The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
It is easier to maintain these tests in script form. The output
now more closely matches that of the other tests. The harness
script can be invoked directly and supports running specific tests.
This means we no longer display the lecture unless the user is going
to enter a password. Authentication methods that don't interact
with the user via the terminal don't trigger the lecture.
Previously, the warning was displayed when a user was not in the
sudoers file, or was present but not listed for the local host.
The new behavior is to display the warning if a command is denied
and mail is sent to the administrator. Whether or not mail is sent
is controlled by the "mail_*" flags in sudoers. The warning text
is now "This incident has been reported to the administrator." which
is hopefully less confusing. The message will not be printed if
either the "mailto" or "mailerpath" sudoers settings are disabled.
Having "sudo ALL" permissions in no longer sufficient to be able to
list another user's privileges. The invoking user must now have
"sudo ALL" for root or the target user.
GitHub issue #134
This used to indicate that email had been sent to the administrator
telling them that someone tried to run sudo. Whether or not sudo
sends email is now configurable, so the warning may not be accurate.
It is also confusing to the user since they will not know who the
incident is being reported to. See also https://xkcd.com/838/
This may simply mean that nsswitch.conf lists sss as a sudoers
source but SSSD is not configured for sudo. Otherwise, the user
will receive a useless "problem with defaults entries" when the
sssd backend tries to fetch the global defaults. Bug #1022.
If noninteractive_auth is set, authentication methods that do not
require input from the user's terminal may proceed. It is off by
default, which restores the pre-1.9.9 behavior of "sudo -n".
If the Defaults name matched but the binding does not, we can simply
leave it be. Fixes a problem where given two sudoers sources that
have a host specified, if they contain conflicting Defaults entries
we would drop one of the Defaults instead of keeping both after
making them host-specific.
We convert the global Defaults to a host-based one with a single
"ALL" member. Later, when we simplify the host list, we'll convert
this back to a global Defaults.
