mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-31 22:35:10 +00:00
Add support for a custom message when the command execution is denied.
This commit is contained in:
Guillaume Destuynder
committed by
Todd C. Miller
Todd C. Miller
parent
55db829087
commit
a4cbfecdae
@@ -4507,6 +4507,10 @@ option.
|
||||
This option is only available when sudo is built with AppArmor
|
||||
support.
|
||||
.TP 18n
|
||||
cmddenial_message
|
||||
Message that is displayed after a user's command execution is denied.
|
||||
It does not override the default message, instead, it adds additional information for the user when set.
|
||||
.TP 18n
|
||||
authfail_message
|
||||
Message that is displayed after a user fails to authenticate.
|
||||
The message may include the
|
||||
|
||||
@@ -4271,6 +4271,9 @@ option.
|
||||
This option is only available when sudo is built with AppArmor
|
||||
support.
|
||||
.\}
|
||||
.It cmddenial_message
|
||||
Message that is displayed after a user's command execution is denied.
|
||||
It does not override the default message, instead, it adds additional information for the user when set.
|
||||
.It authfail_message
|
||||
Message that is displayed after a user fails to authenticate.
|
||||
The message may include the
|
||||
|
||||
@@ -695,6 +695,11 @@ struct sudo_defs_types sudo_defs_table[] = {
|
||||
"apparmor_profile", T_STR,
|
||||
N_("AppArmor profile to use in the new security context: %s"),
|
||||
NULL,
|
||||
}, {
|
||||
"cmddenial_message", T_STR,
|
||||
N_("Command denial message: %s"),
|
||||
NULL,
|
||||
|
||||
}, {
|
||||
NULL, 0, NULL
|
||||
}
|
||||
|
||||
@@ -322,6 +322,9 @@
|
||||
#define def_intercept_verify (sudo_defs_table[I_INTERCEPT_VERIFY].sd_un.flag)
|
||||
#define I_APPARMOR_PROFILE 160
|
||||
#define def_apparmor_profile (sudo_defs_table[I_APPARMOR_PROFILE].sd_un.str)
|
||||
#define I_CMDDENIAL_MESSAGE 161
|
||||
#define def_cmddenial_message (sudo_defs_table[I_CMDDENIAL_MESSAGE].sd_un.str)
|
||||
|
||||
|
||||
enum def_tuple {
|
||||
never,
|
||||
|
||||
@@ -349,6 +349,9 @@ log_denial(const struct sudoers_context *ctx, unsigned int status,
|
||||
ctx->runas.gr ? ":" : "",
|
||||
ctx->runas.gr ? ctx->runas.gr->gr_name : "",
|
||||
ctx->user.host);
|
||||
if (def_cmddenial_message != NULL) {
|
||||
sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", def_cmddenial_message);
|
||||
}
|
||||
}
|
||||
if (mailit) {
|
||||
sudo_printf(SUDO_CONV_ERROR_MSG, "%s",
|
||||
|
||||
@@ -107,6 +107,7 @@ Defaults user_command_timeouts
|
||||
Defaults iolog_flush
|
||||
Defaults syslog_pid
|
||||
Defaults timestamp_type=tty
|
||||
Defaults cmddenial_message="That's not allowed!"
|
||||
Defaults authfail_message="Learn to type!"
|
||||
Defaults case_insensitive_user
|
||||
Defaults case_insensitive_group
|
||||
|
||||
@@ -527,6 +527,11 @@
|
||||
{ "timestamp_type": "tty" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"Options": [
|
||||
{ "cmddenial_message": "That's not allowed!" }
|
||||
]
|
||||
},
|
||||
{
|
||||
"Options": [
|
||||
{ "authfail_message": "Learn to type!" }
|
||||
|
||||
@@ -112,6 +112,7 @@ sudoOption: user_command_timeouts
|
||||
sudoOption: iolog_flush
|
||||
sudoOption: syslog_pid
|
||||
sudoOption: timestamp_type=tty
|
||||
sudoOption: cmddenial_message=That's not allowed!
|
||||
sudoOption: authfail_message=Learn to type!
|
||||
sudoOption: case_insensitive_user
|
||||
sudoOption: case_insensitive_group
|
||||
|
||||
@@ -107,6 +107,7 @@ Defaults user_command_timeouts
|
||||
Defaults iolog_flush
|
||||
Defaults syslog_pid
|
||||
Defaults timestamp_type=tty
|
||||
Defaults cmddenial_message="That's not allowed!"
|
||||
Defaults authfail_message="Learn to type!"
|
||||
Defaults case_insensitive_user
|
||||
Defaults case_insensitive_group
|
||||
|
||||
@@ -101,6 +101,7 @@ Defaults user_command_timeouts
|
||||
Defaults iolog_flush
|
||||
Defaults syslog_pid
|
||||
Defaults timestamp_type=tty
|
||||
Defaults cmddenial_message="That's not allowed!"
|
||||
Defaults authfail_message="Learn to type!"
|
||||
Defaults case_insensitive_user
|
||||
Defaults case_insensitive_group
|
||||
|
||||
@@ -108,6 +108,7 @@ DEFAULTS DEFVAR
|
||||
DEFAULTS DEFVAR
|
||||
DEFAULTS DEFVAR = WORD(2)
|
||||
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
|
||||
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
|
||||
DEFAULTS DEFVAR
|
||||
DEFAULTS DEFVAR
|
||||
DEFAULTS DEFVAR
|
||||
|
||||
Reference in New Issue
Block a user