summaryrefslogtreecommitdiff
path: root/OPTIONS
blob: b0875559ea0863fc879874b439635116b5fc75b0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214

The following options may be used to configure sudo 1.4

FQDN
    Define this if you want to put fully qualified hostnames in the sudoers
    file.  Ie: instead of myhost you would use myhost.mydomain.edu.
    You may still use the short form if you wish (and even mix the two).
    Beware that turning FQDN on requires sudo to make DNS lookups which
    may make sudo unusable if your DNS is totally hosed.
    Also note that you must use the host's official name as DNS knows it.
    That is, you may not use a host alias (CNAME entry) due to performance
    issues and the fact that there is no way to get all aliases from DNS.
    This is off by default.

LOGGING
    How you want to do your logging.  Your choices are SLOG_SYSLOG, SLOG_FILE,
    or SLOG_BOTH.  Setting this to SYSLOG is nice because you can keep all
    your sudo logs in one place.  If you don't have syslog or if your syslog
    is of an ancient vintage (4.2BSD, SunOS 3.x and all versions of Ultrix)
    you should probably use FILE logging (the pathname for the log file is
    in pathnames.h).  If you are really serious about security you may want
    to set LOGGING to SLOG_BOTH (to keep people from killing your syslog with
    a denial of service attack while they do something nasty).
    The default is to use SLOG_SYSLOG.

LOGFAC
    What syslog facility to log to.  This requires a 4.3BSD or later
    version of syslog.  You can still set this for ancient syslogs
    but it will have no effect.
    The default is to use LOG_LOCAL2 but you may want to use LOG_AUTH.

MAXLOGFILELEN
    Number of characters per line for the file log.  This is only
    used if you are LOGGING to FILE or BOTH.  MAXLOGFILELEN is used to
    decide when to wrap lines for nicer log files.  You can set it to MAXLOGLEN
    if you don't want any word wrapping in your log files.
    The default is 80.

NO_ROOT_SUDO
    Don't let root run sudo.  This can be used to prevent people from
    "chaining" sudo commands to get a root shell by doing something
    like "sudo sudo /bin/sh".
    This is off by default.

ALERTMAIL
    User that mail from sudo is sent to.  This should go to a sysadmin
    at your site.
    The default is "root".

SEND_MAIL_WHEN_NO_USER
    Send mail to ALERMAIL if the user invoking sudo is not in the sudoers file.
    You probably want this on so you can yell at people trying to use sudo
    when they are not allowed to.
    This is on by default.

SEND_MAIL_WHEN_NOT_OK
    Send mail to ALERMAIL if the user is allowed to use sudo but the
    command they are trying is not listed in their sudoers file entry.
    This is off by default.

EXEMPTGROUP
    If this is defined then users in the group defined by EXEMPTGROUP
    don't need to enter a password when running sudo.  This may be useful
    for sites that don't want their "core" sysadmins to have to enter
    a password but where Jr. sysadmins need to.
    This is off by default.

ENV_EDITOR
    Makes visudo consult the EDITOR and VISUAL environmental variables
    before falling back on the default editor.  Note that this may create
    a security hole as most editors allow a user to get a shell (which would
    be a root shell and hence, no logging).
    This is off by default.

SHORT_MESSAGE
    Omits the copyright message from the "lecture" one gets when running
    sudo for the first time on a machine.
    This is on by default.

TIMEOUT
    Number of minutes that can elapse before sudo will ask for a passwd again.
    The default is 5, set this to 0 to always prompt for a password.

PASSWORD_TIMEOUT
    Number of minutes before the sudo password prompt times out.
    The default is 5.

TRIES_FOR_PASSWORD
    Number of tries a user gets to enter his/her password before sudo
    logs the failure and exits.
    The default is 3.

USE_INSULTS
    Define this if you want to be insulted for typing an incorrect password
    just like the original sudo(8).
    This is off by default.

CLASSIC_INSULTS
    Uses insults from sudo "classic."  If you just define USE_INSULTS
    you will get the classic insults.
    This is on by default if USE_INSULTS is defined.

