File: def_data.in

package info (click to toggle)
sudo 1.9.17p2-1exp1
links: PTS, VCS
area: main
in suites: experimental
size: 26,548 kB
sloc: ansic: 114,008; sh: 13,426; makefile: 9,797; yacc: 2,608; lex: 1,574; perl: 366; python: 362; sed: 265
file content (508 lines) | stat: -rw-r--r-- 13,093 bytes
parent folder | download | duplicates (2)
#
# Format:
#
# var_name
#	TYPE
#	description (or NULL)
#	array of struct def_values if TYPE == T_TUPLE
#
# NOTE: for tuples that can be used in a boolean context the first
#	value corresponds to boolean FALSE and the second to TRUE.
#

syslog
	T_LOGFAC|T_BOOL
	"Syslog facility if syslog is being used for logging: %s"
syslog_goodpri
	T_LOGPRI|T_BOOL
	"Syslog priority to use when user authenticates successfully: %s"
syslog_badpri
	T_LOGPRI|T_BOOL
	"Syslog priority to use when user authenticates unsuccessfully: %s"
long_otp_prompt
	T_FLAG
	"Put OTP prompt on its own line"
ignore_dot
	T_FLAG
	"Ignore '.' in $PATH"
mail_always
	T_FLAG
	"Always send mail when sudo is run"
mail_badpass
	T_FLAG
	"Send mail if user authentication fails"
mail_no_user
	T_FLAG
	"Send mail if the user is not in sudoers"
mail_no_host
	T_FLAG
	"Send mail if the user is not in sudoers for this host"
mail_no_perms
	T_FLAG
	"Send mail if the user is not allowed to run a command"
mail_all_cmnds
	T_FLAG
	"Send mail if the user tries to run a command"
tty_tickets
	T_FLAG
	"Use a separate timestamp for each user/tty combo"
lecture
	T_TUPLE|T_BOOL
	"Lecture user the first time they run sudo"
	never once always
lecture_file
	T_STR|T_PATH|T_BOOL
	"File containing the sudo lecture: %s"
authenticate
	T_FLAG
	"Require users to authenticate by default"
root_sudo
	T_FLAG
	"Root may run sudo"
log_host
	T_FLAG
	"Log the hostname in the (non-syslog) log file"
log_year
	T_FLAG
	"Log the year in the (non-syslog) log file"
shell_noargs
	T_FLAG
	"If sudo is invoked with no arguments, start a shell"
set_home
	T_FLAG
	"Set $HOME to the target user when starting a shell with -s"
always_set_home
	T_FLAG
	"Always set $HOME to the target user's home directory"
path_info
	T_FLAG
	"Allow some information gathering to give useful error messages"
fqdn
	T_FLAG
	"Require fully-qualified hostnames in the sudoers file"
insults
	T_FLAG
	"Insult the user when they enter an incorrect password"
requiretty
	T_FLAG
	"Only allow the user to run sudo if they have a tty"
env_editor
	T_FLAG
	"Visudo will honor the EDITOR environment variable"
rootpw
	T_FLAG
	"Prompt for root's password, not the user's"
runaspw
	T_FLAG
	"Prompt for the runas_default user's password, not the user's"
targetpw
	T_FLAG
	"Prompt for the target user's password, not the user's"
use_loginclass
	T_FLAG
	"Apply defaults in the target user's login class if there is one"
set_logname
	T_FLAG
	"Set the LOGNAME and USER environment variables"
stay_setuid
	T_FLAG
	"Only set the effective uid to the target user, not the real uid"
preserve_groups
	T_FLAG
	"Don't initialize the group vector to that of the target user"
loglinelen
	T_UINT|T_BOOL
	"Length at which to wrap log file lines (0 for no wrap): %u"
timestamp_timeout
	T_TIMESPEC|T_BOOL
	"Authentication timestamp timeout: %d.%d minutes"
passwd_timeout
	T_TIMESPEC|T_BOOL
	"Password prompt timeout: %d.%d minutes"
passwd_tries
	T_UINT
	"Number of tries to enter a password: %u"
umask
	T_MODE|T_BOOL
	"Umask to use or 0777 to use user's: 0%o"
