isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,756 Commits 1 Branch 0 Tags
00f663d54d357fae09b6579d5fd916a192de17d2
Commit Graph

99 Commits

Author SHA1 Message Date
Todd C. Miller
00f663d54d Document that a leading ':' is skipped when checking TZ for a 
fully-qualified path name.
 2015-02-10 09:37:10 -07:00
Todd C. Miller
9669abdafd Typo. 2015-02-09 16:21:52 -07:00
Todd C. Miller
0414ea4579 Fix typos. 2015-02-09 11:39:28 -07:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an 
authentication failure.
 2015-02-02 15:01:06 -07:00
Todd C. Miller
721cab85e7 Fix typo. 2015-01-21 08:51:41 -07:00
Todd C. Miller
b1dc5c54d8 Remove the extra /sudo in sudo.ws urls 2014-12-04 17:00:38 -07:00
Todd C. Miller
9d3fe082fc Reference bugzilla.sudo.ws 2014-11-27 09:51:06 -07:00
Todd C. Miller
4d04c5644b No need to keep specifying ".Nm foo" since the Nm macro remembers 
the argument it was first called with and uses it if none is
specified.  Also fix a few minor formatting errors and
regen bulleted lists in the .man.in files.
 2014-11-11 15:29:19 -07:00
Todd C. Miller
e71c646c9a regen 2014-11-11 13:56:01 -07:00
Todd C. Miller
8f1fb89d53 The older style bash function exporting is not used by post-shellshock 
versions of bash.
 2014-10-10 14:04:10 -06:00
Todd C. Miller
2d22d0dca8 Document the interaction between sudoers environment handling and 
the pam_env module.
 2014-08-11 11:23:16 -06:00
Todd C. Miller
df0fd41530 Add explicit support for matching the full environment string 
(name=value).  Bash functions may now be preserved for full matches,
but not for name-only matches.
 2014-08-06 16:45:57 -06:00
Todd C. Miller
a1da1d1e4c "an EXEC tag" not "a EXEC tag" 2014-07-16 15:44:21 -06:00
Todd C. Miller
64005c2e0b Document that exec_background is off by default. 2014-07-16 15:25:41 -06:00
Todd C. Miller
81a989fd19 Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 2014-07-11 11:02:05 -06:00
Todd C. Miller
d6397e27cf Move zerowidth space in :alpha: after the colon for consistency. 2014-02-15 15:45:25 -07:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
ed029f9a69 Add "see below" to reference "Secure editing" section in "Preventing 
shell escapes".
 2014-01-02 10:40:03 -07:00
Todd C. Miller
9bbf4c7285 Add initial "Secure editing" section. 2014-01-01 07:07:37 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
92a3e13e6c Try to improve the PAGERS noexec example a bit. 2013-08-31 06:11:25 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
ba615bd58f fix "the the" 2013-07-16 16:18:14 -06:00
Todd C. Miller
bf9d823c27 Fix formatting typo; from Eric S. Raymond 2013-06-18 06:39:02 -04:00
Todd C. Miller
874d84f263 Mention what SHA-2 formats are supported. 2013-04-30 11:44:01 -04:00
Todd C. Miller
7c9aaa2f2f Document that sudoers will re-use existing I/O log paths unless 
they are mktemp-style with trailing X's.
 2013-04-25 15:11:06 -04:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
ed6d6963de Document digest support. 2013-04-17 15:42:28 -04:00
Todd C. Miller
7d3ce01a05 Document group_file and system_group plugins. 2013-03-05 16:38:35 -05:00
Todd C. Miller
8397297de5 Try to clarify that sudoedit in sudoers should not include a 
leading pathname.
 2013-03-05 15:06:00 -05:00
Todd C. Miller
59692ad282 Add pam_session sudoers option. 2013-02-24 06:15:37 -05:00
Todd C. Miller
05e53aea0f Use the correct the sudoers policy symbol names and undo an editor 
goof committed when adding max_groups to sudo.conf.
 2013-02-20 13:54:31 -05:00
Todd C. Miller
e07280eeeb Rename sample_group plugin to group_file. 
Install group_file and system_group plugins by default.
 2013-02-18 15:32:36 -05:00
Todd C. Miller
b9159ecb26 Add maxseq sudoers option to limit the max number of I/O log files. 2013-02-18 15:06:23 -05:00
Todd C. Miller
14bf23c4a2 Remove duplicated sudo.conf info in the sudo, sudoers and sudo_plugin 
manuals and cross-reference the new sudo.conf manual.
 2013-02-05 16:12:39 -05:00
Todd C. Miller
0bd79612b1 Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. 2013-02-05 10:56:58 -05:00
Todd C. Miller
9ed1f0287e Mention that exec_background is for 1.8.7 and higher only. 2013-01-27 13:43:02 -05:00
Todd C. Miller
9479bb623b Add exec_background option in plugin command info and a sudoers 
option to match.  When set, commands are started in the background
and automatically foregrounded as needed.  There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
 2013-01-11 14:34:09 -05:00
Todd C. Miller
3442a0aeae Use a list for the possible values of Tag_Spec with a minimal indent 
to improve readability.  In the pod version, these were =head3.
Also use .St -p1003.1 instead of just POSIX when talking about
glob() and fnmatch().
 2012-10-23 10:21:24 -04:00
Todd C. Miller
05896f9cfc Mention how !foo is not the same as ALL,!foo 2012-09-26 14:55:18 -04:00
Todd C. Miller
3c34c0a4b8 Document non-Unix group support in LDAP sudoers. 2012-09-15 14:00:30 -04:00