Annotation of src/usr.bin/sudo/def_data.c, Revision 1.9
1.2 millert 1: static struct def_values def_data_lecture[] = {
2: { "never", never },
3: { "once", once },
4: { "always", always },
5: { NULL, 0 },
6: };
7:
8: static struct def_values def_data_listpw[] = {
9: { "never", never },
10: { "any", any },
11: { "all", all },
12: { "always", always },
13: { NULL, 0 },
14: };
15:
16: static struct def_values def_data_verifypw[] = {
17: { "never", never },
1.3 millert 18: { "all", all },
1.2 millert 19: { "any", any },
20: { "always", always },
21: { NULL, 0 },
22: };
23:
1.1 millert 24: struct sudo_defs_types sudo_defs_table[] = {
25: {
26: "syslog", T_LOGFAC|T_BOOL,
1.2 millert 27: "Syslog facility if syslog is being used for logging: %s",
28: NULL,
1.1 millert 29: }, {
30: "syslog_goodpri", T_LOGPRI,
1.2 millert 31: "Syslog priority to use when user authenticates successfully: %s",
32: NULL,
1.1 millert 33: }, {
34: "syslog_badpri", T_LOGPRI,
1.2 millert 35: "Syslog priority to use when user authenticates unsuccessfully: %s",
36: NULL,
1.1 millert 37: }, {
38: "long_otp_prompt", T_FLAG,
1.2 millert 39: "Put OTP prompt on its own line",
40: NULL,
1.1 millert 41: }, {
42: "ignore_dot", T_FLAG,
1.2 millert 43: "Ignore '.' in $PATH",
44: NULL,
1.1 millert 45: }, {
46: "mail_always", T_FLAG,
1.2 millert 47: "Always send mail when sudo is run",
48: NULL,
1.1 millert 49: }, {
50: "mail_badpass", T_FLAG,
1.2 millert 51: "Send mail if user authentication fails",
52: NULL,
1.1 millert 53: }, {
54: "mail_no_user", T_FLAG,
1.2 millert 55: "Send mail if the user is not in sudoers",
56: NULL,
1.1 millert 57: }, {
58: "mail_no_host", T_FLAG,
1.2 millert 59: "Send mail if the user is not in sudoers for this host",
60: NULL,
1.1 millert 61: }, {
62: "mail_no_perms", T_FLAG,
1.2 millert 63: "Send mail if the user is not allowed to run a command",
64: NULL,
1.1 millert 65: }, {
66: "tty_tickets", T_FLAG,
1.2 millert 67: "Use a separate timestamp for each user/tty combo",
68: NULL,
1.1 millert 69: }, {
1.2 millert 70: "lecture", T_TUPLE|T_BOOL,
71: "Lecture user the first time they run sudo",
72: def_data_lecture,
73: }, {
74: "lecture_file", T_STR|T_PATH|T_BOOL,
75: "File containing the sudo lecture: %s",
76: NULL,
1.1 millert 77: }, {
78: "authenticate", T_FLAG,
1.2 millert 79: "Require users to authenticate by default",
80: NULL,
1.1 millert 81: }, {
82: "root_sudo", T_FLAG,
1.2 millert 83: "Root may run sudo",
84: NULL,
1.1 millert 85: }, {
86: "log_host", T_FLAG,
1.2 millert 87: "Log the hostname in the (non-syslog) log file",
88: NULL,
1.1 millert 89: }, {
90: "log_year", T_FLAG,
1.2 millert 91: "Log the year in the (non-syslog) log file",
92: NULL,
1.1 millert 93: }, {
94: "shell_noargs", T_FLAG,
1.2 millert 95: "If sudo is invoked with no arguments, start a shell",
96: NULL,
1.1 millert 97: }, {
98: "set_home", T_FLAG,
1.2 millert 99: "Set $HOME to the target user when starting a shell with -s",
100: NULL,
1.1 millert 101: }, {
102: "always_set_home", T_FLAG,
1.2 millert 103: "Always set $HOME to the target user's home directory",
104: NULL,
1.1 millert 105: }, {
106: "path_info", T_FLAG,
1.2 millert 107: "Allow some information gathering to give useful error messages",
108: NULL,
1.1 millert 109: }, {
110: "fqdn", T_FLAG,
1.2 millert 111: "Require fully-qualified hostnames in the sudoers file",