logfile
	T_STR|T_BOOL|T_PATH
	"Path to log file: %s"
mailerpath
	T_STR|T_BOOL|T_PATH
	"Path to mail program: %s"
mailerflags
	T_STR|T_BOOL
	"Flags for mail program: %s"
mailto
	T_STR|T_BOOL
	"Address to send mail to: %s"
mailfrom
	T_STR|T_BOOL
	"Address to send mail from: %s"
mailsub
	T_STR
	"Subject line for mail messages: %s"
badpass_message
	T_STR
	"Incorrect password message: %s"
lecture_status_dir
	T_STR|T_PATH
	"Path to lecture status dir: %s"
timestampdir
	T_STR|T_PATH
	"Path to authentication timestamp dir: %s"
timestampowner
	T_STR
	"Owner of the authentication timestamp dir: %s"
exempt_group
	T_STR|T_BOOL
	"Users in this group are exempt from password and PATH requirements: %s"
passprompt
	T_STR
	"Default password prompt: %s"
passprompt_override
	T_FLAG
	"If set, passprompt will override system prompt in all cases."
runas_default
	T_STR
	"Default user to run commands as: %s"
secure_path
	T_STR|T_BOOL
	"Value to override user's $PATH with: %s"
editor
	T_STR|T_PATH
	"Path to the editor for use by visudo: %s"
listpw
	T_TUPLE|T_BOOL
	"When to require a password for 'list' pseudocommand: %s"
	never any all always
verifypw
	T_TUPLE|T_BOOL
	"When to require a password for 'verify' pseudocommand: %s"
	never all any always
noexec
	T_FLAG
	"Preload the sudo_noexec library which replaces the exec functions"
ignore_local_sudoers
	T_FLAG
	"If LDAP directory is up, do we ignore local sudoers file"
closefrom
	T_INT
	"File descriptors >= %d will be closed before executing a command"
closefrom_override
	T_FLAG
	"If set, users may override the value of "closefrom" with the -C option"
setenv
	T_FLAG
	"Allow users to set arbitrary environment variables"
env_reset
	T_FLAG
	"Reset the environment to a default set of variables"
env_check
	T_LIST|T_BOOL
	"Environment variables to check for safety:"
env_delete
	T_LIST|T_BOOL
	"Environment variables to remove:"
env_keep
	T_LIST|T_BOOL
	"Environment variables to preserve:"
role
	T_STR
	"SELinux role to use in the new security context: %s"
type
	T_STR
	"SELinux type to use in the new security context: %s"
env_file
	T_STR|T_PATH|T_BOOL
	"Path to the sudo-specific environment file: %s"
restricted_env_file
	T_STR|T_PATH|T_BOOL
	"Path to the restricted sudo-specific environment file: %s"
sudoers_locale
	T_STR
	"Locale to use while parsing sudoers: %s"
visiblepw
	T_FLAG
	"Allow sudo to prompt for a password even if it would be visible"
pwfeedback
	T_FLAG
	"Provide visual feedback at the password prompt when there is user input"
fast_glob
	T_FLAG
	"Use faster globbing that is less accurate but does not access the filesystem"
umask_override
	T_FLAG
	"The umask specified in sudoers will override the user's, even if it is more permissive"
log_input
	T_FLAG
	"Log user's input for the command being run"
log_stdin
	T_FLAG
	"Log the command's standard input if not connected to a terminal"
log_ttyin
	T_FLAG
	"Log the user's terminal input for the command being run"
log_output
	T_FLAG
	"Log the output of the command being run"
log_stdout
	T_FLAG
	"Log the command's standard output if not connected to a terminal"
log_stderr
	T_FLAG
	"Log the command's standard error if not connected to a terminal"
log_ttyout
	T_FLAG
	"Log the terminal output of the command being run"
compress_io
	T_FLAG
	"Compress I/O logs using zlib"
use_pty
	T_FLAG
	"Always run commands in a pseudo-tty"
