mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 07:45:47 +00:00
Code Issues Releases Wiki Activity

o Kill shell_noargs option, it cannot work since the command needs to

Browse Source 
be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option.  We now set host/shost via set_fqdn which
  gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
  correctly from the sudoers file.
This commit is contained in:
Todd C. Miller
1999-12-02 20:31:25 +00:00
parent a6a2b564d0
commit 449f67f776
9 changed files with 149 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
INSTALL
View File

@@ -228,6 +228,12 @@ Special features/options:
security hole as most editors allow a user to get a shell (which would security hole as most editors allow a user to get a shell (which would
be a root shell and hence, no logging). be a root shell and hence, no logging).
--enable-noargs-shell
If sudo is invoked with no arguments it acts as if the "-s" flag had
been given. That is, it runs a shell as root (the shell is determined
by the SHELL environment variable, falling back on the shell listed
in the invoking user's /etc/passwd entry).
The following options are also configurable at runtime: The following options are also configurable at runtime:
--with-otp-only --with-otp-only
@@ -417,12 +423,6 @@ The following options are also configurable at runtime:
--enable-log-host --enable-log-host
Log the hostname in the log file. Log the hostname in the log file.
--enable-noargs-shell
If sudo is invoked with no arguments it acts as if the "-s" flag had
been given. That is, it runs a shell as root (the shell is determined
by the SHELL environment variable, falling back on the shell listed
in the invoking user's /etc/passwd entry).
--enable-shell-sets-home --enable-shell-sets-home
If sudo is invoked with the "-s" flag the HOME environment variable If sudo is invoked with the "-s" flag the HOME environment variable
will be set to the home directory of the target user (which is root will be set to the home directory of the target user (which is root

23
defaults.c
View File

@@ -165,9 +165,6 @@ struct sudo_defs_types sudo_defs_table[] = {
}, { }, {
"log_year", T_FLAG, { 0 }, "log_year", T_FLAG, { 0 },
"Log the year in the (non-syslog) log file" "Log the year in the (non-syslog) log file"
}, {
"shell_noargs", T_FLAG, { 0 },
"If sudo is invoked with no arguments, start a shell"
}, { }, {
"set_home", T_FLAG, { 0 }, "set_home", T_FLAG, { 0 },
"Set $HOME to the target user when starting a shell with -s" "Set $HOME to the target user when starting a shell with -s"
@@ -321,8 +318,9 @@ set_default(var, val, op)
int op; /* TRUE or FALSE */ int op; /* TRUE or FALSE */
{ {
struct sudo_defs_types *cur; struct sudo_defs_types *cur;
int num;
for (cur = sudo_defs_table; cur->name; cur++) { for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
if (strcmp(var, cur->name) == 0) if (strcmp(var, cur->name) == 0)
break; break;
} }
@@ -425,6 +423,10 @@ set_default(var, val, op)
return(FALSE); return(FALSE);
} }
cur->sd_un.flag = op; cur->sd_un.flag = op;
/* Special action for I_FQDN. Move to own switch if we get more */
if (num == I_FQDN && op)
set_fqdn();
break; break;
} }
@@ -490,9 +492,6 @@ init_defaults()
#ifdef HOST_IN_LOG #ifdef HOST_IN_LOG
def_flag(I_LOG_HOST) = TRUE; def_flag(I_LOG_HOST) = TRUE;
#endif #endif
#ifdef SHELL_IF_NO_ARGS
def_flag(I_SHELL_NOARGS) = TRUE;
#endif
#ifdef SHELL_SETS_HOME #ifdef SHELL_SETS_HOME
def_flag(I_SET_HOME) = TRUE; def_flag(I_SET_HOME) = TRUE;
#endif #endif
@@ -615,13 +614,19 @@ store_syslogfac(val, def, op)
return(FALSE); /* not found */ return(FALSE); /* not found */
/* Store both name and number. */ /* Store both name and number. */
if (def->sd_un.str) if (def->sd_un.str) {
free(def->sd_un.str); free(def->sd_un.str);
closelog();
}
openlog("sudo", 0, fac->num);
def->sd_un.str = estrdup(fac->name); def->sd_un.str = estrdup(fac->name);
sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num; sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num;
#else #else
if (def->sd_un.str) if (def->sd_un.str) {
free(def->sd_un.str); free(def->sd_un.str);
closelog();
}
openlog("sudo", 0);
def->sd_un.str = estrdup("default"); def->sd_un.str = estrdup("default");
#endif /* LOG_NFACILITIES */ #endif /* LOG_NFACILITIES */
return(TRUE); return(TRUE);

43
defaults.h
View File

@@ -103,32 +103,31 @@ struct sudo_defs_types {
#define I_ROOT_SUDO 15 #define I_ROOT_SUDO 15
#define I_LOG_HOST 16 #define I_LOG_HOST 16
#define I_LOG_YEAR 17 #define I_LOG_YEAR 17
#define I_SHELL_NOARGS 18 #define I_SET_HOME 18
#define I_SET_HOME 19 #define I_PATH_INFO 19
#define I_PATH_INFO 20 #define I_FQDN 20
#define I_FQDN 21 #define I_INSULTS 21
#define I_INSULTS 22 #define I_REQUIRETTY 22
#define I_REQUIRETTY 23
/* Integer values */ /* Integer values */
#define I_LOGLEN 24 /* wrap log file line after N chars */ #define I_LOGLEN 23 /* wrap log file line after N chars */
#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */ #define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */
#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */ #define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */
#define I_PW_TRIES 27 /* exit after N bad password tries */ #define I_PW_TRIES 26 /* exit after N bad password tries */
#define I_UMASK 28 /* umask to use or 0777 to use user's */ #define I_UMASK 27 /* umask to use or 0777 to use user's */
/* Strings */ /* Strings */
#define I_LOGFILE 29 /* path to logfile (or NULL for none) */ #define I_LOGFILE 28 /* path to logfile (or NULL for none) */
#define I_MAILERPATH 30 /* path to sendmail or other mailer */ #define I_MAILERPATH 29 /* path to sendmail or other mailer */
#define I_MAILERFLAGS 31 /* flags to pass to the mailer */ #define I_MAILERFLAGS 30 /* flags to pass to the mailer */
#define I_MAILTO 32 /* who to send bitch mail to */ #define I_MAILTO 31 /* who to send bitch mail to */
#define I_MAILSUB 33 /* subject line of mail msg */ #define I_MAILSUB 32 /* subject line of mail msg */
#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */ #define I_BADPASS_MSG 33 /* what to say when passwd is wrong */
#define I_TIMESTAMPDIR 35 /* path to timestamp dir */ #define I_TIMESTAMPDIR 34 /* path to timestamp dir */
#define I_EXEMPT_GRP 36 /* no password or PATH override for these */ #define I_EXEMPT_GRP 35 /* no password or PATH override for these */
#define I_PASSPROMPT 37 /* password prompt */ #define I_PASSPROMPT 36 /* password prompt */
#define I_RUNAS_DEF 38 /* default user to run commands as */ #define I_RUNAS_DEF 37 /* default user to run commands as */
#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */ #define I_SECURE_PATH 38 /* set $PATH to this if not NULL */
/* /*
* Macros for accessing sudo_defs_table. * Macros for accessing sudo_defs_table.

76
sudo.c
View File

@@ -217,15 +217,6 @@ main(argc, argv)
/* Setup defaults data structures. */ /* Setup defaults data structures. */
init_defaults(); init_defaults();
/* Initialize syslog(3) if we are using it. */
if (def_str(I_LOGFACSTR)) {
#ifdef LOG_NFACILITIES
openlog("sudo", 0, def_ival(I_LOGFAC));
#else
openlog("sudo", 0);
#endif /* LOG_NFACILITIES */
}
if (sudo_mode & MODE_SHELL) if (sudo_mode & MODE_SHELL)
user_cmnd = "shell"; user_cmnd = "shell";
else else
@@ -293,6 +284,10 @@ main(argc, argv)
exit(1); exit(1);
} }
/* May need to set $HOME to target user. */
if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))
sudo_mode |= MODE_RESET_HOME;
/* Bail if a tty is required and we don't have one. */ /* Bail if a tty is required and we don't have one. */
if (def_flag(I_REQUIRETTY)) { if (def_flag(I_REQUIRETTY)) {
if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
@@ -416,7 +411,6 @@ init_vars(sudo_mode)
int sudo_mode; int sudo_mode;
{ {
char *p, thost[MAXHOSTNAMELEN]; char *p, thost[MAXHOSTNAMELEN];
struct hostent *hp;
/* Sanity check command from user. */ /* Sanity check command from user. */
if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) { if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) {
@@ -445,22 +439,17 @@ init_vars(sudo_mode)
log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
} else } else
user_host = estrdup(thost); user_host = estrdup(thost);
if (def_flag(I_FQDN)) { if (def_flag(I_FQDN))
if (!(hp = gethostbyname(user_host))) { set_fqdn();
log_error(USE_ERRNO|MSG_ONLY|NO_EXIT, else {
"unable to lookup %s via gethostbyname()", user_host); if ((p = strchr(user_host, '.'))) {
*p = '\0';
user_shost = estrdup(user_host);
*p = '.';
} else { } else {
free(user_host); user_shost = user_host;
user_host = estrdup(hp->h_name);
} }
} }
if ((p = strchr(user_host, '.'))) {
*p = '\0';
user_shost = estrdup(user_host);
*p = '.';
} else {
user_shost = user_host;
}
if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO))) { if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO))) {
if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
@@ -549,12 +538,12 @@ parse_args()
NewArgv = Argv + 1; NewArgv = Argv + 1;
NewArgc = Argc - 1; NewArgc = Argc - 1;
if (Argc < 2) { /* no options and no command */ #ifdef SHELL_IF_NO_ARGS
if (!def_flag(I_SHELL_NOARGS)) if (NewArgc == 0) { /* no options and no command */
usage(1);
rval |= MODE_SHELL; rval |= MODE_SHELL;
return(rval); return(rval);
} }
#endif
while (NewArgc > 0 && NewArgv[0][0] == '-') { while (NewArgc > 0 && NewArgv[0][0] == '-') {
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') { if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
@@ -636,8 +625,6 @@ parse_args()
if (excl && excl != 's') if (excl && excl != 's')
usage_excl(1); usage_excl(1);
excl = 's'; excl = 's';
if (def_flag(I_SET_HOME))
rval |= MODE_RESET_HOME;
break; break;
case 'H': case 'H':
rval |= MODE_RESET_HOME; rval |= MODE_RESET_HOME;
@@ -645,8 +632,10 @@ parse_args()
case '-': case '-':
NewArgc--; NewArgc--;
NewArgv++; NewArgv++;
if (def_flag(I_SHELL_NOARGS) && rval == MODE_RUN) #ifdef SHELL_IF_NO_ARGS
if (rval == MODE_RUN)
rval |= MODE_SHELL; rval |= MODE_SHELL;
#endif
return(rval); return(rval);
case '\0': case '\0':
(void) fprintf(stderr, "%s: '-' requires an argument\n", (void) fprintf(stderr, "%s: '-' requires an argument\n",
@@ -1038,6 +1027,35 @@ initial_setup()
#endif /* POSIX_SIGNALS */ #endif /* POSIX_SIGNALS */
} }
/*
* Look up the fully qualified domain name and set user_host and user_shost.
*/
void
set_fqdn()
{
struct hostent *hp;
char *p;
if (def_flag(I_FQDN)) {
if (!(hp = gethostbyname(user_host))) {
log_error(USE_ERRNO|MSG_ONLY|NO_EXIT,
"unable to lookup %s via gethostbyname()", user_host);
} else {
free(user_host);
user_host = estrdup(hp->h_name);
}
}
if (user_shost != user_host)
free(user_shost);
if ((p = strchr(user_host, '.'))) {
*p = '\0';
user_shost = estrdup(user_host);
*p = '.';
} else {
user_shost = user_host;
}
}
/* /*
* Tell which options are mutually exclusive and exit. * Tell which options are mutually exclusive and exit.
*/ */

1
sudo.h
View File

@@ -193,6 +193,7 @@ void dump_defaults __P((void));
void dump_auth_methods __P((void)); void dump_auth_methods __P((void));
int lock_file __P((int, int)); int lock_file __P((int, int));
int touch __P((char *, time_t)); int touch __P((char *, time_t));
void set_fqdn __P((void));
YY_DECL; YY_DECL;
/* Only provide extern declarations outside of sudo.c. */ /* Only provide extern declarations outside of sudo.c. */