112: NULL,
1.1 millert 113: }, {
114: "insults", T_FLAG,
1.2 millert 115: "Insult the user when they enter an incorrect password",
116: NULL,
1.1 millert 117: }, {
118: "requiretty", T_FLAG,
1.2 millert 119: "Only allow the user to run sudo if they have a tty",
120: NULL,
1.1 millert 121: }, {
122: "env_editor", T_FLAG,
1.2 millert 123: "Visudo will honor the EDITOR environment variable",
124: NULL,
1.1 millert 125: }, {
126: "rootpw", T_FLAG,
1.2 millert 127: "Prompt for root's password, not the users's",
128: NULL,
1.1 millert 129: }, {
130: "runaspw", T_FLAG,
1.2 millert 131: "Prompt for the runas_default user's password, not the users's",
132: NULL,
1.1 millert 133: }, {
134: "targetpw", T_FLAG,
1.2 millert 135: "Prompt for the target user's password, not the users's",
136: NULL,
1.1 millert 137: }, {
138: "use_loginclass", T_FLAG,
1.2 millert 139: "Apply defaults in the target user's login class if there is one",
140: NULL,
1.1 millert 141: }, {
142: "set_logname", T_FLAG,
1.2 millert 143: "Set the LOGNAME and USER environment variables",
144: NULL,
1.1 millert 145: }, {
146: "stay_setuid", T_FLAG,
1.2 millert 147: "Only set the effective uid to the target user, not the real uid",
148: NULL,
1.1 millert 149: }, {
150: "preserve_groups", T_FLAG,
1.2 millert 151: "Don't initialize the group vector to that of the target user",
152: NULL,
1.1 millert 153: }, {
154: "loglinelen", T_UINT|T_BOOL,
1.2 millert 155: "Length at which to wrap log file lines (0 for no wrap): %d",
156: NULL,
1.1 millert 157: }, {
158: "timestamp_timeout", T_INT|T_BOOL,
1.2 millert 159: "Authentication timestamp timeout: %d minutes",
160: NULL,
1.1 millert 161: }, {
162: "passwd_timeout", T_UINT|T_BOOL,
1.2 millert 163: "Password prompt timeout: %d minutes",
164: NULL,
1.1 millert 165: }, {
166: "passwd_tries", T_UINT,
1.2 millert 167: "Number of tries to enter a password: %d",
168: NULL,
1.1 millert 169: }, {
170: "umask", T_MODE|T_BOOL,
1.2 millert 171: "Umask to use or 0777 to use user's: 0%o",
172: NULL,
1.1 millert 173: }, {
174: "logfile", T_STR|T_BOOL|T_PATH,
1.2 millert 175: "Path to log file: %s",
176: NULL,
1.1 millert 177: }, {
178: "mailerpath", T_STR|T_BOOL|T_PATH,
1.2 millert 179: "Path to mail program: %s",
180: NULL,
1.1 millert 181: }, {
182: "mailerflags", T_STR|T_BOOL,
1.2 millert 183: "Flags for mail program: %s",
184: NULL,
1.1 millert 185: }, {
186: "mailto", T_STR|T_BOOL,
1.2 millert 187: "Address to send mail to: %s",
188: NULL,
1.1 millert 189: }, {
1.8 millert 190: "mailfrom", T_STR|T_BOOL,
191: "Address to send mail from: %s",
192: NULL,
193: }, {
1.1 millert 194: "mailsub", T_STR,
1.2 millert 195: "Subject line for mail messages: %s",
196: NULL,
1.1 millert 197: }, {
198: "badpass_message", T_STR,
1.2 millert 199: "Incorrect password message: %s",
200: NULL,
1.1 millert 201: }, {
202: "timestampdir", T_STR|T_PATH,
1.2 millert 203: "Path to authentication timestamp dir: %s",
204: NULL,
1.1 millert 205: }, {
206: "timestampowner", T_STR,
1.2 millert 207: "Owner of the authentication timestamp dir: %s",
208: NULL,
1.1 millert 209: }, {
210: "exempt_group", T_STR|T_BOOL,
1.2 millert 211: "Users in this group are exempt from password and PATH requirements: %s",
212: NULL,
1.1 millert 213: }, {
214: "passprompt", T_STR,