group_plugin
	T_STR
	"Plugin for non-Unix group support: %s"
iolog_dir
	T_STR|T_PATH
	"Directory in which to store input/output logs: %s"
iolog_file
	T_STR
	"File in which to store the input/output log: %s"
set_utmp
	T_FLAG
	"Add an entry to the utmp/utmpx file when allocating a pty"
utmp_runas
	T_FLAG
	"Set the user in utmp to the runas user, not the invoking user"
privs
	T_STR
	"Set of permitted privileges: %s"
limitprivs
	T_STR
	"Set of limit privileges: %s"
exec_background
	T_FLAG
	"Run commands on a pty in the background"
pam_service
	T_STR
	"PAM service name to use: %s"
pam_login_service
	T_STR
	"PAM service name to use for login shells: %s"
pam_askpass_service
	T_STR
	"PAM service name to use when sudo is run with the -A option: %s"
pam_setcred
	T_FLAG
	"Attempt to establish PAM credentials for the target user"
pam_session
	T_FLAG
	"Create a new PAM session for the command to run in"
pam_acct_mgmt
	T_FLAG
	"Perform PAM account validation management"
pam_silent
	T_FLAG
	"Do not allow PAM authentication modules to generate output"
maxseq
	T_STR
	"Maximum I/O log sequence number: %s"
use_netgroups
	T_FLAG
	"Enable sudoers netgroup support"
sudoedit_checkdir
	T_FLAG
	"Check parent directories for writability when editing files with sudoedit"
sudoedit_follow
	T_FLAG
	"Follow symbolic links when editing files with sudoedit"
always_query_group_plugin
	T_FLAG
	"Query the group plugin for unknown system groups"
netgroup_tuple
	T_FLAG
	"Match netgroups based on the entire tuple: user, host and domain"
ignore_audit_errors
	T_FLAG
	"Allow commands to be run even if sudo cannot write to the audit log"
ignore_iolog_errors
	T_FLAG
	"Allow commands to be run even if sudo cannot write to the I/O log"
ignore_logfile_errors
	T_FLAG
	"Allow commands to be run even if sudo cannot write to the log file"
match_group_by_gid
	T_FLAG
	"Resolve groups in sudoers and match on the group ID, not the name"
syslog_maxlen
	T_UINT
	"Log entries larger than this value will be split into multiple syslog messages: %u"
iolog_user
	T_STR|T_BOOL
	"User that will own the I/O log files: %s"
iolog_group
	T_STR|T_BOOL
	"Group that will own the I/O log files: %s"
iolog_mode
	T_MODE
	"File mode to use for the I/O log files: 0%o"
fdexec
	T_TUPLE|T_BOOL
	"Execute commands by file descriptor instead of by path: %s"
	never digest_only always
ignore_unknown_defaults
	T_FLAG
	"Ignore unknown Defaults entries in sudoers instead of producing a warning"
command_timeout
	T_TIMEOUT|T_BOOL
	"Time in seconds after which the command will be terminated: %u"
user_command_timeouts
	T_FLAG
	"Allow the user to specify a timeout on the command line"
iolog_flush
	T_FLAG
	"Flush I/O log data to disk immediately instead of buffering it"
syslog_pid
	T_FLAG
	"Include the process ID when logging via syslog"
timestamp_type
	T_TUPLE
	"Type of authentication timestamp record: %s"
	global ppid tty kernel
authfail_message
	T_STR
	"Authentication failure message: %s"
case_insensitive_user
	T_FLAG
	"Ignore case when matching user names"
case_insensitive_group
	T_FLAG
	"Ignore case when matching group names"
log_allowed
	T_FLAG
	"Log when a command is allowed by sudoers"
log_denied
	T_FLAG
	"Log when a command is denied by sudoers"
log_servers
	T_LIST|T_BOOL
	"Sudo log server(s) to connect to with optional port"
log_server_timeout
	T_TIMEOUT|T_BOOL