88
sudoers.cat
View File

@@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
28/Nov/1999 1.6 1 2/Dec/1999 1.6 1
@@ -127,7 +127,7 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 2 2/Dec/1999 1.6 2
@@ -193,7 +193,7 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 3 2/Dec/1999 1.6 3
@@ -259,7 +259,7 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 4 2/Dec/1999 1.6 4
@@ -268,10 +268,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
shell_noargs
If sudo is invoked with no arguments, start a
shell
set_home Set $HOME to the target user when starting a set_home Set $HOME to the target user when starting a
shell with -s shell with -s
@@ -322,10 +318,14 @@ sudoers(5) FILE FORMATS sudoers(5)
syslog_goodpri syslog_goodpri
Syslog priority to use when user authenticates Syslog priority to use when user authenticates
successfully
syslog_badpri
Syslog priority to use when user authenticates
28/Nov/1999 1.6 5 2/Dec/1999 1.6 5
@@ -334,10 +334,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
successfully
syslog_badpri
Syslog priority to use when user authenticates
unsuccessfully unsuccessfully
SSSSttttrrrriiiinnnnggggssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt: SSSSttttrrrriiiinnnnggggssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt:
@@ -388,10 +384,14 @@ sudoers(5) FILE FORMATS sudoers(5)
A Runas_Spec is simply a Runas_List (as defined above) A Runas_Spec is simply a Runas_List (as defined above)
enclosed in a set of parentheses. If you do not specify a enclosed in a set of parentheses. If you do not specify a
Runas_Spec in the user specification, a default Runas_Spec
of rrrrooooooootttt will be used. A Runas_Spec sets the default for
commands that follow it. What this means is that for the
entry:
28/Nov/1999 1.6 6 2/Dec/1999 1.6 6
@@ -400,11 +400,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
Runas_Spec in the user specification, a default Runas_Spec
of rrrrooooooootttt will be used. A Runas_Spec sets the default for
commands that follow it. What this means is that for the
entry:
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
The user ddddggggbbbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m The user ddddggggbbbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m
@@ -453,11 +448,16 @@ sudoers(5) FILE FORMATS sudoers(5)
[...] Matches any character in the specified range. [...] Matches any character in the specified range.
[!...] Matches any character nnnnooootttt in the specified range.
\x For any character "x", evaluates to "x". This is
used to escape special characters such as: "*",
"?", "[", and "}".
28/Nov/1999 1.6 7 2/Dec/1999 1.6 7
@@ -466,12 +466,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
[!...] Matches any character nnnnooootttt in the specified range.
\x For any character "x", evaluates to "x". This is
used to escape special characters such as: "*",
"?", "[", and "}".
Note that a forward slash ('/') will nnnnooootttt be matched by Note that a forward slash ('/') will nnnnooootttt be matched by
wildcards used in the pathname. When matching the command wildcards used in the pathname. When matching the command
line arguments, however, as slash ddddooooeeeessss get matched by line arguments, however, as slash ddddooooeeeessss get matched by
@@ -521,9 +515,15 @@ sudoers(5) FILE FORMATS sudoers(5)
syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':', syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':',
'(', ')') is optional. '(', ')') is optional.
The following characters must be escaped with a backslash
('\') when used as part of a word (eg. a username or
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
28/Nov/1999 1.6 8
2/Dec/1999 1.6 8
@@ -532,10 +532,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
The following characters must be escaped with a backslash
('\') when used as part of a word (eg. a username or
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of Below are example _s_u_d_o_e_r_s entries. Admittedly, some of
these are a bit contrived. First, we define our _a_l_i_a_s_e_s: these are a bit contrived. First, we define our _a_l_i_a_s_e_s:
@@ -587,9 +583,13 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Defaults:millert !authenticate Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults@SERVERS log_year, logfile=/var/log/sudo.log
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually
determines who may run what.
28/Nov/1999 1.6 9
2/Dec/1999 1.6 9
@@ -598,9 +598,6 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually
determines who may run what.
root ALL = (ALL) ALL root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL %wheel ALL = (ALL) ALL
@@ -652,10 +649,13 @@ sudoers(5) FILE FORMATS sudoers(5)
assumes _p_a_s_s_w_d(1) does not take multiple usernames on the assumes _p_a_s_s_w_d(1) does not take multiple usernames on the
command line. command line.
bob SPARC = (OP) ALL : SGI = (OP) ALL
The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I
28/Nov/1999 1.6 10 2/Dec/1999 1.6 10
@@ -664,9 +664,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
bob SPARC = (OP) ALL : SGI = (OP) ALL
The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I
machines as any user listed in the _O_P Runas_Alias (rrrrooooooootttt machines as any user listed in the _O_P Runas_Alias (rrrrooooooootttt
and ooooppppeeeerrrraaaattttoooorrrr). and ooooppppeeeerrrraaaattttoooorrrr).
@@ -718,10 +715,13 @@ sudoers(5) FILE FORMATS sudoers(5)
On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias
(will, wendy, and wim), may run any command as user www (will, wendy, and wim), may run any command as user www
(which owns the web pages) or simply _s_u(1) to www.
28/Nov/1999 1.6 11
2/Dec/1999 1.6 11
@@ -730,8 +730,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5) sudoers(5) FILE FORMATS sudoers(5)
(which owns the web pages) or simply _s_u(1) to www.
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
@@ -787,7 +785,9 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
28/Nov/1999 1.6 12
2/Dec/1999 1.6 12
@@ -853,6 +853,6 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 13 2/Dec/1999 1.6 13

