summaryrefslogtreecommitdiff
path: root/usr.bin/sudo/def_data.in
blob: 625c1409729d61ebcc34958626899bef7e23ccaf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#
# Format:
#
# var_name
#	TYPE
#	description (or NULL)
#	array of struct def_values if TYPE == T_TUPLE
#
# NOTE: for tuples that can be used in a boolean context the first
#	value corresponds to boolean FALSE and the second to TRUE.
#

syslog
	T_LOGFAC|T_BOOL
	"Syslog facility if syslog is being used for logging: %s"
syslog_goodpri
	T_LOGPRI
	"Syslog priority to use when user authenticates successfully: %s"
syslog_badpri
	T_LOGPRI
	"Syslog priority to use when user authenticates unsuccessfully: %s"
long_otp_prompt
	T_FLAG
	"Put OTP prompt on its own line"
ignore_dot
	T_FLAG
	"Ignore '.' in $PATH"
mail_always
	T_FLAG
	"Always send mail when sudo is run"
mail_badpass
	T_FLAG
	"Send mail if user authentication fails"
mail_no_user
	T_FLAG
	"Send mail if the user is not in sudoers"
mail_no_host
	T_FLAG
	"Send mail if the user is not in sudoers for this host"
mail_no_perms
	T_FLAG
	"Send mail if the user is not allowed to run a command"
tty_tickets
	T_FLAG
	"Use a separate timestamp for each user/tty combo"
lecture
	T_TUPLE|T_BOOL
	"Lecture user the first time they run sudo"
	never once always
lecture_file
	T_STR|T_PATH|T_BOOL
	"File containing the sudo lecture: %s"
authenticate
	T_FLAG
	"Require users to authenticate by default"
root_sudo
	T_FLAG
	"Root may run sudo"
log_host
	T_FLAG
	"Log the hostname in the (non-syslog) log file"
log_year
	T_FLAG
	"Log the year in the (non-syslog) log file"
shell_noargs
	T_FLAG
	"If sudo is invoked with no arguments, start a shell"
set_home
	T_FLAG
	"Set $HOME to the target user when starting a shell with -s"
always_set_home
	T_FLAG
	"Always set $HOME to the target user's home directory"
path_info
	T_FLAG
	"Allow some information gathering to give useful error messages"
fqdn
	T_FLAG
	"Require fully-qualified hostnames in the sudoers file"
insults
	T_FLAG
	"Insult the user when they enter an incorrect password"
requiretty
	T_FLAG
	"Only allow the user to run sudo if they have a tty"
env_editor
	T_FLAG
	"Visudo will honor the EDITOR environment variable"
rootpw
	T_FLAG
	"Prompt for root's password, not the users's"
runaspw
	T_FLAG
	"Prompt for the runas_default user's password, not the users's"
targetpw
	T_FLAG
	"Prompt for the target user's password, not the users's"
use_loginclass
	T_FLAG
	"Apply defaults in the target user's login class if there is one"
set_logname
	T_FLAG
	"Set the LOGNAME and USER environment variables"
stay_setuid
	T_FLAG
	"Only set the effective uid to the target user, not the real uid"
preserve_groups
	T_FLAG
	"Don't initialize the group vector to that of the target user"
loglinelen
	T_UINT|T_BOOL
	"Length at which to wrap log file lines (0 for no wrap): %d"
timestamp_timeout
	T_INT|T_BOOL
	"Authentication timestamp timeout: %d minutes"
passwd_timeout
	T_UINT|T_BOOL
	"Password prompt timeout: %d minutes"
passwd_tries
	T_UINT
	"Number of tries to enter a password: %d"
umask
	T_MODE|T_BOOL
	"Umask to use or 0777 to use user's: 0%o"
logfile
	T_STR|T_BOOL|T_PATH
	"Path to log file: %s"
mailerpath
	T_STR|T_BOOL|T_PATH
	"Path to mail program: %s"
mailerflags
	T_STR|T_BOOL
	"Flags for mail program: %s"
mailto
	T_STR|T_BOOL
	"Address to send mail to: %s"
mailfrom
	T_STR|T_BOOL
	"Address to send mail from: %s"
mailsub
	T_STR
	"Subject line for mail messages: %s"
badpass_message
	T_STR
	"Incorrect password message: %s"
timestampdir
	T_STR|T_PATH
	"Path to authentication timestamp dir: %s"
timestampowner
	T_STR
	"Owner of the authentication timestamp dir: %s"
exempt_group
	T_STR|T_BOOL
	"Users in this group are exempt from password and PATH requirements: %s"
passprompt
	T_STR
	"Default password prompt: %s"
passprompt_override
	T_FLAG
	"If set, passprompt will override system prompt in all cases."
runas_default
	T_STR
	"Default user to run commands as: %s"
secure_path
	T_STR|T_BOOL
	"Value to override user's $PATH with: %s"
editor
	T_STR|T_PATH
	"Path to the editor for use by visudo: %s"
listpw
	T_TUPLE|T_BOOL
	"When to require a password for 'list' pseudocommand: %s"
	never any all always
verifypw
	T_TUPLE|T_BOOL
	"When to require a password for 'verify' pseudocommand: %s"
	never all any always
noexec
	T_FLAG
	"Preload the dummy exec functions contained in 'noexec_file'"
noexec_file
	T_STR|T_PATH
	"File containing dummy exec functions: %s"
ignore_local_sudoers
	T_FLAG
	"If LDAP directory is up, do we ignore local sudoers file"
closefrom
	T_INT
	"File descriptors >= %d will be closed before executing a command"
closefrom_override
	T_FLAG
	"If set, users may override the value of `closefrom' with the -C option"
setenv
	T_FLAG
	"Allow users to set arbitrary environment variables"
env_reset
	T_FLAG
	"Reset the environment to a default set of variables"
env_check
	T_LIST|T_BOOL
	"Environment variables to check for sanity:"
env_delete
	T_LIST|T_BOOL
	"Environment variables to remove:"
env_keep
	T_LIST|T_BOOL
	"Environment variables to preserve:"
role
	T_STR
	"SELinux role to use in the new security context: %s"
type
	T_STR
	"SELinux type to use in the new security context: %s"
askpass
	T_STR|T_PATH|T_BOOL
	"Path to the askpass helper program: %s"
env_file
	T_STR|T_PATH|T_BOOL
	"Path to the sudo-specific environment file: %s"
sudoers_locale
	T_STR
	"Locale to use while parsing sudoers: %s"
visiblepw
	T_FLAG
	"Allow sudo to prompt for a password even if it would be visisble"
pwfeedback
	T_FLAG
	"Provide visual feedback at the password prompt when there is user input"
fast_glob
	T_FLAG
	"Use faster globbing that is less accurate but does not access the filesystem"
umask_override
	T_FLAG
	"The umask specified in sudoers will override the user's, even if it is more permissive"