version 1.14, 2009/06/21 14:48:42 |
version 1.15, 2009/06/24 13:55:56 |
|
|
Agency (DARPA) and Air Force Research Laboratory, Air Force |
Agency (DARPA) and Air Force Research Laboratory, Air Force |
Materiel Command, USAF, under agreement number F39502-99-1-0512. |
Materiel Command, USAF, under agreement number F39502-99-1-0512. |
|
|
$Sudo: sudoers.pod,v 1.170 2009/06/15 21:19:47 millert Exp $ |
$Sudo: sudoers.pod,v 1.172 2009/06/23 18:29:02 millert Exp $ |
=pod |
=pod |
|
|
=head1 NAME |
=head1 NAME |
|
|
|
|
The default value is C<@passprompt@>. |
The default value is C<@passprompt@>. |
|
|
=item role |
|
|
|
The default SELinux role to use when constructing a new security |
|
context to run the command. The default role may be overridden on |
|
a per-command basis in I<sudoers> or via command line options. |
|
This option is only available whe B<sudo> is built with SELinux support. |
|
|
|
=item runas_default |
=item runas_default |
|
|
The default user to run commands as if the B<-u> option is not specified |
The default user to run commands as if the B<-u> option is not specified |
|
|
The owner of the timestamp directory and the timestamps stored therein. |
The owner of the timestamp directory and the timestamps stored therein. |
The default is C<root>. |
The default is C<root>. |
|
|
=item type |
|
|
|
The default SELinux type to use when constructing a new security |
|
context to run the command. The default type may be overridden on |
|
a per-command basis in I<sudoers> or via command line options. |
|
This option is only available whe B<sudo> is built with SELinux support. |
|
|
|
=back |
=back |
|
|
B<Strings that can be used in a boolean context>: |
B<Strings that can be used in a boolean context>: |
|
|
|
|
=item env_file |
=item env_file |
|
|
The I<env_file> options specifies the fully qualified path to a file |
The I<env_file> options specifies the fully qualified path to a |
containing variables to be set in the environment of the program |
file containing variables to be set in the environment of the program |
being run. Entries in this file should be of the form C<VARIABLE=value>. |
being run. Entries in this file should either be of the form |
Variables in this file are subject to other B<sudo> environment |
C<VARIABLE=value> or C<export VARIABLE=value>. The value may |
settings such as I<env_keep> and I<env_check>. |
optionally be surrounded by single or double quotes. Variables in |
|
this file are subject to other B<sudo> environment settings such |
|
as I<env_keep> and I<env_check>. |
|
|
=item exempt_group |
=item exempt_group |
|
|
|
|
|
|
=item env_delete |
=item env_delete |
|
|
Environment variables to be removed from the user's environment. |
Environment variables to be removed from the user's environment |
The argument may be a double-quoted, space-separated list or a |
when the I<env_reset> option is not in effect. The argument may |
single value without double-quotes. The list can be replaced, added |
be a double-quoted, space-separated list or a single value without |
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and |
double-quotes. The list can be replaced, added to, deleted from, |
C<!> operators respectively. The default list of environment |
or disabled by using the C<=>, C<+=>, C<-=>, and C<!> operators |
variables to remove is displayed when B<sudo> is run by root with the |
respectively. The default list of environment variables to remove |
I<-V> option. Note that many operating systems will remove potentially |
is displayed when B<sudo> is run by root with the I<-V> option. |
dangerous variables from the environment of any setuid process (such |
Note that many operating systems will remove potentially dangerous |
as B<sudo>). |
variables from the environment of any setuid process (such as |
|
B<sudo>). |
|
|
=item env_keep |
=item env_keep |
|
|