18
sudoers.man
View File

@@ -2,8 +2,14 @@
''' $RCSfile$$Revision$$Date$ ''' $RCSfile$$Revision$$Date$
''' '''
''' $Log$ ''' $Log$
''' Revision 1.16 1999/11/29 01:57:04 millert ''' Revision 1.17 1999/12/02 20:31:24 millert
''' fix some syntactic goofs ''' o Kill shell_noargs option, it cannot work since the command needs to
''' be set before sudoers is parsed.
''' o Fix the "set_home" sudoers option (only worked at compile time).
''' o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
''' gets called when the "fqdn" option is set in sudoers.
''' o Move the openlog() to store_syslogfac() so this gets overridden
''' correctly from the sudoers file.
''' '''
''' '''
.de Sh .de Sh
@@ -96,7 +102,7 @@
.nr % 0 .nr % 0
.rr F .rr F
.\} .\}
.TH sudoers 5 "1.6" "28/Nov/1999" "FILE FORMATS" .TH sudoers 5 "1.6" "2/Dec/1999" "FILE FORMATS"
.UC .UC
.if n .hy 0 .if n .hy 0
.if n .na .if n .na
@@ -399,8 +405,6 @@ Root may run sudo
Log the hostname in the (non-syslog) log file Log the hostname in the (non-syslog) log file
.Ip "log_year" 12 .Ip "log_year" 12
Log the year in the (non-syslog) log file Log the year in the (non-syslog) log file
.Ip "shell_noargs" 12
If sudo is invoked with no arguments, start a shell
.Ip "set_home" 12 .Ip "set_home" 12
Set \f(CW$HOME\fR to the target user when starting a shell with \f(CW-s\fR Set \f(CW$HOME\fR to the target user when starting a shell with \f(CW-s\fR
.Ip "path_info" 12 .Ip "path_info" 12
@@ -847,8 +851,6 @@ will not run with a syntactically incorrect \fIsudoers\fR file.
.IX Item "log_year" .IX Item "log_year"
.IX Item "shell_noargs"
.IX Item "set_home" .IX Item "set_home"
.IX Item "path_info" .IX Item "path_info"
@@ -915,7 +917,7 @@ will not run with a syntactically incorrect \fIsudoers\fR file.
.IX Subsection "Exceptions to wildcard rules:" .IX Subsection "Exceptions to wildcard rules:"
.IX Item "\f(CW""\fR" .IX Item \f(CW""\fR
.IX Subsection "Other special characters and reserved words:" .IX Subsection "Other special characters and reserved words:"

4
sudoers.pod
View File

@@ -269,10 +269,6 @@ Log the hostname in the (non-syslog) log file
Log the year in the (non-syslog) log file Log the year in the (non-syslog) log file
=item shell_noargs
If sudo is invoked with no arguments, start a shell
=item set_home =item set_home
Set $HOME to the target user when starting a shell with C<-s> Set $HOME to the target user when starting a shell with C<-s>

6
visudo.c
View File

@@ -407,6 +407,12 @@ netgr_matches(n, h, u)
return(TRUE); return(TRUE);
} }
void
set_fqdn()
{
return;
}
/* /*
* Assuming a parse error occurred, prompt the user for what they want * Assuming a parse error occurred, prompt the user for what they want
* to do now. Returns the first letter of their choice. * to do now. Returns the first letter of their choice.