diff options
-rw-r--r-- | MANIFEST | 6 | ||||
-rwxr-xr-x | configure | 6 | ||||
-rw-r--r-- | configure.ac | 4 | ||||
-rw-r--r-- | docs/sudo.conf.man.in | 10 | ||||
-rw-r--r-- | docs/sudo.conf.mdoc.in | 10 | ||||
-rw-r--r-- | docs/sudo.man.in | 4 | ||||
-rw-r--r-- | docs/sudo.mdoc.in | 4 | ||||
-rw-r--r-- | docs/sudo_logsrvd.conf.man.in | 16 | ||||
-rw-r--r-- | docs/sudo_logsrvd.conf.mdoc.in | 16 | ||||
-rw-r--r-- | docs/sudo_plugin_python.man.in | 10 | ||||
-rw-r--r-- | docs/sudo_plugin_python.mdoc.in | 10 | ||||
-rw-r--r-- | docs/sudoers.man.in | 12 | ||||
-rw-r--r-- | docs/sudoers.mdoc.in | 12 | ||||
-rw-r--r-- | examples/Makefile.in | 8 | ||||
-rw-r--r-- | examples/sudo_logsrvd.conf.in (renamed from examples/sudo_logsrvd.conf) | 18 | ||||
-rw-r--r-- | examples/sudoers.in (renamed from examples/sudoers) | 2 |
16 files changed, 78 insertions, 70 deletions
@@ -79,8 +79,8 @@ examples/Makefile.in examples/cvtsudoers.conf examples/pam.conf examples/sudo.conf.in -examples/sudo_logsrvd.conf -examples/sudoers +examples/sudo_logsrvd.conf.in +examples/sudoers.in examples/syslog.conf include/Makefile.in include/compat/charclass.h @@ -245,8 +245,8 @@ lib/util/progname.c lib/util/pw_dup.c lib/util/pwrite.c lib/util/rcstr.c -lib/util/regex.c lib/util/reallocarray.c +lib/util/regex.c lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 @@ -3676,7 +3676,7 @@ PYTHON_PLUGIN=# LOGSRVD= LOGSRVD_SRC=logsrvd LOGSRV_SRC=lib/logsrv -LOGSRVD_CONF='$(srcdir)/sudo_logsrvd.conf' +LOGSRVD_CONF='sudo_logsrvd.conf' LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la' PPFILES='$(srcdir)/etc/sudo.pp' @@ -32257,7 +32257,7 @@ elif test X"$TMPFILES_D" != X""; then fi -ac_config_files="$ac_config_files Makefile docs/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" +ac_config_files="$ac_config_files Makefile docs/Makefile examples/Makefile examples/sudoers examples/sudo.conf examples/sudo_logsrvd.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" cat >confcache <<\_ACEOF @@ -33251,7 +33251,9 @@ do "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "docs/Makefile") CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;; + "examples/sudoers") CONFIG_FILES="$CONFIG_FILES examples/sudoers" ;; "examples/sudo.conf") CONFIG_FILES="$CONFIG_FILES examples/sudo.conf" ;; + "examples/sudo_logsrvd.conf") CONFIG_FILES="$CONFIG_FILES examples/sudo_logsrvd.conf" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; "lib/eventlog/Makefile") CONFIG_FILES="$CONFIG_FILES lib/eventlog/Makefile" ;; "lib/fuzzstub/Makefile") CONFIG_FILES="$CONFIG_FILES lib/fuzzstub/Makefile" ;; diff --git a/configure.ac b/configure.ac index bc1a24400..3535f6051 100644 --- a/configure.ac +++ b/configure.ac @@ -288,7 +288,7 @@ PYTHON_PLUGIN=# LOGSRVD= LOGSRVD_SRC=logsrvd LOGSRV_SRC=lib/logsrv -LOGSRVD_CONF='$(srcdir)/sudo_logsrvd.conf' +LOGSRVD_CONF='sudo_logsrvd.conf' LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la' PPFILES='$(srcdir)/etc/sudo.pp' @@ -5114,7 +5114,7 @@ elif test X"$TMPFILES_D" != X""; then AC_CONFIG_FILES([etc/init.d/sudo.conf]) fi -AC_CONFIG_FILES([Makefile docs/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) +AC_CONFIG_FILES([Makefile docs/Makefile examples/Makefile examples/sudoers examples/sudo.conf examples/sudo_logsrvd.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT diff --git a/docs/sudo.conf.man.in b/docs/sudo.conf.man.in index b506f507e..ed39405dd 100644 --- a/docs/sudo.conf.man.in +++ b/docs/sudo.conf.man.in @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.TH "SUDO.CONF" "@mansectform@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO.CONF" "@mansectform@" "February 11, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -588,7 +588,7 @@ Examples: .nf .sp .RS 4n -Debug sudo /var/log/sudo_debug all@warn,plugin@info +Debug sudo @log_dir@/sudo_debug all@warn,plugin@info .RE .fi .PP @@ -600,7 +600,7 @@ level for the plugin subsystem. .nf .sp .RS 4n -Debug sudo_intercept.so /var/log/intercept_debug all@debug +Debug sudo_intercept.so @log_dir@/intercept_debug all@debug .RE .fi .PP @@ -869,8 +869,8 @@ front-end configuration # Priority may be crit, err, warn, notice, diag, info, trace, or debug. # Multiple subsystem@priority may be specified, separated by a comma. # -#Debug sudo /var/log/sudo_debug all@debug -#Debug sudoers.so /var/log/sudoers_debug all@debug +#Debug sudo @log_dir@/sudo_debug all@debug +#Debug sudoers.so @log_dir@/sudoers_debug all@debug .RE .fi .SH "SEE ALSO" diff --git a/docs/sudo.conf.mdoc.in b/docs/sudo.conf.mdoc.in index 4da170090..f916ebfb3 100644 --- a/docs/sudo.conf.mdoc.in +++ b/docs/sudo.conf.mdoc.