HAL_INSULTS
    Uses 2001-like insults when an incorrect password is entered.  You must
    define USE_INSULTS as well for this to have any effect.
    This is off by default.

GOONS_INSULTS
    Insults the user with lines from the "Goon Show" when an incorrect
    password is entered.  You must define USE_INSULTS as well for this
    to have any effect.
    This is off by default.

CSOPS_INSULTS
    Insults the user with an extra set of insults (some quotes, some original)
    from a sysadmin group at CU (CSOps).  You must define USE_INSULTS as well
    for this to have any effect.
    This is off by default.

EDITOR
    This is the default editor used by visudo (and the only editor used unless
    ENV_EDITOR is defined).
    The default is _PATH_VI (where vi lives).

MAILER
    Mailer used to send mail when someone tries to sudo and access is denied.
    As such, this should not be /usr/ucb/Mail or mailx.  Sudo is setup to
    use sendmail, but it should be possible to use smail as well.
    The default is _PATH_SENDMAIL (where sendmail lives).

UMASK
    Umask to use when running the root command.  If you do not define this
    sudo will preserve the umask of the user invoking sudo.
    The default is 0022.

INCORRECT_PASSWORD
    Message that is displayed if a user enters an incorrect password.
    The default is "Sorry, try again."

MAILSUBJECT
    Subject of the mail sent to the ALERTMAIL user.
    Default is "*** SECURITY information ***".

PASSPROMPT
    Default prompt to use when asking for a password.  Can be overridden
    via the -p option.  Default is "Password:".

SECURE_PATH
    Path used for every command run from sudo(8).  If you don't trust
    the people running sudo to have a sane PATH environmental variable
    you may want to define SECURE_PATH.  Another use is if you want to
    have the "root path" be separate from the "user path."  You will
    need to customize the path for your site.
    NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP.
    This is off by default.

NO_DOT_PATH
    If defined, sudo will ignore '.' or '' (current dir) in $PATH.
    The $PATH itself is not modified.
    This is off by default.

USE_EXECV
    Use execv() to exec the command instead of execvp().  I can't think of
    a reason to actually do this since execvp() is passed a fully qualified
    pathname but someone might thoroughly distrust execvp().  Note that if
    you define this you lose the ability to exec scripts that are missing the
    '#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD).
    This is off by default.

SHELL_IF_NO_ARGS
    If sudo is invoked with no arguments it acts as if the "-s" flag
    had been given.  Namely, it runs a shell as root (the shell is
    determined by the SHELL envariable, falling back on the shell listed
    in the invoking user's /etc/passwd entry).
    This is off by default.

USE_TTY_TICKETS
    This makes sudo use a different ticket file for each tty (per user).
    Ie: instead of the ticket file being "username" it is "username.tty".
    This offers increased security in an open lab or with "shared"
    accounts like "operator."  Note that this means that there will
    be more files in the timestamp dir.  This is not a problem is your
    system has a cron job to remove of files from /tmp (or wherever
    you specified the timestamp dir to be).
    This feature is off by default.

FAST_MATCH
    When matching a given command to a path listed in the sudoers file,
    only check the inodes for a match if the basenames match.
    If you want links to a command to be allowed then you should turn
    this off, but it will make things take a little longer.
    This is on by default.

SKEY_ONLY
    When validating the user, only allow an s/key passkey.  Do not
    compare against the passwd file or use any other authentication
    scheme.  This is only useful if you want to force people to
    use s/key.
    This feature is off by default.

LONG_SKEY_PROMPT
    When validating with s/key a two-line prompt is used to make
    it easier to cut and paste the s/key challenge to a local
    window.  It's not as pretty as the default but some people
    find it more convenient.
    This feature is off by default.

SUDOERS_OWNER
    Who should own the sudoers file.  This must be a username, *not* a uid.
    This is useful if you want to make the sudoers file NFS-mounted
    but don't want to let the clients mount the filesystem with
    root proviledges.  A good choice for SUDOERS_OWNER in this case is
    "daemon", a bad choice would be nobody.  Note that this is usually
    set in the Makefile.
    The default is "root" (remember the quotes).
View Lorry Controller Status