Update "!use_pty" example to only disable it for non-root users.

Also add a commented out entry for "exec_background" which can also be used to prevent sudo from consuming tty input. Related to GitHub issue #338
2025-08-29 13:28:10 +00:00 · 2024-01-08 14:16:29 -07:00 · 2024-01-08 14:16:29 -07:00 · ff3dbe60b1
commit ff3dbe60b1
parent 00452471b1
1 changed files with 10 additions and 3 deletions
--- a/plugins/sudoers/sudoers.in
+++ b/plugins/sudoers/sudoers.in
@ -68,9 +68,16 @@
 ## Uncomment to use a hard-coded PATH instead of the user's to find commands
 # Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 ##
-## Uncomment to restore the historic behavior where a command is run in
-## the user's own terminal.
-# Defaults !use_pty
+## Uncomment to disable "use_pty" when running commands as root.
+## Commands run as non-root users will run in a pseudo-terminal,
+## not the user's own terminal, to prevent command injection.
+# Defaults>root !use_pty
+##
+## Uncomment to run commands in the background by default.
+## This can be used to prevent sudo from consuming user input while
+## a non-interactive command runs if "use_pty" or I/O logging are
+## enabled.  Some commands may not run properly in the background.
+# Defaults exec_background
 ##
 ## Uncomment to send mail if the user does not enter the correct password.
 # Defaults mail_badpass