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.Dd February 10, 2022 +.Dd February 11, 2022 .Dt SUDO.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -536,7 +536,7 @@ as it does not include a comma .Pp Examples: .Bd -literal -offset 4n -Debug sudo /var/log/sudo_debug all@warn,plugin@info +Debug sudo @log_dir@/sudo_debug all@warn,plugin@info .Ed .Pp would log all debugging statements at the @@ -545,7 +545,7 @@ level and higher in addition to those at the .Em info level for the plugin subsystem. .Bd -literal -offset 4n -Debug sudo_intercept.so /var/log/intercept_debug all@debug +Debug sudo_intercept.so @log_dir@/intercept_debug all@debug .Ed .Pp would log all debugging statements, regardless of level, for the @@ -798,8 +798,8 @@ front-end configuration # Priority may be crit, err, warn, notice, diag, info, trace, or debug. # Multiple subsystem@priority may be specified, separated by a comma. # -#Debug sudo /var/log/sudo_debug all@debug -#Debug sudoers.so /var/log/sudoers_debug all@debug +#Debug sudo @log_dir@/sudo_debug all@debug +#Debug sudoers.so @log_dir@/sudoers_debug all@debug .Ed .Sh SEE ALSO .Xr sudo_plugin @mansectform@ , diff --git a/docs/sudo.man.in b/docs/sudo.man.in index f7f460700..8e1855df4 100644 --- a/docs/sudo.man.in +++ b/docs/sudo.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDO" "@mansectsu@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDO" "@mansectsu@" "February 11, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -1277,7 +1277,7 @@ group: .nf .sp .RS 4n -$ sudo -g adm more /var/log/syslog +$ sudo -g adm more @log_dir@/syslog .RE .fi .PP diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in index 2f25519e0..a666bff39 100644 --- a/docs/sudo.mdoc.in +++ b/docs/sudo.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd February 10, 2022 +.Dd February 11, 2022 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -1191,7 +1191,7 @@ $ sudoedit -u www ~www/htdocs/index.html To view system logs only accessible to root and users in the adm group: .Bd -literal -offset 4n -$ sudo -g adm more /var/log/syslog +$ sudo -g adm more @log_dir@/syslog .Ed .Pp To run an editor as jim with a different primary group: diff --git a/docs/sudo_logsrvd.conf.man.in b/docs/sudo_logsrvd.conf.man.in index d66a18b3c..08ed8185a 100644 --- a/docs/sudo_logsrvd.conf.man.in +++ b/docs/sudo_logsrvd.conf.man.in @@ -898,8 +898,8 @@ Sudo log server configuration file # The directory to store messages in before they are sent to the relay. # Messages are stored in wire format. -# The default value is /var/log/sudo_logsrvd. -#relay_dir = /var/log/sudo_logsrvd +# The default value is @relay_dir@. +#relay_dir = @relay_dir@ # The number of seconds to wait after a connection error before # making a new attempt to forward a message to a relay host. @@ -957,7 +957,7 @@ Sudo log server configuration file [iolog] # The top-level directory to use when constructing the path name for the # I/O log directory. The session sequence number, if any, is stored here. -#iolog_dir = /var/log/sudo-io +#iolog_dir = @iolog_dir@ # The path name, relative to iolog_dir, in which to store I/O logs. # Note that iolog_file may contain directory components. @@ -1034,20 +1034,20 @@ Sudo log server configuration file # The following syslog facilities are supported: authpriv (if your OS # supports it), auth, daemon, user, local0, local1, local2, local3, # local4, local5, local6, and local7. -#facility = authpriv +#facility = @logfac@ # Syslog priority