isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,549 Commits 1 Branch 0 Tags
e20475922d581b75f9dd62ae76ca1496687f7db5
Commit Graph

54 Commits

Author SHA1 Message Date
Todd C. Miller
2d22d0dca8 Document the interaction between sudoers environment handling and 
the pam_env module.
 2014-08-11 11:23:16 -06:00
Todd C. Miller
df0fd41530 Add explicit support for matching the full environment string 
(name=value).  Bash functions may now be preserved for full matches,
but not for name-only matches.
 2014-08-06 16:45:57 -06:00
Todd C. Miller
a1da1d1e4c "an EXEC tag" not "a EXEC tag" 2014-07-16 15:44:21 -06:00
Todd C. Miller
64005c2e0b Document that exec_background is off by default. 2014-07-16 15:25:41 -06:00
Todd C. Miller
81a989fd19 Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 2014-07-11 11:02:05 -06:00
Todd C. Miller
f909c0d132 Remove some extraneous markup; from Ingo Schwarze 
* No need to explicitly end a macro with No before |
   because | counts as middle punctuation
   and falls out of the macro, anyway.
 * No need to explicitly re-open in-line macros after |
   because | counts as middle punctuation
   and the macros resume afterwards, anyway.
 * Simplify the mnemonic remarks regarding the option letters,
   no need for manual font and spacing control with No and Ns.
 * Trim Ns No to just Ns, it already implies No.
 2014-02-15 16:04:07 -07:00
Todd C. Miller
d6397e27cf Move zerowidth space in :alpha: after the colon for consistency. 2014-02-15 15:45:25 -07:00
Todd C. Miller
94d4482238 Properly escape the : in :alpha: 2014-02-15 15:17:37 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
ed029f9a69 Add "see below" to reference "Secure editing" section in "Preventing 
shell escapes".
 2014-01-02 10:40:03 -07:00
Todd C. Miller
9bbf4c7285 Add initial "Secure editing" section. 2014-01-01 07:07:37 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
a69ed4a2d5 Fix typo. 2013-11-07 14:46:28 -07:00
Todd C. Miller
92a3e13e6c Try to improve the PAGERS noexec example a bit. 2013-08-31 06:11:25 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
ba615bd58f fix "the the" 2013-07-16 16:18:14 -06:00
Todd C. Miller
bf9d823c27 Fix formatting typo; from Eric S. Raymond 2013-06-18 06:39:02 -04:00
Todd C. Miller
874d84f263 Mention what SHA-2 formats are supported. 2013-04-30 11:44:01 -04:00
Todd C. Miller
7c9aaa2f2f Document that sudoers will re-use existing I/O log paths unless 
they are mktemp-style with trailing X's.
 2013-04-25 15:11:06 -04:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
ed6d6963de Document digest support. 2013-04-17 15:42:28 -04:00
Todd C. Miller
7d3ce01a05 Document group_file and system_group plugins. 2013-03-05 16:38:35 -05:00
Todd C. Miller
8397297de5 Try to clarify that sudoedit in sudoers should not include a 
leading pathname.
 2013-03-05 15:06:00 -05:00
Todd C. Miller
59692ad282 Add pam_session sudoers option. 2013-02-24 06:15:37 -05:00
Todd C. Miller
05e53aea0f Use the correct the sudoers policy symbol names and undo an editor 
goof committed when adding max_groups to sudo.conf.
 2013-02-20 13:54:31 -05:00
Todd C. Miller
e07280eeeb Rename sample_group plugin to group_file. 
Install group_file and system_group plugins by default.
 2013-02-18 15:32:36 -05:00
Todd C. Miller
b9159ecb26 Add maxseq sudoers option to limit the max number of I/O log files. 2013-02-18 15:06:23 -05:00
Todd C. Miller
14bf23c4a2 Remove duplicated sudo.conf info in the sudo, sudoers and sudo_plugin 
manuals and cross-reference the new sudo.conf manual.
 2013-02-05 16:12:39 -05:00
Todd C. Miller
0bd79612b1 Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. 2013-02-05 10:56:58 -05:00
Todd C. Miller
9ed1f0287e Mention that exec_background is for 1.8.7 and higher only. 2013-01-27 13:43:02 -05:00
Todd C. Miller
9479bb623b Add exec_background option in plugin command info and a sudoers 
option to match.  When set, commands are started in the background
and automatically foregrounded as needed.  There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
 2013-01-11 14:34:09 -05:00
Todd C. Miller
3442a0aeae Use a list for the possible values of Tag_Spec with a minimal indent 
to improve readability.  In the pod version, these were =head3.
Also use .St -p1003.1 instead of just POSIX when talking about
glob() and fnmatch().
 2012-10-23 10:21:24 -04:00
Todd C. Miller
05896f9cfc Mention how !foo is not the same as ALL,!foo 2012-09-26 14:55:18 -04:00
Todd C. Miller
3c34c0a4b8 Document non-Unix group support in LDAP sudoers. 2012-09-15 14:00:30 -04:00
Todd C. Miller
2d3a0d14d3 Make the capitalization consistent for .Ss and .Sx 2012-08-21 15:11:43 -04:00
Todd C. Miller
7afcef8ee8 Cosmetic changes. 2012-08-17 15:58:06 -04:00
Todd C. Miller
82115dfa17 Expand description of fqdn to talk about systems where the hosts 
file is searched before DNS.
 2012-08-16 10:11:04 -04:00
Todd C. Miller
e01886ed2f Fix some typos. 
Describe error messages not related to policy permissions.
 2012-08-14 14:16:49 -04:00
Todd C. Miller
d764db707a Document sudoers log format. 2012-08-13 16:50:31 -04:00
Todd C. Miller
507df9d5c1 Add a note about wildcards matching multiple words and include an 
example.  Also mention that for sudoedit, a wildcard in command
line args does not match a slash.
 2012-08-09 11:36:25 -04:00
Todd C. Miller
61dfad9c52 Expand section on Solaris privileges. 2012-08-02 21:11:25 -04:00
Todd C. Miller
e2d210a340 Add support for parsing an empty Runas_List, which only allows the 
command to be run as the invoking user.  This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
 2012-08-02 14:02:54 -04:00