Document sudo.conf usage now that visudo will parse the sudoers arguments.

2025-08-22 01:49:11 +00:00 · 2014-11-11 13:55:40 -07:00 · 2014-11-11 13:55:40 -07:00 · bc7cbcb556
commit bc7cbcb556
parent 5c13889f26
3 changed files with 158 additions and 3 deletions
--- a/doc/visudo.cat
+++ b/doc/visudo.cat
@ -83,6 +83,41 @@ DDEESSCCRRIIPPTTIIOONN
                 The various values have explicit types which removes much of
                 the ambiguity of the _s_u_d_o_e_r_s format.

+   UUssiinngg ssuuddoo..ccoonnff wwiitthh vviissuuddoo
+     vviissuuddoo versions 1.8.4 and higher support a flexible debugging framework
+     that is configured via Debug lines in the sudo.conf(4) file.  Starting
+     with ssuuddoo 1.8.12, vviissuuddoo will also parse the arguments to the _s_u_d_o_e_r_s
+     plugin to override the default _s_u_d_o_e_r_s path name, UID, GID and file mode.
+     These arguments, if present, should be listed after the path to the
+     plugin (i.e. after _s_u_d_o_e_r_s_._s_o).  Multiple arguments may be specified,
+     separated by white space.  For example:
+
+           Plugin sudoers_policy sudoers.so sudoers_mode=0400
+
+     The following plugin arguments are supported:
+
+     sudoers_file=pathname
+               The _s_u_d_o_e_r_s___f_i_l_e argument can be used to override the default
+               path to the _s_u_d_o_e_r_s file.
+
+     sudoers_uid=uid
+               The _s_u_d_o_e_r_s___u_i_d argument can be used to override the default
+               owner of the sudoers file.  It should be specified as a numeric
+               user ID.
+
+     sudoers_gid=gid
+               The _s_u_d_o_e_r_s___g_i_d argument can be used to override the default
+               group of the sudoers file.  It must be specified as a numeric
+               group ID (not a group name).
+
+     sudoers_mode=mode
+               The _s_u_d_o_e_r_s___m_o_d_e argument can be used to override the default
+               file mode for the sudoers file.  It should be specified as an
+               octal value.
+
+     For more information on configuring sudo.conf(4), please refer to its
+     manual.
+
 EENNVVIIRROONNMMEENNTT
     The following environment variables may be consulted depending on the
     value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings:
@ -92,6 +127,8 @@ EENNVVIIRROONNMMEENNTT
     EDITOR           Used by vviissuuddoo if VISUAL is not set

 FFIILLEESS
+     _/_e_t_c_/_s_u_d_o_._c_o_n_f            Sudo front end configuration
+
     _/_e_t_c_/_s_u_d_o_e_r_s              List of who can run what

     _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p          Lock file for visudo
@ -161,4 +198,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
     complete details.

-Sudo 1.8.11                      July 12, 2014                     Sudo 1.8.11
+Sudo 1.8.12                    November 11, 2014                   Sudo 1.8.12
--- a/doc/visudo.man.in
+++ b/doc/visudo.man.in
@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "VISUDO" "@mansectsu@" "July 12, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "8" "November 11, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@ -233,6 +233,65 @@ The various values have explicit types which removes much of the
 ambiguity of the
 \fIsudoers\fR
 format.
+.SS "Using sudo.conf with visudo"
+\fBvisudo\fR
+versions 1.8.4 and higher support a flexible debugging framework
+that is configured via
+\fRDebug\fR
+lines in the
+sudo.conf(@mansectform@)
+file.
+Starting with
+\fBsudo\fR
+1.8.12,
+\fBvisudo\fR
+will also parse the arguments to the
+\fIsudoers\fR
+plugin to override the default
+\fIsudoers\fR
+path name, UID, GID and file mode.
+These arguments, if present, should be listed after the path to the plugin
+(i.e.\& after
+\fIsudoers.so\fR).
+Multiple arguments may be specified, separated by white space.
+For example:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so sudoers_mode=0400
+.RE
+.fi
+.PP
+The following plugin arguments are supported:
+.TP 10n
+sudoers_file=pathname
+The
+\fIsudoers_file\fR
+argument can be used to override the default path to the
+\fIsudoers\fR
+file.
+.TP 10n
+sudoers_uid=uid
+The
+\fIsudoers_uid\fR
+argument can be used to override the default owner of the sudoers file.
+It should be specified as a numeric user ID.
+.TP 10n
+sudoers_gid=gid
+The
+\fIsudoers_gid\fR
+argument can be used to override the default group of the sudoers file.
+It must be specified as a numeric group ID (not a group name).
+.TP 10n
+sudoers_mode=mode
+The
+\fIsudoers_mode\fR
+argument can be used to override the default file mode for the sudoers file.
+It should be specified as an octal value.
+.PP
+For more information on configuring
+sudo.conf(@mansectform@),
+please refer to its manual.
 .SH "ENVIRONMENT"
 The following environment variables may be consulted depending on
 the value of the
@ -255,6 +314,9 @@ if
 is not set
 .SH "FILES"
 .TP 26n
+\fI@sysconfdir@/sudo.conf\fR
+Sudo front end configuration
+.TP 26n
 \fI@sysconfdir@/sudoers\fR
 List of who can run what
 .TP 26n
--- a/doc/visudo.mdoc.in
+++ b/doc/visudo.mdoc.in
@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd July 12, 2014
+.Dd November 11, 2014
 .Dt VISUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@ -225,6 +225,60 @@ ambiguity of the
 .Em sudoers
 format.
 .El
+.Ss Using sudo.conf with visudo
+.Nm visudo
+versions 1.8.4 and higher support a flexible debugging framework
+that is configured via
+.Li Debug
+lines in the
+.Xr sudo.conf @mansectform@
+file.
+Starting with
+.Nm sudo
+1.8.12,
+.Nm visudo
+will also parse the arguments to the
+.Em sudoers
+plugin to override the default
+.Em sudoers
+path name, UID, GID and file mode.
+These arguments, if present, should be listed after the path to the plugin
+(i.e.\& after
+.Pa sudoers.so ) .
+Multiple arguments may be specified, separated by white space.
+For example:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so sudoers_mode=0400
+.Ed
+.Pp
+The following arguments are supported:
+.Bl -tag -width 8n
+.It sudoers_file=pathname
+The
+.Em sudoers_file
+argument can be used to override the default path to the
+.Em sudoers
+file.
+.It sudoers_uid=uid
+The
+.Em sudoers_uid
+argument can be used to override the default owner of the sudoers file.
+It should be specified as a numeric user ID.
+.It sudoers_gid=gid
+The
+.Em sudoers_gid
+argument can be used to override the default group of the sudoers file.
+It must be specified as a numeric group ID (not a group name).
+.It sudoers_mode=mode
+The
+.Em sudoers_mode
+argument can be used to override the default file mode for the sudoers file.
+It should be specified as an octal value.
+.El
+.Pp
+For more information on configuring
+.Xr sudo.conf @mansectform@ ,
+please refer to its manual.
 .Sh ENVIRONMENT
 The following environment variables may be consulted depending on
 the value of the
@ -247,6 +301,8 @@ is not set
 .El
 .Sh FILES
 .Bl -tag -width 24n
+.It Pa @sysconfdir@/sudo.conf
+Sudo front end configuration
 .It Pa @sysconfdir@/sudoers
 List of who can run what
 .It Pa @sysconfdir@/sudoers.tmp