to use for event log accept messages, when the command # is allowed by the security policy. The following syslog priorities are # supported: alert, crit, debug, emerg, err, info, notice, warning, none. -#accept_priority = notice +#accept_priority = @goodpri@ # Syslog priority to use for event log reject messages, when the command # is not allowed by the security policy. -#reject_priority = alert +#reject_priority = @badpri@ # Syslog priority to use for event log alert messages reported by the # client. -#alert_priority = alert +#alert_priority = @badpri@ # The syslog facility to use for server warning messages. # Defaults to daemon. @@ -1056,7 +1056,7 @@ Sudo log server configuration file [logfile] # The path to the file-based event log. # This path must be fully-qualified and start with a '/' character. -#path = /var/log/sudo +#path = @logpath@ # The format string used when formatting the date and time for # file-based event logs. Formatting is performed via strftime(3) so diff --git a/docs/sudo_logsrvd.conf.mdoc.in b/docs/sudo_logsrvd.conf.mdoc.in index ee20ce28f..8cd78d516 100644 --- a/docs/sudo_logsrvd.conf.mdoc.in +++ b/docs/sudo_logsrvd.conf.mdoc.in @@ -824,8 +824,8 @@ Sudo log server configuration file # The directory to store messages in before they are sent to the relay. # Messages are stored in wire format. -# The default value is /var/log/sudo_logsrvd. -#relay_dir = /var/log/sudo_logsrvd +# The default value is @relay_dir@. +#relay_dir = @relay_dir@ # The number of seconds to wait after a connection error before # making a new attempt to forward a message to a relay host. @@ -883,7 +883,7 @@ Sudo log server configuration file [iolog] # The top-level directory to use when constructing the path name for the # I/O log directory. The session sequence number, if any, is stored here. -#iolog_dir = /var/log/sudo-io +#iolog_dir = @iolog_dir@ # The path name, relative to iolog_dir, in which to store I/O logs. # Note that iolog_file may contain directory components. @@ -960,20 +960,20 @@ Sudo log server configuration file # The following syslog facilities are supported: authpriv (if your OS # supports it), auth, daemon, user, local0, local1, local2, local3, # local4, local5, local6, and local7. -#facility = authpriv +#facility = @logfac@ # Syslog priority to use for event log accept messages, when the command # is allowed by the security policy. The following syslog priorities are # supported: alert, crit, debug, emerg, err, info, notice, warning, none. -#accept_priority = notice +#accept_priority = @goodpri@ # Syslog priority to use for event log reject messages, when the command # is not allowed by the security policy. -#reject_priority = alert +#reject_priority = @badpri@ # Syslog priority to use for event log alert messages reported by the # client. -#alert_priority = alert +#alert_priority = @badpri@ # The syslog facility to use for server warning messages. # Defaults to daemon. @@ -982,7 +982,7 @@ Sudo log server configuration file [logfile] # The path to the file-based event log. # This path must be fully-qualified and start with a '/' character. -#path = /var/log/sudo +#path = @logpath@ # The format string used when formatting the date and time for # file-based event logs. Formatting is performed via strftime(3) so diff --git a/docs/sudo_plugin_python.man.in b/docs/sudo_plugin_python.man.in index 156ce58d6..fb1f6ffa9 100644 --- a/docs/sudo_plugin_python.man.in +++ b/docs/sudo_plugin_python.man.in @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_PLUGIN_PYTHON" "5" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_PLUGIN_PYTHON" "5" "February 11, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -1613,12 +1613,12 @@ sudo.conf(@mansectform@) with the program set to \fIpython_plugin.so\fR. For example, to store debug output in -\fI/var/log/sudo_python_debug\fR, +\fI@log_dir@/sudo_python_debug\fR, use a line like the following: .nf .sp .RS 4n -Debug python_plugin.so /var/log/sudo_python_debug \e +Debug python_plugin.so @log_dir@/sudo_python_debug \e