user for incorrect passwords */
|
/*#define USE_INSULTS /* insult the user for incorrect passwords */
|
||||||
/*#define HAL /* 2001-like insults--must define USE_INSULTS */
|
/*#define HAL /* 2001-like insults--must define USE_INSULTS */
|
||||||
/*#define USE_EXECV /* use execv() instead of execvp() */
|
|
||||||
#define EDITOR _PATH_VI /* default editor to use */
|
#define EDITOR _PATH_VI /* default editor to use */
|
||||||
#define MAILER _PATH_SENDMAIL /* what mailer to use */
|
#define MAILER _PATH_SENDMAIL /* what mailer to use */
|
||||||
#define UMASK 0022 /* umask that the root-run prog should use */
|
#define UMASK 0022 /* umask that the root-run prog should use */
|
||||||
#define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */
|
#define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */
|
||||||
#define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */
|
#define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */
|
||||||
/*#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */
|
/*#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */
|
||||||
|
/*#define USE_EXECV /* use execv() instead of execvp() */
|
||||||
|
|
||||||
/********** You probably don't want to modify anything below here ***********/
|
/********** You probably don't want to modify anything below here ***********/
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user