isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,394 Commits 1 Branch 0 Tags
088edcb6f53404bf8eebe0162a69ce5870104ed0
Commit Graph

78 Commits

Author SHA1 Message Date
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
ed029f9a69 Add "see below" to reference "Secure editing" section in "Preventing 
shell escapes".
 2014-01-02 10:40:03 -07:00
Todd C. Miller
9bbf4c7285 Add initial "Secure editing" section. 2014-01-01 07:07:37 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
92a3e13e6c Try to improve the PAGERS noexec example a bit. 2013-08-31 06:11:25 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
ba615bd58f fix "the the" 2013-07-16 16:18:14 -06:00
Todd C. Miller
bf9d823c27 Fix formatting typo; from Eric S. Raymond 2013-06-18 06:39:02 -04:00
Todd C. Miller
874d84f263 Mention what SHA-2 formats are supported. 2013-04-30 11:44:01 -04:00
Todd C. Miller
7c9aaa2f2f Document that sudoers will re-use existing I/O log paths unless 
they are mktemp-style with trailing X's.
 2013-04-25 15:11:06 -04:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
ed6d6963de Document digest support. 2013-04-17 15:42:28 -04:00
Todd C. Miller
7d3ce01a05 Document group_file and system_group plugins. 2013-03-05 16:38:35 -05:00
Todd C. Miller
8397297de5 Try to clarify that sudoedit in sudoers should not include a 
leading pathname.
 2013-03-05 15:06:00 -05:00
Todd C. Miller
59692ad282 Add pam_session sudoers option. 2013-02-24 06:15:37 -05:00
Todd C. Miller
05e53aea0f Use the correct the sudoers policy symbol names and undo an editor 
goof committed when adding max_groups to sudo.conf.
 2013-02-20 13:54:31 -05:00
Todd C. Miller
e07280eeeb Rename sample_group plugin to group_file. 
Install group_file and system_group plugins by default.
 2013-02-18 15:32:36 -05:00
Todd C. Miller
b9159ecb26 Add maxseq sudoers option to limit the max number of I/O log files. 2013-02-18 15:06:23 -05:00
Todd C. Miller
74881843e1 Mention line continuation 2013-02-07 14:08:54 -05:00
Todd C. Miller
14bf23c4a2 Remove duplicated sudo.conf info in the sudo, sudoers and sudo_plugin 
manuals and cross-reference the new sudo.conf manual.
 2013-02-05 16:12:39 -05:00
Todd C. Miller
9ed1f0287e Mention that exec_background is for 1.8.7 and higher only. 2013-01-27 13:43:02 -05:00
Todd C. Miller
9479bb623b Add exec_background option in plugin command info and a sudoers 
option to match.  When set, commands are started in the background
and automatically foregrounded as needed.  There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
 2013-01-11 14:34:09 -05:00
Todd C. Miller
3442a0aeae Use a list for the possible values of Tag_Spec with a minimal indent 
to improve readability.  In the pod version, these were =head3.
Also use .St -p1003.1 instead of just POSIX when talking about
glob() and fnmatch().
 2012-10-23 10:21:24 -04:00
Todd C. Miller
05896f9cfc Mention how !foo is not the same as ALL,!foo 2012-09-26 14:55:18 -04:00
Todd C. Miller
3c34c0a4b8 Document non-Unix group support in LDAP sudoers. 2012-09-15 14:00:30 -04:00
Todd C. Miller
2d3a0d14d3 Make the capitalization consistent for .Ss and .Sx 2012-08-21 15:11:43 -04:00
Todd C. Miller
7afcef8ee8 Cosmetic changes. 2012-08-17 15:58:06 -04:00
Todd C. Miller
82115dfa17 Expand description of fqdn to talk about systems where the hosts 
file is searched before DNS.
 2012-08-16 10:11:04 -04:00
Todd C. Miller
d764db707a Document sudoers log format. 2012-08-13 16:50:31 -04:00
Todd C. Miller
507df9d5c1 Add a note about wildcards matching multiple words and include an 
example.  Also mention that for sudoedit, a wildcard in command
line args does not match a slash.
 2012-08-09 11:36:25 -04:00
Todd C. Miller
61dfad9c52 Expand section on Solaris privileges. 2012-08-02 21:11:25 -04:00
Todd C. Miller
e2d210a340 Add support for parsing an empty Runas_List, which only allows the 
command to be run as the invoking user.  This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
 2012-08-02 14:02:54 -04:00
Todd C. Miller
4abd2a6cf4 Merge in Solaris privilege support by Darren Moffat and John Zolnowsky 2012-07-26 13:49:21 -04:00
Todd C. Miller
90f2cfa589 Build .man.in and .cat files from .mdoc.in files. 
Add new --with-man and --with-mdoc configure options.
 2012-07-19 13:41:14 -04:00
Todd C. Miller
c5b374fac6 More minor costmetic fixes. 2012-07-18 09:16:09 -04:00
Todd C. Miller
6cc8c161a2 Document that other mail_* flags have precedence over mail_badpass. 2012-07-10 14:42:57 -04:00
Todd C. Miller
2e36b1ef2b Regen for sudo 1.8.6 2012-06-29 16:11:27 -04:00
Todd C. Miller
bab4f2ce71 regen 2012-03-28 14:10:18 -04:00
Todd C. Miller
96f046c1ce Rename plugin "args" to "options" 2012-03-15 12:32:31 -04:00
Todd C. Miller
b61c0ab473 regen 2012-03-14 14:20:16 -04:00
Todd C. Miller
74c4252c1b 1.8.0rc1 2011-02-21 13:36:24 -05:00
Todd C. Miller
6983d782c1 regen 2011-02-16 12:22:38 -05:00