mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Clarify how the variable prompt options interact with each other

Browse Source 
and PAM.
This commit is contained in:
Todd C. Miller 2017-07-21 11:18:13 -06:00
parent 879ba68879
commit d76d5eaebc
6 changed files with 74 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/sudo.cat
View File

@ -261,9 +261,11 @@ DDEESSCCRRIIPPTTIIOONN
%% two consecutive `%' characters are collapsed into a
single `%' character
The custom prompt will override the system password prompt on
systems that support PAM unless the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag
is disabled in _s_u_d_o_e_r_s.
The custom prompt will override the default prompt specified
by either the security policy or the SUDO_PROMPT environment
variable. On systems that use PAM, the custom prompt will
also override the prompt specified by a PAM module unless the
_p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
--rr _r_o_l_e, ----rroollee=_r_o_l_e
Run the command with an SELinux security context that
@ -629,4 +631,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details.
Sudo 1.8.21 July 20, 2017 Sudo 1.8.21
Sudo 1.8.21 July 21, 2017 Sudo 1.8.21

10
doc/sudo.man.in
View File

@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDO" "8" "July 20, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.TH "SUDO" "8" "July 21, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@ -518,8 +518,12 @@ characters are collapsed into a single
\(oq%\(cq
character
.PP
The custom prompt will override the system password prompt on systems that
support PAM unless the
The custom prompt will override the default prompt specified by either
the security policy or the
\fRSUDO_PROMPT\fR
environment variable.
On systems that use PAM, the custom prompt will also override the prompt
specified by a PAM module unless the
\fIpassprompt_override\fR
flag is disabled in
\fIsudoers\fR.

10
doc/sudo.mdoc.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd July 20, 2017
.Dd July 21, 2017
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@ -467,8 +467,12 @@ characters are collapsed into a single
character
.El
.Pp
The custom prompt will override the system password prompt on systems that
support PAM unless the
The custom prompt will override the default prompt specified by either
the security policy or the
.Ev SUDO_PROMPT
environment variable.
On systems that use PAM, the custom prompt will also override the prompt
specified by a PAM module unless the
.Em passprompt_override
flag is disabled in
.Em sudoers .

22
doc/sudoers.cat
View File

@ -1279,11 +1279,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
higher.
passprompt_override
The password prompt specified by _p_a_s_s_p_r_o_m_p_t will
normally only be used if the password prompt provided
by systems such as PAM matches the string "Password:".
If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always
be used. This flag is _o_f_f by default.
If set, the prompt specified by _p_a_s_s_p_r_o_m_p_t or the
SUDO_PROMPT environment variable will always be used
and will replace the prompt provided by a PAM module or
other authentication method. This flag is _o_f_f by
default.
path_info Normally, ssuuddoo will tell the user when a command could
not be found in their PATH environment variable. Some
@ -1778,7 +1778,15 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
%% two consecutive % characters are collapsed into a
single % character
The default value is "Password:".
On systems that use PAM for authentication, _p_a_s_s_p_r_o_m_p_t
will only be used if the prompt provided by the PAM
module matches the string "Password: " or "username's
Password: ". This ensures that the _p_a_s_s_p_r_o_m_p_t setting
does not interfere with challenge-response style
authentication. The _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag can be
used to change this behavior.
The default value is "Password: ".
privs The default Solaris privileges to use when constructing
a new privilege set for a command. This is passed to
@ -2823,4 +2831,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details.
Sudo 1.8.21 July 20, 2017 Sudo 1.8.21
Sudo 1.8.21 July 21, 2017 Sudo 1.8.21

29
doc/sudoers.man.in
View File

@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.TH "SUDOERS" "5" "July 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS" "5" "July 21, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@ -2677,16 +2677,12 @@ by default.
This setting is only supported by version 1.8.8 or higher.
.TP 18n
passprompt_override
The password prompt specified by
If set, the prompt specified by
\fIpassprompt\fR
will normally only be used if the password prompt provided by systems
such as PAM matches the string
\(LqPassword:\(Rq.
If
\fIpassprompt_override\fR
is set,
\fIpassprompt\fR
will always be used.
or the
\fRSUDO_PROMPT\fR
environment variable will always be used and will replace the
prompt provided by a PAM module or other authentication method.
This flag is
\fIoff\fR
by default.
@ -3575,6 +3571,19 @@ characters are collapsed into a single
\fR%\fR
character
.PP
On systems that use PAM for authentication,
\fIpassprompt\fR
will only be used if the prompt provided by the PAM module matches the string
\(LqPassword: \(Rq
or
\(Lqusername's Password: \(Rq.
This ensures that the
\fIpassprompt\fR
setting does not interfere with challenge-response style authentication.
The
\fIpassprompt_override\fR
flag can be used to change this behavior.
.sp
The default value is
\(Lq\fR@passprompt@\fR\(Rq.
.RE

31
doc/sudoers.mdoc.in
View File

@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd July 20, 2017
.Dd July 21, 2017
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@ -2514,16 +2514,12 @@ by default.
.Pp
This setting is only supported by version 1.8.8 or higher.
.It passprompt_override
The password prompt specified by
If set, the prompt specified by
.Em passprompt
will normally only be used if the password prompt provided by systems
such as PAM matches the string
.Dq Password: .
If
.Em passprompt_override
is set,
.Em passprompt
will always be used.
or the
.Ev SUDO_PROMPT
environment variable will always be used and will replace the
prompt provided by a PAM module or other authentication method.
This flag is
.Em off
by default.
@ -3348,8 +3344,21 @@ characters are collapsed into a single
character
.El
.Pp
On systems that use PAM for authentication,
.Em passprompt
will only be used if the prompt provided by the PAM module matches the string
.Dq "Password: "
or
.Dq "username's Password: " .
This ensures that the
.Em passprompt
setting does not interfere with challenge-response style authentication.
The
.Em passprompt_override
flag can be used to change this behavior.
.Pp
The default value is
.Dq Li @passprompt@ .
.Dq Li "@passprompt@" .
.It privs
The default Solaris privileges to use when constructing a new
privilege set for a command.