mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Clarify how the variable prompt options interact with each other

Browse Source 
and PAM.
This commit is contained in:
Todd C. Miller 2017-07-21 11:18:13 -06:00
parent 879ba68879
commit d76d5eaebc
6 changed files with 74 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/sudo.cat
View File

@ -261,9 +261,11 @@ DDEESSCCRRIIPPTTIIOONN
%% two consecutive `%' characters are collapsed into a %% two consecutive `%' characters are collapsed into a
single `%' character single `%' character
The custom prompt will override the system password prompt on The custom prompt will override the default prompt specified
systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag by either the security policy or the SUDO_PROMPT environment
is disabled in _s_u_d_o_e_r_s. variable. On systems that use PAM, the custom prompt will
also override the prompt specified by a PAM module unless the
_p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
--rr _r_o_l_e, ----rroollee=_r_o_l_e --rr _r_o_l_e, ----rroollee=_r_o_l_e
Run the command with an SELinux security context that Run the command with an SELinux security context that
@ -629,4 +631,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.21 July 20, 2017 Sudo 1.8.21 Sudo 1.8.21 July 21, 2017 Sudo 1.8.21

10
doc/sudo.man.in
View File

@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDO" "8" "July 20, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "SUDO" "8" "July 21, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -518,8 +518,12 @@ characters are collapsed into a single
\(oq%\(cq \(oq%\(cq
character character
.PP .PP
The custom prompt will override the system password prompt on systems that The custom prompt will override the default prompt specified by either
support PAM unless the the security policy or the
\fRSUDO_PROMPT\fR
environment variable.
On systems that use PAM, the custom prompt will also override the prompt
specified by a PAM module unless the
\fIpassprompt_override\fR \fIpassprompt_override\fR
flag is disabled in flag is disabled in
\fIsudoers\fR. \fIsudoers\fR.

10
doc/sudo.mdoc.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd July 20, 2017 .Dd July 21, 2017
.Dt SUDO @mansectsu@ .Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -467,8 +467,12 @@ characters are collapsed into a single
character character
.El .El
.Pp .Pp
The custom prompt will override the system password prompt on systems that The custom prompt will override the default prompt specified by either
support PAM unless the the security policy or the
.Ev SUDO_PROMPT
environment variable.
On systems that use PAM, the custom prompt will also override the prompt
specified by a PAM module unless the
.Em passprompt_override .Em passprompt_override
flag is disabled in flag is disabled in
.Em sudoers . .Em sudoers .

22
doc/sudoers.cat
View File

@ -1279,11 +1279,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
higher. higher.
passprompt_override passprompt_override
The password prompt specified by _p_a_s_s_p_r_o_m_p_t will If set, the prompt specified by _p_a_s_s_p_r_o_m_p_t or the
normally only be used if the password prompt provided SUDO_PROMPT environment variable will always be used
by systems such as PAM matches the string "Password:". and will replace the prompt provided by a PAM module or
If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always other authentication method. This flag is _o_f_f by
be used. This flag is _o_f_f by default. default.
path_info Normally, ssuuddoo will tell the user when a command could path_info Normally, ssuuddoo will tell the user when a command could
not be found in their PATH environment variable. Some not be found in their PATH environment variable. Some
@ -1778,7 +1778,15 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
%% two consecutive % characters are collapsed into a %% two consecutive % characters are collapsed into a
single % character single % character
The default value is "Password:". On systems that use PAM for authentication, _p_a_s_s_p_r_o_m_p_t
will only be used if the prompt provided by the PAM
module matches the string "Password: " or "username's
Password: ". This ensures that the _p_a_s_s_p_r_o_m_p_t setting
does not interfere with challenge-response style
authentication. The _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag can be
used to change this behavior.
The default value is "Password: ".
privs The default Solaris privileges to use when constructing privs The default Solaris privileges to use when constructing
a new privilege set for a command. This is passed to a new privilege set for a command. This is passed to
@ -2823,4 +2831,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.21 July 20, 2017 Sudo 1.8.21 Sudo 1.8.21 July 21, 2017 Sudo 1.8.21

29
doc/sudoers.man.in
View File

@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "5" "July 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "5" "July 21, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -2677,16 +2677,12 @@ by default.
This setting is only supported by version 1.8.8 or higher. This setting is only supported by version 1.8.8 or higher.
.TP 18n .TP 18n
passprompt_override passprompt_override
The password prompt specified by If set, the prompt specified by
\fIpassprompt\fR \fIpassprompt\fR
will normally only be used if the password prompt provided by systems or the
such as PAM matches the string \fRSUDO_PROMPT\fR
\(LqPassword:\(Rq. environment variable will always be used and will replace the
If prompt provided by a PAM module or other authentication method.
\fIpassprompt_override\fR
is set,
\fIpassprompt\fR
will always be used.
This flag is This flag is
\fIoff\fR \fIoff\fR
by default. by default.
@ -3575,6 +3571,19 @@ characters are collapsed into a single
\fR%\fR \fR%\fR
character character
.PP .PP
On systems that use PAM for authentication,
\fIpassprompt\fR
will only be used if the prompt provided by the PAM module matches the string
\(LqPassword: \(Rq
or
\(Lqusername's Password: \(Rq.
This ensures that the
\fIpassprompt\fR
setting does not interfere with challenge-response style authentication.
The
\fIpassprompt_override\fR
flag can be used to change this behavior.
.sp
The default value is The default value is
\(Lq\fR@passprompt@\fR\(Rq. \(Lq\fR@passprompt@\fR\(Rq.
.RE .RE

31
doc/sudoers.mdoc.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd July 20, 2017 .Dd July 21, 2017
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -2514,16 +2514,12 @@ by default.
.Pp .Pp
This setting is only supported by version 1.8.8 or higher. This setting is only supported by version 1.8.8 or higher.
.It passprompt_override .It passprompt_override
The password prompt specified by If set, the prompt specified by
.Em passprompt .Em passprompt
will normally only be used if the password prompt provided by systems or the
such as PAM matches the string .Ev SUDO_PROMPT
.Dq Password: . environment variable will always be used and will replace the
If prompt provided by a PAM module or other authentication method.
.Em passprompt_override
is set,
.Em passprompt
will always be used.
This flag is This flag is
.Em off .Em off
by default. by default.
@ -3348,8 +3344,21 @@ characters are collapsed into a single
character character
.El .El
.Pp .Pp
On systems that use PAM for authentication,
.Em passprompt
will only be used if the prompt provided by the PAM module matches the string
.Dq "Password: "
or
.Dq "username's Password: " .
This ensures that the
.Em passprompt
setting does not interfere with challenge-response style authentication.
The
.Em passprompt_override
flag can be used to change this behavior.
.Pp
The default value is The default value is
.Dq Li @passprompt@ . .Dq Li "@passprompt@" .
.It privs .It privs
The default Solaris privileges to use when constructing a new The default Solaris privileges to use when constructing a new
privilege set for a command. privilege set for a command.