plugin@trace,c_calls@trace .RE .fi @@ -1633,7 +1633,7 @@ calls, use: .nf .sp .RS 4n -Debug python_plugin.so /var/log/sudo_python_debug plugin@trace +Debug python_plugin.so @log_dir@/sudo_python_debug plugin@trace .RE .fi .PP @@ -1741,7 +1741,7 @@ Plugin python_io python_plugin.so \e ClassName=DebugDemoPlugin Debug python_plugin.so \e - /var/log/sudo_python_debug plugin@trace,c_calls@trace + @log_dir@/sudo_python_debug plugin@trace,c_calls@trace .RE .fi .SS "Option conversion API" diff --git a/docs/sudo_plugin_python.mdoc.in b/docs/sudo_plugin_python.mdoc.in index 4d0228260..913be4b24 100644 --- a/docs/sudo_plugin_python.mdoc.in +++ b/docs/sudo_plugin_python.mdoc.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd February 10, 2022 +.Dd February 11, 2022 .Dt SUDO_PLUGIN_PYTHON @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -1300,10 +1300,10 @@ line to with the program set to .Pa python_plugin.so . For example, to store debug output in -.Pa /var/log/sudo_python_debug , +.Pa @log_dir@/sudo_python_debug , use a line like the following: .Bd -literal -offset 4n -Debug python_plugin.so /var/log/sudo_python_debug \e +Debug python_plugin.so @log_dir@/sudo_python_debug \e plugin@trace,c_calls@trace .Ed .Pp @@ -1315,7 +1315,7 @@ For example to just see the debug output of .Fn sudo.debug calls, use: .Bd -literal -offset 4n -Debug python_plugin.so /var/log/sudo_python_debug plugin@trace +Debug python_plugin.so @log_dir@/sudo_python_debug plugin@trace .Ed .Pp See @@ -1402,7 +1402,7 @@ Plugin python_io python_plugin.so \e ClassName=DebugDemoPlugin Debug python_plugin.so \e - /var/log/sudo_python_debug plugin@trace,c_calls@trace + @log_dir@/sudo_python_debug plugin@trace,c_calls@trace .Ed .Ss Option conversion API The Python plugin API includes two convenience functions to diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in index 919647573..6f12cb919 100644 --- a/docs/sudoers.man.in +++ b/docs/sudoers.man.in @@ -2092,7 +2092,7 @@ For example, while a sudoers entry like: .nf .sp .RS 4n -%operator ALL = /bin/cat /var/log/messages* +%operator ALL = /bin/cat @log_dir@/messages* .RE .fi .PP @@ -2100,7 +2100,7 @@ will allow command like: .nf .sp .RS 4n -$ sudo cat /var/log/messages.1 +$ sudo cat @log_dir@/messages.1 .RE .fi .PP @@ -2108,7 +2108,7 @@ It will also allow: .nf .sp .RS 4n -$ sudo cat /var/log/messages /etc/shadow +$ sudo cat @log_dir@/messages /etc/shadow .RE .fi .PP @@ -5817,7 +5817,7 @@ If the option is set, \fBsudoers\fR will log to a local file, such as -\fI/var/log/sudo\fR. +\fI@log_dir@/sudo\fR. When logging to a file, \fBsudoers\fR uses a format similar to @@ -6215,7 +6215,7 @@ Defaults syslog=auth,runcwd=~ Defaults>root !set_logname Defaults:FULLTIMERS !lecture,runchroot=* Defaults:millert !authenticate -Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log Defaults!PAGERS noexec .RE .fi @@ -7110,7 +7110,7 @@ For example: .nf .sp .RS 0n -Debug sudoers.so /var/log/sudoers_debug match@info,nss@info +Debug sudoers.so @log_dir@/sudoers_debug match@info,nss@info .RE .fi .PP diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in index 90adf9763..2daec6157 100644 --- a/docs/sudoers.mdoc.in +++ b/docs/sudoers.mdoc.in @@ -1977,17 +1977,17 @@ or will match across word boundaries, which may be unexpected. For example, while a sudoers entry like: .Bd -literal -offset 4n -%operator ALL = /bin/cat /var/log/messages* +%operator ALL = /bin/cat @log_dir@/messages* .Ed .Pp will allow command like: .Bd -literal -offset 4n -$ sudo cat /var/log/messages.1 +$ sudo cat @log_dir@/messages.1 .Ed .Pp It will also allow: .Bd -literal -offset 4n -$ sudo cat /var/log/messages /etc/shadow +$ sudo cat @log_dir@/messages /etc/shadow .Ed .Pp which is probably not what was intended. @@ -5423,7 +5423,7 @@ If the option is set, .Nm will log to a local file, such as -.Pa /var/log/sudo . +.Pa @log_dir@/sudo . When logging to a file, .Nm uses a format similar to @@ -5773,7 +5773,7 @@ Defaults syslog=auth,runcwd=~ Defaults>root !set_logname Defaults:FULLTIMERS !lecture,runchroot=* Defaults:millert !authenticate -Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log Defaults!PAGERS noexec .Ed .Pp @@ -6572,7 +6572,7 @@ utility functions .Pp For example: .Bd -literal -Debug sudoers.so /var/log/sudoers_debug match@info,nss@info +Debug sudoers.so @log_dir@/sudoers_debug match@info,nss@info .Ed .Pp For more information, see the diff --git a/examples/Makefile.in b/examples/Makefile.in index a8280cd92..0b58e4233 100644 --- a/examples/Makefile.in +++ b/examples/Makefile.in @@ -55,7 +55,7 @@ SHELL = @SHELL@ LOGSRVD_CONF = @LOGSRVD_CONF@ EXAMPLES = $(srcdir)/cvtsudoers.conf $(srcdir)/pam.conf sudo.conf \ - $(LOGSRVD_CONF) $(srcdir)/sudoers $(srcdir)/syslog.conf + $(LOGSRVD_CONF) sudoers $(srcdir)/syslog.conf VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ @@ -67,9 +67,15 @@ depend: Makefile: $(srcdir)/Makefile.in cd $(top_builddir) && ./config.status --file examples/Makefile +sudoers: $(srcdir)/sudoers.in + cd $(top_builddir) && ./config.status --file examples/sudoers + sudo.conf: $(srcdir)/sudo.conf.in cd $(top_builddir) && ./config.status --file examples/sudo.conf +sudo_logsrvd.conf: $(srcdir)/sudo_logsrvd.conf.in + cd $(top_builddir) && ./config.status --file examples/sudo_logsrvd.conf + pre-install: install: install-doc diff --git a/examples/sudo_logsrvd.conf b/examples/sudo_logsrvd.conf.in index 5fd7d3f40..beb2400a9 100644 --- a/examples/sudo_logsrvd.conf +++ b/examples/sudo_logsrvd.conf.in @@ -22,7 +22,7 @@ #listen_address = *:30344(tls) # The file containing the ID of the running sudo_logsrvd process. -#pid_file = /var/run/sudo/sudo_logsrvd.pid +#pid_file = @rundir@/sudo_logsrvd.pid # Where to log server warnings: none, stderr, syslog, or a path name. #server_log = syslog @@ -86,8 +86,8 @@ # The directory to store messages in before they are sent to the relay. # Messages are stored in wire format. -# The default value is /var/log/sudo_logsrvd. -#relay_dir = /var/log/sudo_logsrvd +# The default value is @relay_dir@. +#relay_dir = @relay_dir@ # The number of seconds to wait after a connection error before # making a new attempt to forward a message to a relay host. @@ -145,7 +145,7 @@ [iolog] # The top-level directory to use when constructing the path name for the # I/O log directory. The session sequence number, if any, is stored here. -#iolog_dir = /var/log/sudo-io +#iolog_dir = @iolog_dir@ # The path name, relative to iolog_dir, in which to store I/O logs. # Note that iolog_file may contain directory components. @@ -223,20 +223,20 @@ # The following syslog facilities are supported: authpriv (if your OS # supports it), auth, daemon, user, local0, local1, local2, local3, # local4, local5, local6, and local7. -#facility = authpriv +#facility = @logfac@ # Syslog priority to use for event log accept messages, when the command # is allowed by the security policy. The following syslog priorities are # supported: alert, crit, debug, emerg, err, info, notice, warning, none. -#accept_priority = notice +#accept_priority = @goodpri@ # Syslog priority to use for event log reject messages, when the command # is not allowed by the security policy. -#reject_priority = alert +#reject_priority = @badpri@ # Syslog priority to use for event log alert messages reported by the # client. -#alert_priority = alert +#alert_priority = @badpri@ # The syslog facility to use for server warning messages. # Defaults to daemon. @@ -245,7 +245,7 @@ [logfile] # The path to the file-based event log. # This path must be fully-qualified and start with a '/' character. -#path = /var/log/sudo +#path = @logpath@ # The format string used when formatting the date and time for # file-based event logs. Formatting is performed via strftime(3) so diff --git a/examples/sudoers b/examples/sudoers.in index 870ce9167..46953d6fa 100644 --- a/examples/sudoers +++ b/examples/sudoers.in @@ -12,7 +12,7 @@ Defaults syslog=auth,runcwd=~ Defaults>root !set_logname Defaults:FULLTIMERS !lecture,runchroot=* Defaults:millert !authenticate -Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log Defaults!PAGERS noexec ## |