isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,070 Commits 1 Branch 0 Tags
824021b51b6400762492c9e21086e4f76a27e53a
Commit Graph

117 Commits

Author SHA1 Message Date
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
c45559e6c8 Properly escape the backslash before a comma in an example so the 
example rule is parsable by visudo.
 2015-09-09 14:33:01 -06:00
Todd C. Miller
f1053af3b5 Emphasis on the never. 2015-08-07 17:05:50 -06:00
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
796911b3fa Emphasize that wildcards are not regexps. Bug #692 2015-08-07 12:37:15 -06:00
Todd C. Miller
329a8dee8a Emphasize that wildcards in command line arguments are dangerous. 
Document the failings of the passwd example on GNU systems.
Bug #691
 2015-08-07 12:21:37 -06:00
Todd C. Miller
dc5ccf4736 Escape the colons in [[:alpha:]] as required by sudoers. 2015-08-07 12:00:12 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
e0969c162e maxseq is an int not a string 2015-08-04 11:28:43 -06:00
Todd C. Miller
5125f82c4e Document that the values printed by "sudo -V" are affected by 
Defaults settings in sudoers.
 2015-07-13 12:58:25 -06:00
Todd C. Miller
42666204e2 Attempt to clarify the conditions under which MAIL and HOME are 
set to the target user.
 2015-07-10 10:02:38 -06:00
Todd C. Miller
c525c5ca7a regen 2015-05-11 16:52:58 -06:00
Todd C. Miller
cd669526e5 Fix "mandoc -Tlint" warnings. 
Sync AUTHORS section in man pages.
Regenerate all man pages.
 2015-03-22 13:09:26 -06:00
Todd C. Miller
f95d762586 Document that Aliases may not be redefined and that "sudo -f /etc/sudo.d/foo" 
will not catch the redefinition.
 2015-02-26 16:54:14 -07:00
Todd C. Miller
615aee9d1e Sort tags lexically in the sudoers manual 2015-02-19 10:13:25 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
53ac30b63a Add mail_all_cmnds to always mail when a user runs a command (or 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
 2015-02-15 20:30:11 -07:00
Todd C. Miller
915e08eecc Minor change in description of TZ path handling. 2015-02-10 13:39:03 -07:00
Todd C. Miller
00f663d54d Document that a leading ':' is skipped when checking TZ for a 
fully-qualified path name.
 2015-02-10 09:37:10 -07:00
Todd C. Miller
9669abdafd Typo. 2015-02-09 16:21:52 -07:00
Todd C. Miller
0414ea4579 Fix typos. 2015-02-09 11:39:28 -07:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an 
authentication failure.
 2015-02-02 15:01:06 -07:00
Todd C. Miller
721cab85e7 Fix typo. 2015-01-21 08:51:41 -07:00
Todd C. Miller
b1dc5c54d8 Remove the extra /sudo in sudo.ws urls 2014-12-04 17:00:38 -07:00
Todd C. Miller
9d3fe082fc Reference bugzilla.sudo.ws 2014-11-27 09:51:06 -07:00
Todd C. Miller
4d04c5644b No need to keep specifying ".Nm foo" since the Nm macro remembers 
the argument it was first called with and uses it if none is
specified.  Also fix a few minor formatting errors and
regen bulleted lists in the .man.in files.
 2014-11-11 15:29:19 -07:00
Todd C. Miller
e71c646c9a regen 2014-11-11 13:56:01 -07:00
Todd C. Miller
8f1fb89d53 The older style bash function exporting is not used by post-shellshock 
versions of bash.
 2014-10-10 14:04:10 -06:00
Todd C. Miller
2d22d0dca8 Document the interaction between sudoers environment handling and 
the pam_env module.
 2014-08-11 11:23:16 -06:00
Todd C. Miller
df0fd41530 Add explicit support for matching the full environment string 
(name=value).  Bash functions may now be preserved for full matches,
but not for name-only matches.
 2014-08-06 16:45:57 -06:00
Todd C. Miller
a1da1d1e4c "an EXEC tag" not "a EXEC tag" 2014-07-16 15:44:21 -06:00
Todd C. Miller
64005c2e0b Document that exec_background is off by default. 2014-07-16 15:25:41 -06:00
Todd C. Miller
81a989fd19 Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 2014-07-11 11:02:05 -06:00
Todd C. Miller
d6397e27cf Move zerowidth space in :alpha: after the colon for consistency. 2014-02-15 15:45:25 -07:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
ed029f9a69 Add "see below" to reference "Secure editing" section in "Preventing 
shell escapes".
 2014-01-02 10:40:03 -07:00
Todd C. Miller
9bbf4c7285 Add initial "Secure editing" section. 2014-01-01 07:07:37 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
92a3e13e6c Try to improve the PAGERS noexec example a bit. 2013-08-31 06:11:25 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
ba615bd58f fix "the the" 2013-07-16 16:18:14 -06:00