mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

The tty_tickets option is now on by default.

Browse Source
This commit is contained in:
Todd C. Miller 2010-07-20 13:20:53 -04:00
parent 9006c79ba3
commit 2675524c32
10 changed files with 93 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
INSTALL
View File

@ -475,13 +475,10 @@ The following options are also configurable at runtime:
Number of minutes before the sudo password prompt times out.
The default is 5, set this to 0 for no password timeout.
--with-tty-tickets
This makes sudo use a different ticket file for each user/tty combo.
Ie: instead of the ticket path being "username" it is "username/tty".
This is useful for "shared" accounts like "operator". Note that this
means that there will be more files in the timestamp dir. This is not
a problem if your system has a cron job to remove of files from /tmp
(or wherever you specified the timestamp dir to be).
--without-tty-tickets
By default, sudo uses a different ticket file for each user/tty combo.
With this option disabled, a single ticket will be used for all
of a user's login sessions.
--with-insults
Define this if you want to be insulted for typing an incorrect password

2
WHATSNEW
View File

@ -19,6 +19,8 @@ What's new in Sudo 1.7.4?
than the boot time are ignored on systems where it is possible to
determine this.
* The tty_tickets sudoers option is now enabled by default.
* Ancillary documentation (README files, LICENSE, etc) is now installed
in a sudo documentation directory.

16
config.h.in
View File

@ -603,6 +603,10 @@
/* Define to 1 if you want a two line OTP (S/Key or OPIE) prompt. */
#undef LONG_OTP_PROMPT
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#undef LT_OBJDIR
/* The subject of the mail sent by sudo to the MAILTO user/address. */
#undef MAILSUBJECT
@ -632,6 +636,9 @@
/* Define to 1 if root should not be allowed to use sudo. */
#undef NO_ROOT_SUDO
/* Define to 1 if you want a single ticket file instead of per-tty files. */
#undef NO_TTY_TICKETS
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
@ -644,6 +651,9 @@
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@ -663,9 +673,6 @@
/* The syslog priority sudo will use for successful attempts. */
#undef PRI_SUCCESS
/* Define to 1 if the `putenv' has a const argument. */
#undef PUTENV_CONST
/* The user sudo should run commands as by default. */
#undef RUNAS_DEFAULT
@ -719,9 +726,6 @@
/* Define to 1 if you use GNU stow packaging. */
#undef USE_STOW
/* Define to 1 if you want a different ticket file for each tty. */
#undef USE_TTY_TICKETS
/* Define to avoid using the passwd/shadow file for authentication. */
#undef WITHOUT_PASSWD

12
configure vendored
View File

@ -2810,7 +2810,7 @@ runas_default=root
env_editor=off
editor=vi
passwd_tries=3
tty_tickets=off
tty_tickets=on
insults=off
root_sudo=on
path_info=on
@ -4806,14 +4806,14 @@ if test "${with_tty_tickets+set}" = set; then :
esac
fi
if test "$tty_tickets" = "on"; then
$as_echo "#define USE_TTY_TICKETS 1" >>confdefs.h
if test "$tty_tickets" = "off"; then
$as_echo "#define NO_TTY_TICKETS 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5

12
configure.in
View File

@ -124,7 +124,7 @@ runas_default=root
env_editor=off
editor=vi
passwd_tries=3
tty_tickets=off
tty_tickets=on
insults=off
root_sudo=on
path_info=on
@ -922,11 +922,11 @@ AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
if test "$tty_tickets" = "on"; then
AC_DEFINE(USE_TTY_TICKETS)
AC_MSG_RESULT(yes)
else
if test "$tty_tickets" = "off"; then
AC_DEFINE(NO_TTY_TICKETS)
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
AC_MSG_CHECKING(whether to include insults)
@ -2838,6 +2838,7 @@ AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture
AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
@ -2848,7 +2849,6 @@ AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])

6
doc/UPGRADE
View File

@ -10,6 +10,12 @@ o Upgrading from a version prior to 1.7.4:
system reboots. Time stamp files older than the boot time are
ignored on systems where it is possible to determine this.
Additionally, the tty_tickets sudoers option is now enabled by
default. To restore the old behavior (single time stamp per user),
add a line like:
Defaults !tty_tickets
to sudoers or use the --without-tty-tickets configure option.
The HOME and MAIL environment variables are now reset based on the
target user's password database entry when the env_reset sudoers option
is enabled (which is the case in the default configuration). Users

