208 lines
8.4 KiB
Plaintext
208 lines
8.4 KiB
Plaintext
The following options may be used to configure sudo 1.3.6
|
|
|
|
FQDN
|
|
Define this if you want to put fully qualified hostnames in the sudoers
|
|
file. Ie: instead of myhost you would use myhost.mydomain.edu.
|
|
Beware that turning FQDN on requires sudo to make DNS lookups which
|
|
may make sudo unusable if your DNS is totally hosed.
|
|
Also note that you must use the host's official name as DNS knows it.
|
|
That is, you may not use a host alias (CNAME entry) due to performance
|
|
issues and the fact that there is no way to get all aliases from DNS.
|
|
This is off by default.
|
|
|
|
LOGGING
|
|
How you want to do your logging. Your choices are SLOG_SYSLOG, SLOG_FILE,
|
|
or SLOG_BOTH. Setting this to SYSLOG is nice because you can keep all
|
|
your sudo logs in one place. If you don't have syslog or if your syslog
|
|
is of an ancient vintage (4.2BSD, SunOS 3.x and all versions of Ultrix)
|
|
you should probably use FILE logging (the pathname for the log file is
|
|
in pathnames.h). If you are really serious about security you may want
|
|
to set LOGGING to SLOG_BOTH (to keep people from killing your syslog with
|
|
a denial of service attack while they do something nasty).
|
|
The default is to use SLOG_SYSLOG.
|
|
|
|
LOGFAC
|
|
What syslog facility to log to. This requires a 4.3BSD or later
|
|
version of syslog. You can still set this for ancient syslogs
|
|
but it will have no effect.
|
|
The default is to use LOG_LOCAL2 but you may want to use LOG_AUTH.
|
|
|
|
MAXLOGFILELEN
|
|
Number of characters per line for the file log. This is only
|
|
used if you are LOGGING to FILE or BOTH. MAXLOGFILELEN is used to
|
|
decide when to wrap lines for nicer log files. You can set it to MAXLOGLEN
|
|
if you don't want any word wrapping in your log files.
|
|
The default is 80.
|
|
|
|
NO_ROOT_SUDO
|
|
Don't let root run sudo. This is historical from when doing "sudo sudo"
|
|
would give you a root shell. You probably don't want to define this.
|
|
This is off by default.
|
|
|
|
ALERTMAIL
|
|
User that mail from sudo is sent to. This should go to a sysadmin
|
|
at your site.
|
|
The default is "root".
|
|
|
|
SEND_MAIL_WHEN_NO_USER
|
|
Send mail to ALERMAIL if the user invoking sudo is not in the sudoers file.
|
|
You probably want this on so you can yell at people trying to use sudo
|
|
when they are not allowed to.
|
|
This is on by default.
|
|
|
|
SEND_MAIL_WHEN_NOT_OK
|
|
Send mail to ALERMAIL if the user is allowed to use sudo but the
|
|
command they are trying is not listed in their sudoers file entry.
|
|
This is off by default.
|
|
|
|
EXEMPTGROUP
|
|
If this is defined then users in the group defined by EXEMPTGROUP
|
|
don't need to enter a password when running sudo. This may be useful
|
|
for sites that don't want their "core" sysadmins to have to enter
|
|
a password but where Jr. sysadmins need to.
|
|
This is off by default.
|
|
|
|
ENV_EDITOR
|
|
Makes visudo consult the EDITOR and VISUAL environmental variables
|
|
before falling back on the default editor. Note that this may create
|
|
a security hole as most editors allow a user to get a shell (which would
|
|
be a root shell and hence, no logging).
|
|
This is off by default.
|
|
|
|
SHORT_MESSAGE
|
|
Omits the copyright message from the "lecture" one gets when running
|
|
sudo for the first time on a machine.
|
|
This is on by default.
|
|
|
|
TIMEOUT
|
|
Number of minutes that can elapse before sudo will ask for a passwd again.
|
|
The default is 5, set this to 0 to always prompt for a password.
|
|
|
|
PASSWORD_TIMEOUT
|
|
Number of minutes before the sudo password prompt times out.
|
|
The default is 5.
|
|
|
|
TRIES_FOR_PASSWORD
|
|
Number of tries a user gets to enter his/her password before sudo
|
|
logs the failure and exits.
|
|
The default is 3.
|
|
|
|
USE_INSULTS
|
|
Define this if you want to be insulted for typing an incorrect password
|
|
just like the original sudo(8).
|
|
This is off by default.
|
|
|
|
CLASSIC_INSULTS
|
|
Uses insults from sudo "classic." If you just define USE_INSULTS
|
|
you will get the classic insults.
|
|
This is on by default if USE_INSULTS is defined.