	"Sudo log server timeout in seconds: %u"
log_server_keepalive
	T_FLAG
	"Enable SO_KEEPALIVE socket option on the socket connected to the logserver"
log_server_cabundle
	T_STR|T_BOOL|T_PATH
	"Path to the audit server's CA bundle file: %s"
log_server_peer_cert
	T_STR|T_BOOL|T_PATH
	"Path to the sudoers certificate file: %s"
log_server_peer_key
	T_STR|T_BOOL|T_PATH
	"Path to the sudoers private key file: %s"
log_server_verify
	T_FLAG
	"Verify that the log server's certificate is valid"
runas_allow_unknown_id
	T_FLAG
	"Allow the use of unknown runas user and/or group ID"
runas_check_shell
	T_FLAG
	"Only permit running commands as a user with a valid shell"
pam_ruser
	T_FLAG
	"Set the pam remote user to the user running sudo"
pam_rhost
	T_FLAG
	"Set the pam remote host to the local host name"
runcwd
	T_STR|T_BOOL|T_CHPATH
	"Working directory to change to before executing the command: %s"
runchroot
	T_STR|T_BOOL|T_CHPATH
	"Root directory to change to before executing the command: %s"
log_format
	T_TUPLE
	"The format of logs to produce: %s"
	sudo json json_compact json_pretty
selinux
	T_FLAG
	"Enable SELinux RBAC support"
admin_flag
	T_STR|T_BOOL|T_CHPATH
	"Path to the file that is created the first time sudo is run: %s"
intercept
	T_FLAG
	"Intercept further commands and apply sudoers restrictions to them"
log_subcmds
	T_FLAG
	"Log sub-commands run by the original command"
log_exit_status
	T_FLAG
	"Log the exit status of commands"
intercept_authenticate
	T_FLAG
	"Subsequent commands in an intercepted session must be authenticated"
intercept_allow_setid
	T_FLAG
	"Allow an intercepted command to run set setuid or setgid programs"
rlimit_as
	T_RLIMIT|T_BOOL
	"The maximum size to which the process's address space may grow (in bytes): %s"
rlimit_core
	T_RLIMIT|T_BOOL
	"The largest size core dump file that may be created (in bytes): %s"
rlimit_cpu
	T_RLIMIT|T_BOOL
	"The maximum amount of CPU time that the process may use (in seconds): %s"
rlimit_data
	T_RLIMIT|T_BOOL
	"The maximum size of the data segment for the process (in bytes): %s"
rlimit_fsize
	T_RLIMIT|T_BOOL
	"The largest size file that the process may create (in bytes): %s"
rlimit_locks
	T_RLIMIT|T_BOOL
	"The maximum number of locks that the process may establish: %s"
rlimit_memlock
	T_RLIMIT|T_BOOL
	"The maximum size that the process may lock in memory (in bytes): %s"
rlimit_nofile
	T_RLIMIT|T_BOOL
	"The maximum number of files that the process may have open: %s"
rlimit_nproc
	T_RLIMIT|T_BOOL
	"The maximum number of processes that the user may run simultaneously: %s"
rlimit_rss
	T_RLIMIT|T_BOOL
	"The maximum size to which the process's resident set size may grow (in bytes): %s"
rlimit_stack
	T_RLIMIT|T_BOOL
	"The maximum size to which the process's stack may grow (in bytes): %s"
noninteractive_auth
	T_FLAG
	"Attempt authentication even when in non-interactive mode"
log_passwords
	T_FLAG
	"Store plaintext passwords in I/O log input"
passprompt_regex
	T_LIST|T_SPACE|T_BOOL
	"List of regular expressions to use when matching a password prompt"
intercept_type
	T_TUPLE
	"The mechanism used by the intercept and log_subcmds options: %s"
	dso trace
intercept_verify
	T_FLAG
	"Attempt to verify the command and arguments after execution"
apparmor_profile
	T_STR
	"AppArmor profile to use in the new security context: %s"
cmddenial_message
	T_STR
	"Command denial message: %s"