78
doc/sudoers.cat
View File

@ -45,10 +45,10 @@ DDEESSCCRRIIPPTTIIOONN
_s_u_d_o_e_r_s uses time stamp files for credential caching. Once a user has
been authenticated, a time stamp is updated and the user may then use
sudo without a password for a short period of time (5 minutes unless
overridden by the _t_i_m_e_o_u_t option. By default, _s_u_d_o_e_r_s uses a per-user
time stamp which means the time stamp is shared across all of a user's
login sessions. The _t_t_y___t_i_c_k_e_t_s option can be used to enable per-tty
time stamps instead.
overridden by the _t_i_m_e_o_u_t option. By default, _s_u_d_o_e_r_s uses a tty-based
time stamp which means that there is a separate time stamp for each of
a user's login sessions. The _t_t_y___t_i_c_k_e_t_s option can be disabled to
force the use of a single time stamp for all of a user's sessions.
_s_u_d_o_e_r_s can log both successful and unsuccessful attempts (as well as
errors) to _s_y_s_l_o_g(3), a log file, or both. By default, _s_u_d_o_e_r_s will
@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0b1 July 19, 2010 1
1.8.0b1 July 20, 2010 1
@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
1.8.0b1 July 19, 2010 2
1.8.0b1 July 20, 2010 2
@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 3
1.8.0b1 July 20, 2010 3
@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 4
1.8.0b1 July 20, 2010 4
@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 5
1.8.0b1 July 20, 2010 5
@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 6
1.8.0b1 July 20, 2010 6
@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 7
1.8.0b1 July 20, 2010 7
@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 8
1.8.0b1 July 20, 2010 8
@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 9
1.8.0b1 July 20, 2010 9
@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 10
1.8.0b1 July 20, 2010 10
@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.8.0b1 July 19, 2010 11
1.8.0b1 July 20, 2010 11
@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 12
1.8.0b1 July 20, 2010 12
@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 13
1.8.0b1 July 20, 2010 13
@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 14
1.8.0b1 July 20, 2010 14
@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 15
1.8.0b1 July 20, 2010 15
@ -1045,13 +1045,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
available logs.
tty_tickets If set, users must authenticate on a per-tty basis.
Normally, ssuuddoo uses a directory in the ticket dir with
the same name as the user running it. With this flag
enabled, ssuuddoo will use a file named for the tty the
With this flag enabled, ssuuddoo will use a file named for
the tty the user is logged in on in the user's time
stamp directory. If disabled, the time stamp of the
1.8.0b1 July 19, 2010 16
1.8.0b1 July 20, 2010 16
@ -1060,8 +1060,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
user is logged in on in that directory. This flag is
_o_f_f by default.
directory is used instead. This flag is _o_n by default.
umask_override If set, ssuuddoo will set the umask as specified by _s_u_d_o_e_r_s
without modification. This makes it possible to
@ -1114,10 +1113,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
passwd_timeout Number of minutes before the ssuuddoo password prompt times
out, or 0 for no timeout. The timeout may include a
fractional component if minute granularity is
1.8.0b1 July 19, 2010 17
1.8.0b1 July 20, 2010 17
@ -1126,7 +1126,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5.
timestamp_timeout
@ -1183,7 +1182,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 18
1.8.0b1 July 20, 2010 18
@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 19
1.8.0b1 July 20, 2010 19
@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 20
1.8.0b1 July 20, 2010 20
@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 21
1.8.0b1 July 20, 2010 21
@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 22
1.8.0b1 July 20, 2010 22
@ -1513,7 +1513,7 @@ EEXXAAMMPPLLEESS
1.8.0b1 July 19, 2010 23
1.8.0b1 July 20, 2010 23
@ -1579,7 +1579,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 24
1.8.0b1 July 20, 2010 24
@ -1645,7 +1645,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 19, 2010 25
1.8.0b1 July 20, 2010 25
@ -1711,7 +1711,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0b1 July 19, 2010 26
1.8.0b1 July 20, 2010 26
@ -1777,7 +1777,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
1.8.0b1 July 19, 2010 27
1.8.0b1 July 20, 2010 27
@ -1843,7 +1843,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0b1 July 19, 2010 28
1.8.0b1 July 20, 2010 28
@ -1909,6 +1909,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 July 19, 2010 29
1.8.0b1 July 20, 2010 29

