blob: 625c1409729d61ebcc34958626899bef7e23ccaf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
#
# Format:
#
# var_name
# TYPE
# description (or NULL)
# array of struct def_values if TYPE == T_TUPLE
#
# NOTE: for tuples that can be used in a boolean context the first
# value corresponds to boolean FALSE and the second to TRUE.
#
syslog
T_LOGFAC|T_BOOL
"Syslog facility if syslog is being used for logging: %s"
syslog_goodpri
T_LOGPRI
"Syslog priority to use when user authenticates successfully: %s"
syslog_badpri
T_LOGPRI
"Syslog priority to use when user authenticates unsuccessfully: %s"
long_otp_prompt
T_FLAG
"Put OTP prompt on its own line"
ignore_dot
T_FLAG
"Ignore '.' in $PATH"
mail_always
T_FLAG
"Always send mail when sudo is run"
mail_badpass
T_FLAG
"Send mail if user authentication fails"
mail_no_user
T_FLAG
"Send mail if the user is not in sudoers"
mail_no_host
T_FLAG
"Send mail if the user is not in sudoers for this host"
mail_no_perms
T_FLAG
"Send mail if the user is not allowed to run a command"
tty_tickets
T_FLAG
"Use a separate timestamp for each user/tty combo"
lecture
T_TUPLE|T_BOOL
"Lecture user the first time they run sudo"
never once always
lecture_file
T_STR|T_PATH|T_BOOL
"File containing the sudo lecture: %s"
authenticate
T_FLAG
"Require users to authenticate by default"
root_sudo
T_FLAG
"Root may run sudo"
log_host
T_FLAG
"Log the hostname in the (non-syslog) log file"
log_year
T_FLAG
"Log the year in the (non-syslog) log file"
shell_noargs
T_FLAG
"If sudo is invoked with no arguments, start a shell"
set_home
T_FLAG
"Set $HOME to the target user when starting a shell with -s"
always_set_home
T_FLAG
"Always set $HOME to the target user's home directory"
path_info
T_FLAG
"Allow some information gathering to give useful error messages"
fqdn
T_FLAG
"Require fully-qualified hostnames in the sudoers file"
insults
T_FLAG
"Insult the user when they enter an incorrect password"
requiretty
T_FLAG
"Only allow the user to run sudo if they have a tty"
env_editor
T_FLAG
"Visudo will honor the EDITOR environment variable"
rootpw
T_FLAG
"Prompt for root's password, not the users's"
runaspw
T_FLAG
"Prompt for the runas_default user's password, not the users's"
targetpw
T_FLAG
"Prompt for the target user's password, not the users's"
use_loginclass
T_FLAG
"Apply defaults in the target user's login class if there is one"
set_logname
T_FLAG
"Set the LOGNAME and USER environment variables"
stay_setuid
T_FLAG
"Only set the effective uid to the target user, not the real uid"
preserve_groups
T_FLAG
"Don't initialize the group vector to that of the target user"
loglinelen
T_UINT|T_BOOL
"Length at which to wrap log file lines (0 for no wrap): %d"
timestamp_timeout
T_INT|T_BOOL
"Authentication timestamp timeout: %d minutes"
passwd_timeout
T_UINT|T_BOOL
"Password prompt timeout: %d minutes"
passwd_tries
T_UINT
"Number of tries to enter a password: %d"
umask
T_MODE|T_BOOL
"Umask to use or 0777 to use user's: 0%o"
logfile
T_STR|T_BOOL|T_PATH
"Path to log file: %s"
mailerpath
T_STR|T_BOOL|T_PATH
"Path to mail program: %s"
mailerflags
T_STR|T_BOOL
"Flags for mail program: %s"
mailto
T_STR|T_BOOL
"Address to send mail to: %s"
mailfrom
T_STR|T_BOOL
"Address to send mail from: %s"
mailsub
T_STR
"Subject line for mail messages: %s"
badpass_message
T_STR
"Incorrect password message: %s"
timestampdir
T_STR|T_PATH
"Path to authentication timestamp dir: %s"
timestampowner
T_STR
"Owner of the authentication timestamp dir: %s"
exempt_group
T_STR|T_BOOL
"Users in this group are exempt from password and PATH requirements: %s"
passprompt
T_STR
"Default password prompt: %s"
passprompt_override
T_FLAG
"If set, passprompt will override system prompt in all cases."
runas_default
T_STR
"Default user to run commands as: %s"
secure_path
T_STR|T_BOOL
"Value to override user's $PATH with: %s"
editor
T_STR|T_PATH
"Path to the editor for use by visudo: %s"
listpw
T_TUPLE|T_BOOL
"When to require a password for 'list' pseudocommand: %s"
never any all always
verifypw
T_TUPLE|T_BOOL
"When to require a password for 'verify' pseudocommand: %s"
never all any always
noexec
T_FLAG
"Preload the dummy exec functions contained in 'noexec_file'"
noexec_file
T_STR|T_PATH
"File containing dummy exec functions: %s"
ignore_local_sudoers
T_FLAG
"If LDAP directory is up, do we ignore local sudoers file"
closefrom
T_INT
"File descriptors >= %d will be closed before executing a command"
closefrom_override
T_FLAG
"If set, users may override the value of `closefrom' with the -C option"
setenv
T_FLAG
"Allow users to set arbitrary environment variables"
env_reset
T_FLAG
"Reset the environment to a default set of variables"
env_check
T_LIST|T_BOOL
"Environment variables to check for sanity:"
env_delete
T_LIST|T_BOOL
"Environment variables to remove:"
env_keep
T_LIST|T_BOOL
"Environment variables to preserve:"
role
T_STR
"SELinux role to use in the new security context: %s"
type
T_STR
"SELinux type to use in the new security context: %s"
askpass
T_STR|T_PATH|T_BOOL
"Path to the askpass helper program: %s"
env_file
T_STR|T_PATH|T_BOOL
"Path to the sudo-specific environment file: %s"
sudoers_locale
T_STR
"Locale to use while parsing sudoers: %s"
visiblepw
T_FLAG
"Allow sudo to prompt for a password even if it would be visisble"
pwfeedback
T_FLAG
"Provide visual feedback at the password prompt when there is user input"
fast_glob
T_FLAG
"Use faster globbing that is less accurate but does not access the filesystem"
umask_override
T_FLAG
"The umask specified in sudoers will override the user's, even if it is more permissive"
|