reordered
This commit is contained in:
Todd C. Miller
38
OPTIONS
38
OPTIONS
@@ -31,21 +31,14 @@ MAXLOGFILELEN
|
||||
if you don't want any word wrapping in your log files.
|
||||
The default is 80.
|
||||
|
||||
NO_ROOT_SUDO
|
||||
Don't let root run sudo. This is historical from when doing "sudo sudo"
|
||||
would give you a root shell. You probably don't want to define this.
|
||||
This is off by default.
|
||||
|
||||
SUDOERS_OWNER
|
||||
Who should own the sudoers file. This must be a username, *not* a uid.
|
||||
The default is "root" (remember the quotes).
|
||||
|
||||
EXEMPTGROUP
|
||||
If this is defined then the gid EXEMPTGROUP is set to doesn't need
|
||||
to enter a password when running sudo. This may be useful for sites
|
||||
that don't want their "core" sysadmins to have to enter a password
|
||||
but where Jr. sysadmins need to.
|
||||
This is of by default.
|
||||
NO_ROOT_SUDO
|
||||
Don't let root run sudo. This is historical from when doing "sudo sudo"
|
||||
would give you a root shell. You probably don't want to define this.
|
||||
This is off by default.
|
||||
|
||||
ALERTMAIL
|
||||
User that mail from sudo is sent to. This should go to a sysadmin
|
||||
@@ -63,6 +56,13 @@ SEND_MAIL_WHEN_NOT_OK
|
||||
command they are trying is not listed in their sudoers file entry.
|
||||
This is off by default.
|
||||
|
||||
EXEMPTGROUP
|
||||
If this is defined then the gid EXEMPTGROUP is set to doesn't need
|
||||
to enter a password when running sudo. This may be useful for sites
|
||||
that don't want their "core" sysadmins to have to enter a password
|
||||
but where Jr. sysadmins need to.
|
||||
This is of by default.
|
||||
|
||||
ENV_EDITOR
|
||||
Makes visudo consult the EDITOR and VISUAL environmental variables
|
||||
before falling back on the default editor. Note that this may create
|
||||
@@ -98,14 +98,6 @@ HAL
|
||||
define USE_INSULTS as well for this to have any effect.
|
||||
This is off by default.
|
||||
|
||||
USE_EXECV
|
||||
Use execv() to exec the command instead of execvp(). I can't think of
|
||||
a reason to actually do this since execvp() is passed a fully qualified
|
||||
pathname but someone might thoroughly distrust execvp(). Note that if
|
||||
you define this you lose the ability to exec scripts that are missing the
|
||||
'#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
|
||||
This is off by default.
|
||||
|
||||
EDITOR
|
||||
This is the default editor used by visudo (and the only editor used unless
|
||||
ENV_EDITOR is defined).
|
||||
@@ -135,3 +127,11 @@ SECURE_PATH
|
||||
the people running sudo to have a sane PATH environmental variable
|
||||
you may want to define SECURE_PATH.
|
||||
This is turned off by default.
|
||||
|
||||
USE_EXECV
|
||||
Use execv() to exec the command instead of execvp(). I can't think of
|
||||
a reason to actually do this since execvp() is passed a fully qualified
|
||||
pathname but someone might thoroughly distrust execvp(). Note that if
|
||||
you define this you lose the ability to exec scripts that are missing the
|
||||
'#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
|
||||
This is off by default.
|
||||
|
||||
@@ -33,12 +33,12 @@
|
||||
#define LOGGING SLOG_SYSLOG /* log via SLOG_SYSLOG, SLOG_FILE, SLOG_BOTH */
|
||||
#define LOGFAC LOG_LOCAL2 /* syslog facility for sudo to use */
|
||||
#define MAXLOGFILELEN 80 /* max chars per log line (for line wrapping) */
|
||||
/*#define NO_ROOT_SUDO /* root is not allowed to use sudo */
|
||||
#define SUDOERS_OWNER "root" /* sudoers file owner (usually root) */
|
||||
/*#define EXEMPTGROUP 100 /* no passwd needed for users in this group */
|
||||
/*#define NO_ROOT_SUDO /* root is not allowed to use sudo */
|
||||
#define ALERTMAIL "root" /* user that gets sudo mail */
|
||||
#define SEND_MAIL_WHEN_NO_USER /* send mail when user not in sudoers file */
|
||||
/*#define SEND_MAIL_WHEN_NOT_OK /* send mail if no permissions to run command */
|
||||
/*#define EXEMPTGROUP 100 /* no passwd needed for users in this group */
|
||||
/*#define ENV_EDITOR /* visudo honors EDITOR and VISUAL envars */
|
||||
#define SHORT_MESSAGE /* short sudo message, no copyright printed */
|
||||
#define TIMEOUT 5 /* minutes before sudo asks for passwd again */
|
||||
@@ -46,13 +46,13 @@
|
||||
#define TRIES_FOR_PASSWORD 3 /* number of tries to enter passwd correctly */
|
||||
/*#define USE_INSULTS /* insult the user for incorrect passwords */
|
||||
/*#define HAL /* 2001-like insults--must define USE_INSULTS */
|
||||
/*#define USE_EXECV /* use execv() instead of execvp() */
|
||||
#define EDITOR _PATH_VI /* default editor to use */
|
||||
#define MAILER _PATH_SENDMAIL /* what mailer to use */
|
||||
#define UMASK 0022 /* umask that the root-run prog should use */
|
||||
#define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */
|
||||
#define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */
|
||||
/*#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */
|
||||
/*#define USE_EXECV /* use execv() instead of execvp() */
|
||||
|
||||
/********** You probably don't want to modify anything below here ***********/
|
||||
|
||||
|
||||
Reference in New Issue
Block a user