|
|
|
|
HAL_INSULTS
|
|
Uses 2001-like insults when an incorrect password is entered. You must
|
|
define USE_INSULTS as well for this to have any effect.
|
|
This is off by default.
|
|
|
|
GOONS_INSULTS
|
|
Insults the user with lines from the "Goon Show" when an incorrect
|
|
password is entered. You must define USE_INSULTS as well for this
|
|
to have any effect.
|
|
This is off by default.
|
|
|
|
CSOPS_INSULTS
|
|
Insults the user with an extra set of insults (some quotes, some original)
|
|
from a sysadmin group at CU (CSOps). You must define USE_INSULTS as well
|
|
for this to have any effect.
|
|
This is off by default.
|
|
|
|
EDITOR
|
|
This is the default editor used by visudo (and the only editor used unless
|
|
ENV_EDITOR is defined).
|
|
The default is _PATH_VI (where vi lives).
|
|
|
|
MAILER
|
|
Mailer used to send mail when someone tries to sudo and access is denied.
|
|
As such, this should not be /usr/ucb/Mail or mailx. Sudo is setup to
|
|
use sendmail, but it should be possible to use smail as well.
|
|
The default is _PATH_SENDMAIL (where sendmail lives).
|
|
|
|
UMASK
|
|
Umask to use when running the root command. If you do not define this
|
|
sudo will preserve the umask of the user invoking sudo.
|
|
The default is 0022.
|
|
|
|
INCORRECT_PASSWORD
|
|
Message that is displayed if a user enters an incorrect password.
|
|
The default is "Sorry, try again."
|
|
|
|
MAILSUBJECT
|
|
Subject of the mail sent to the ALERTMAIL user.
|
|
Default is "*** SECURITY information ***".
|
|
|
|
PASSPROMPT
|
|
Default prompt to use when asking for a password. Can be overridden
|
|
via the -p option. Default is "Password:".
|
|
|
|
SECURE_PATH
|
|
Path used for every command run from sudo(8). If you don't trust
|
|
the people running sudo to have a sane PATH environmental variable
|
|
you may want to define SECURE_PATH. Another use is if you want to
|
|
have the "root path" be separate from the "user path." You will
|
|
need to customize the path for your site.
|
|
NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP.
|
|
This is off by default.
|
|
|
|
USE_EXECV
|
|
Use execv() to exec the command instead of execvp(). I can't think of
|
|
a reason to actually do this since execvp() is passed a fully qualified
|
|
pathname but someone might thoroughly distrust execvp(). Note that if
|
|
you define this you lose the ability to exec scripts that are missing the
|
|
'#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
|
|
This is off by default.
|
|
|
|
SHELL_IF_NO_ARGS
|
|
If sudo is invoked with no arguments it acts as if the "-s" flag
|
|
had been given. Namely, it runs a shell as root (the shell is
|
|
determined by the SHELL envariable, falling back on the shell listed
|
|
in the invoking user's /etc/passwd entry).
|
|
This is off by default.
|
|
|
|
USE_TTY_TICKETS
|
|
This makes sudo use a different ticket file for each tty (per user).
|
|
Ie: instead of the ticket file being "username" it is "username.tty".
|
|
This offers increased security in an open lab or with "shared"
|
|
accounts like "operator." Note that this means that there will
|
|
be more files in the timestamp dir. This is not a problem is your
|
|
system has a cron job to remove of files from /tmp (or wherever
|
|
you specified the timestamp dir to be).
|
|
This feature is off by default.
|
|
|
|
FAST_MATCH
|
|
When matching a given command to a path listed in the sudoers file,
|
|
only check the inodes for a match if the basenames match.
|
|
If you want links to a command to be allowed then you should turn
|
|
this off, but it will make things take a little longer.
|
|
This is on by default.
|
|
|
|
SKEY_ONLY
|
|
When validating the user, only allow an s/key passkey. Do not
|
|
compare against the passwd file or use any other authentication
|
|
scheme. This is only useful if you want to force people to
|
|
use s/key.
|
|
This feature is off by default.
|
|
|
|
LONG_SKEY_PROMPT
|
|
When validating with s/key a two-line prompt is used to make
|
|
it easier to cut and paste the s/key challenge to a local
|
|
window. It's not as pretty as the default but some people
|
|
find it more convenient.
|
|
This feature is off by default.
|
|
|
|
SUDOERS_OWNER
|
|
Who should own the sudoers file. This must be a username, *not* a uid.
|
|
This is useful if you want to make the sudoers file NFS-mounted
|
|
but don't want to let the clients mount the filesystem with
|
|
root proviledges. A good choice for SUDOERS_OWNER in this case is
|
|
"daemon", a bad choice would be nobody. Note that this is usually
|
|
set in the Makefile.
|
|
The default is "root" (remember the quotes).
|