mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 13:58:05 +00:00
Code Issues Releases Wiki Activity

Document sudo.conf usage now that visudo will parse the sudoers arguments.

Browse Source
This commit is contained in:
Todd C. Miller
2014-11-11 13:55:40 -07:00
parent 5c13889f26
commit bc7cbcb556
3 changed files with 158 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/visudo.cat
View File

@@ -83,6 +83,41 @@ DDEESSCCRRIIPPTTIIOONN
The various values have explicit types which removes much of The various values have explicit types which removes much of
the ambiguity of the _s_u_d_o_e_r_s format. the ambiguity of the _s_u_d_o_e_r_s format.
UUssiinngg ssuuddoo..ccoonnff wwiitthh vviissuuddoo
vviissuuddoo versions 1.8.4 and higher support a flexible debugging framework
that is configured via Debug lines in the sudo.conf(4) file. Starting
with ssuuddoo 1.8.12, vviissuuddoo will also parse the arguments to the _s_u_d_o_e_r_s
plugin to override the default _s_u_d_o_e_r_s path name, UID, GID and file mode.
These arguments, if present, should be listed after the path to the
plugin (i.e. after _s_u_d_o_e_r_s_._s_o). Multiple arguments may be specified,
separated by white space. For example:
Plugin sudoers_policy sudoers.so sudoers_mode=0400
The following plugin arguments are supported:
sudoers_file=pathname
The _s_u_d_o_e_r_s___f_i_l_e argument can be used to override the default
path to the _s_u_d_o_e_r_s file.
sudoers_uid=uid
The _s_u_d_o_e_r_s___u_i_d argument can be used to override the default
owner of the sudoers file. It should be specified as a numeric
user ID.
sudoers_gid=gid
The _s_u_d_o_e_r_s___g_i_d argument can be used to override the default
group of the sudoers file. It must be specified as a numeric
group ID (not a group name).
sudoers_mode=mode
The _s_u_d_o_e_r_s___m_o_d_e argument can be used to override the default
file mode for the sudoers file. It should be specified as an
octal value.
For more information on configuring sudo.conf(4), please refer to its
manual.
EENNVVIIRROONNMMEENNTT EENNVVIIRROONNMMEENNTT
The following environment variables may be consulted depending on the The following environment variables may be consulted depending on the
value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings: value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings:
@@ -92,6 +127,8 @@ EENNVVIIRROONNMMEENNTT
EDITOR Used by vviissuuddoo if VISUAL is not set EDITOR Used by vviissuuddoo if VISUAL is not set
FFIILLEESS FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f Sudo front end configuration
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
_/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo
@@ -161,4 +198,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details. complete details.
Sudo 1.8.11 July 12, 2014 Sudo 1.8.11 Sudo 1.8.12 November 11, 2014 Sudo 1.8.12

64
doc/visudo.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "VISUDO" "@mansectsu@" "July 12, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "VISUDO" "8" "November 11, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -233,6 +233,65 @@ The various values have explicit types which removes much of the
ambiguity of the ambiguity of the
\fIsudoers\fR \fIsudoers\fR
format. format.
.SS "Using sudo.conf with visudo"
\fBvisudo\fR
versions 1.8.4 and higher support a flexible debugging framework
that is configured via
\fRDebug\fR
lines in the
sudo.conf(@mansectform@)
file.
Starting with
\fBsudo\fR
1.8.12,
\fBvisudo\fR
will also parse the arguments to the
\fIsudoers\fR
plugin to override the default
\fIsudoers\fR
path name, UID, GID and file mode.
These arguments, if present, should be listed after the path to the plugin
(i.e.\& after
\fIsudoers.so\fR).
Multiple arguments may be specified, separated by white space.
For example:
.nf
.sp
.RS 6n
Plugin sudoers_policy sudoers.so sudoers_mode=0400
.RE
.fi
.PP
The following plugin arguments are supported:
.TP 10n
sudoers_file=pathname
The
\fIsudoers_file\fR
argument can be used to override the default path to the
\fIsudoers\fR
file.
.TP 10n
sudoers_uid=uid
The
\fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID.
.TP 10n
sudoers_gid=gid
The
\fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name).
.TP 10n
sudoers_mode=mode
The
\fIsudoers_mode\fR
argument can be used to override the default file mode for the sudoers file.
It should be specified as an octal value.
.PP
For more information on configuring
sudo.conf(@mansectform@),
please refer to its manual.
.SH "ENVIRONMENT" .SH "ENVIRONMENT"
The following environment variables may be consulted depending on The following environment variables may be consulted depending on
the value of the the value of the
@@ -255,6 +314,9 @@ if
is not set is not set
.SH "FILES" .SH "FILES"
.TP 26n .TP 26n
\fI@sysconfdir@/sudo.conf\fR
Sudo front end configuration
.TP 26n
\fI@sysconfdir@/sudoers\fR \fI@sysconfdir@/sudoers\fR
List of who can run what List of who can run what
.TP 26n .TP 26n

58
doc/visudo.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd July 12, 2014 .Dd November 11, 2014
.Dt VISUDO @mansectsu@ .Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -225,6 +225,60 @@ ambiguity of the
.Em sudoers .Em sudoers
format. format.
.El .El
.Ss Using sudo.conf with visudo
.Nm visudo
versions 1.8.4 and higher support a flexible debugging framework
that is configured via
.Li Debug
lines in the
.Xr sudo.conf @mansectform@
file.
Starting with
.Nm sudo
1.8.12,
.Nm visudo
will also parse the arguments to the
.Em sudoers
plugin to override the default
.Em sudoers
path name, UID, GID and file mode.
These arguments, if present, should be listed after the path to the plugin
(i.e.\& after
.Pa sudoers.so ) .
Multiple arguments may be specified, separated by white space.
For example:
.Bd -literal -offset indent
Plugin sudoers_policy sudoers.so sudoers_mode=0400
.Ed
.Pp
The following arguments are supported:
.Bl -tag -width 8n
.It sudoers_file=pathname
The
.Em sudoers_file
argument can be used to override the default path to the
.Em sudoers
file.
.It sudoers_uid=uid
The
.Em sudoers_uid
argument can be used to override the default owner of the sudoers file.
It should be specified as a numeric user ID.
.It sudoers_gid=gid
The
.Em sudoers_gid
argument can be used to override the default group of the sudoers file.
It must be specified as a numeric group ID (not a group name).
.It sudoers_mode=mode
The
.Em sudoers_mode
argument can be used to override the default file mode for the sudoers file.
It should be specified as an octal value.
.El
.Pp
For more information on configuring
.Xr sudo.conf @mansectform@ ,
please refer to its manual.
.Sh ENVIRONMENT .Sh ENVIRONMENT
The following environment variables may be consulted depending on The following environment variables may be consulted depending on
the value of the the value of the
@@ -247,6 +301,8 @@ is not set
.El .El
.Sh FILES .Sh FILES
.Bl -tag -width 24n .Bl -tag -width 24n
.It Pa @sysconfdir@/sudo.conf
Sudo front end configuration
.It Pa @sysconfdir@/sudoers .It Pa @sysconfdir@/sudoers
List of who can run what List of who can run what
.It Pa @sysconfdir@/sudoers.tmp .It Pa @sysconfdir@/sudoers.tmp