20
doc/sudoers.man.in
View File

@ -148,7 +148,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "July 20, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@ -196,10 +196,10 @@ lookup is still done for root, not the user specified by \f(CW\*(C`SUDO_USER\*(C
user has been authenticated, a time stamp is updated and the user
may then use sudo without a password for a short period of time
(\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden by the \fItimeout\fR option.
By default, \fIsudoers\fR uses a per-user time stamp which means the
time stamp is shared across all of a user's login sessions. The
\&\fItty_tickets\fR option can be used to enable per-tty time stamps
instead.
By default, \fIsudoers\fR uses a tty-based time stamp which means that
there is a separate time stamp for each of a user's login sessions.
The \fItty_tickets\fR option can be disabled to force the use of a
single time stamp for all of a user's sessions.
.PP
\&\fIsudoers\fR can log both successful and unsuccessful attempts (as well
as errors) to \fIsyslog\fR\|(3), a log file, or both. By default, \fIsudoers\fR
@ -1103,11 +1103,11 @@ Output logs may be viewed with the \fIsudoreplay\fR\|(@mansectsu@) utility, whic
can also be used to list or search the available logs.
.IP "tty_tickets" 16
.IX Item "tty_tickets"
If set, users must authenticate on a per-tty basis. Normally,
\&\fBsudo\fR uses a directory in the ticket dir with the same name as
the user running it. With this flag enabled, \fBsudo\fR will use a
file named for the tty the user is logged in on in that directory.
This flag is \fI@tty_tickets@\fR by default.
If set, users must authenticate on a per-tty basis. With this flag
enabled, \fBsudo\fR will use a file named for the tty the user is
logged in on in the user's time stamp directory. If disabled, the
time stamp of the directory is used instead. This flag is
\&\fI@tty_tickets@\fR by default.
.IP "umask_override" 16
.IX Item "umask_override"
If set, \fBsudo\fR will set the umask as specified by \fIsudoers\fR without

18
doc/sudoers.pod
View File

@ -66,10 +66,10 @@ I<sudoers> uses time stamp files for credential caching. Once a
user has been authenticated, a time stamp is updated and the user
may then use sudo without a password for a short period of time
(C<@timeout@> minutes unless overridden by the I<timeout> option.
By default, I<sudoers> uses a per-user time stamp which means the
time stamp is shared across all of a user's login sessions. The
I<tty_tickets> option can be used to enable per-tty time stamps
instead.
By default, I<sudoers> uses a tty-based time stamp which means that
there is a separate time stamp for each of a user's login sessions.
The I<tty_tickets> option can be disabled to force the use of a
single time stamp for all of a user's sessions.
I<sudoers> can log both successful and unsuccessful attempts (as well
as errors) to syslog(3), a log file, or both. By default, I<sudoers>
@ -1000,11 +1000,11 @@ can also be used to list or search the available logs.
=item tty_tickets
If set, users must authenticate on a per-tty basis. Normally,
B<sudo> uses a directory in the ticket dir with the same name as
the user running it. With this flag enabled, B<sudo> will use a
file named for the tty the user is logged in on in that directory.
This flag is I<@tty_tickets@> by default.
If set, users must authenticate on a per-tty basis. With this flag
enabled, B<sudo> will use a file named for the tty the user is
logged in on in the user's time stamp directory. If disabled, the
time stamp of the directory is used instead. This flag is
I<@tty_tickets@> by default.
=item umask_override

2
plugins/sudoers/defaults.c
View File

@ -407,7 +407,7 @@ init_defaults(void)
#ifdef SEND_MAIL_WHEN_NOT_OK
def_mail_no_perms = TRUE;
#endif
#ifdef USE_TTY_TICKETS
#ifndef NO_TTY_TICKETS
def_tty_tickets = TRUE;
#endif
#ifndef NO_LECTURE