1.2 millert 215: "Default password prompt: %s",
216: NULL,
1.1 millert 217: }, {
1.6 millert 218: "passprompt_override", T_FLAG,
219: "If set, passprompt will override system prompt in all cases.",
220: NULL,
221: }, {
1.1 millert 222: "runas_default", T_STR,
1.2 millert 223: "Default user to run commands as: %s",
224: NULL,
1.8 millert 225: }, {
226: "secure_path", T_STR|T_BOOL,
227: "Value to override user's $PATH with: %s",
228: NULL,
1.1 millert 229: }, {
230: "editor", T_STR|T_PATH,
1.2 millert 231: "Path to the editor for use by visudo: %s",
232: NULL,
233: }, {
234: "listpw", T_TUPLE|T_BOOL,
235: "When to require a password for 'list' pseudocommand: %s",
236: def_data_listpw,
237: }, {
238: "verifypw", T_TUPLE|T_BOOL,
239: "When to require a password for 'verify' pseudocommand: %s",
240: def_data_verifypw,
241: }, {
242: "noexec", T_FLAG,
243: "Preload the dummy exec functions contained in 'noexec_file'",
244: NULL,
245: }, {
246: "noexec_file", T_STR|T_PATH,
247: "File containing dummy exec functions: %s",
248: NULL,
1.1 millert 249: }, {
1.5 millert 250: "ignore_local_sudoers", T_FLAG,
251: "If LDAP directory is up, do we ignore local sudoers file",
252: NULL,
253: }, {
1.8 millert 254: "closefrom", T_INT,
255: "File descriptors >= %d will be closed before executing a command",
256: NULL,
257: }, {
258: "closefrom_override", T_FLAG,
259: "If set, users may override the value of `closefrom' with the -C option",
260: NULL,
261: }, {
1.5 millert 262: "setenv", T_FLAG,
263: "Allow users to set arbitrary environment variables",
264: NULL,
265: }, {
266: "env_reset", T_FLAG,
267: "Reset the environment to a default set of variables",
268: NULL,
269: }, {
1.1 millert 270: "env_check", T_LIST|T_BOOL,
1.2 millert 271: "Environment variables to check for sanity:",
272: NULL,
1.1 millert 273: }, {
274: "env_delete", T_LIST|T_BOOL,
1.2 millert 275: "Environment variables to remove:",
276: NULL,
1.1 millert 277: }, {
278: "env_keep", T_LIST|T_BOOL,
1.2 millert 279: "Environment variables to preserve:",
1.4 millert 280: NULL,
281: }, {
1.7 millert 282: "role", T_STR,
283: "SELinux role to use in the new security context: %s",
284: NULL,
285: }, {
286: "type", T_STR,
287: "SELinux type to use in the new security context: %s",
1.8 millert 288: NULL,
289: }, {
290: "askpass", T_STR|T_PATH|T_BOOL,
291: "Path to the askpass helper program: %s",
292: NULL,
293: }, {
294: "env_file", T_STR|T_PATH|T_BOOL,
295: "Path to the sudo-specific environment file: %s",
296: NULL,
297: }, {
298: "sudoers_locale", T_STR,
299: "Locale to use while parsing sudoers: %s",
300: NULL,
301: }, {
302: "visiblepw", T_FLAG,
303: "Allow sudo to prompt for a password even if it would be visisble",
1.7 millert 304: NULL,
305: }, {
1.9 ! millert 306: "pwfeedback", T_FLAG,
! 307: "Provide visual feedback at the password prompt when there is user input",
! 308: NULL,
! 309: }, {
! 310: "fast_glob", T_FLAG,
! 311: "Use faster globbing that is less accurate but does not access the filesystem",
! 312: NULL,
! 313: }, {
! 314: "umask_override", T_FLAG,
! 315: "The umask specified in sudoers will override the user's, even if it is more permissive",
! 316: NULL,
! 317: }, {
1.1 millert 318: NULL, 0, NULL
319: }
320: };
![[BACK]](/icons/back.gif){kind=icon}
Return to def_data.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo