mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
196 lines
2.2 KiB
Plaintext
196 lines
2.2 KiB
Plaintext
# Sudoers policy keywords (all are keyword = value)
|
|
|
|
# Aliases
|
|
Cmnd_Alias
|
|
Cmd_Alias
|
|
Host_Alias
|
|
Runas_Alias
|
|
User_Alias
|
|
|
|
# Special keywords
|
|
ALL
|
|
(ALL:ALL)
|
|
sudoedit
|
|
|
|
# Date_Spec
|
|
20170214083000Z
|
|
2017021408Z
|
|
20160315220000-0500
|
|
20151201235900
|
|
|
|
# Timeout_Spec
|
|
7d8h30m10s
|
|
14d
|
|
8h30m
|
|
600s
|
|
3600
|
|
|
|
# Command digests
|
|
sha224:
|
|
sha256:
|
|
sha384:
|
|
sha512:
|
|
|
|
# Command tags
|
|
NOPASSWD
|
|
PASSWD
|
|
NOEXEC
|
|
EXEC
|
|
SETENV
|
|
NOSETENV
|
|
LOG_INPUT
|
|
NOLOG_INPUT
|
|
LOG_OUTPUT
|
|
NOLOG_OUTPUT
|
|
FOLLOWLNK
|
|
NOFOLLOWLNK
|
|
MAIL
|
|
NOMAIL
|
|
|
|
# Command options
|
|
CHROOT
|
|
CWD
|
|
CMND_TIMEOUT
|
|
NOTBEFORE
|
|
NOTAFTER
|
|
ROLE
|
|
TYPE
|
|
PRIVS
|
|
LIMITPRIVS
|
|
|
|
# Defaults settings
|
|
Defaults
|
|
syslog
|
|
syslog_goodpri
|
|
syslog_badpri
|
|
long_otp_prompt
|
|
ignore_dot
|
|
mail_always
|
|
mail_badpass
|
|
mail_no_user
|
|
mail_no_host
|
|
mail_no_perms
|
|
mail_all_cmnds
|
|
tty_tickets
|
|
lecture
|
|
lecture_file
|
|
authenticate
|
|
root_sudo
|
|
log_host
|
|
log_year
|
|
shell_noargs
|
|
set_home
|
|
always_set_home
|
|
path_info
|
|
fqdn
|
|
insults
|
|
requiretty
|
|
env_editor
|
|
rootpw
|
|
runaspw
|
|
targetpw
|
|
use_loginclass
|
|
set_logname
|
|
stay_setuid
|
|
preserve_groups
|
|
loglinelen
|
|
timestamp_timeout
|
|
passwd_timeout
|
|
passwd_tries
|
|
umask
|
|
logfile
|
|
mailerpath
|
|
mailerflags
|
|
mailto
|
|
mailfrom
|
|
mailsub
|
|
badpass_message
|
|
lecture_status_dir
|
|
timestampdir
|
|
timestampowner
|
|
exempt_group
|
|
passprompt
|
|
passprompt_override
|
|
runas_default
|
|
secure_path
|
|
editor
|
|
listpw
|
|
verifypw
|
|
noexec
|
|
ignore_local_sudoers
|
|
closefrom
|
|
closefrom_override
|
|
setenv
|
|
env_reset
|
|
env_check
|
|
env_delete
|
|
env_keep
|
|
role
|
|
type
|
|
env_file
|
|
restricted_env_file
|
|
sudoers_locale
|
|
visiblepw
|
|
pwfeedback
|
|
fast_glob
|
|
umask_override
|
|
log_input
|
|
log_output
|
|
compress_io
|
|
use_pty
|
|
group_plugin
|
|
iolog_dir
|
|
iolog_file
|
|
set_utmp
|
|
utmp_runas
|
|
privs
|
|
limitprivs
|
|
exec_background
|
|
pam_service
|
|
pam_login_service
|
|
pam_setcred
|
|
pam_session
|
|
pam_acct_mgmt
|
|
maxseq
|
|
use_netgroups
|
|
sudoedit_checkdir
|
|
sudoedit_follow
|
|
always_query_group_plugin
|
|
netgroup_tuple
|
|
ignore_audit_errors
|
|
ignore_iolog_errors
|
|
ignore_logfile_errors
|
|
match_group_by_gid
|
|
syslog_maxlen
|
|
iolog_user
|
|
iolog_group
|
|
iolog_mode
|
|
fdexec
|
|
ignore_unknown_defaults
|
|
command_timeout
|
|
user_command_timeouts
|
|
iolog_flush
|
|
syslog_pid
|
|
timestamp_type
|
|
authfail_message
|
|
case_insensitive_user
|
|
case_insensitive_group
|
|
log_allowed
|
|
log_denied
|
|
log_servers
|
|
log_server_timeout
|
|
log_server_keepalive
|
|
log_server_cabundle
|
|
log_server_peer_cert
|
|
log_server_peer_key
|
|
log_server_verify
|
|
runas_allow_unknown_id
|
|
runas_check_shell
|
|
pam_ruser
|
|
pam_rhost
|
|
runcwd
|
|
runchroot
|
|
log_format
|
|
selinux
|
|
admin_flag
|