mirror of https://github.com/sudo-project/sudo.git
73 lines
2.3 KiB
Plaintext
73 lines
2.3 KiB
Plaintext
#
|
|
# Sample /etc/sudo.conf file
|
|
#
|
|
# Format:
|
|
# Plugin plugin_name plugin_path plugin_options ...
|
|
# Path askpass /path/to/askpass
|
|
# Path noexec /path/to/sudo_noexec.so
|
|
# Debug sudo /var/log/sudo_debug all@warn
|
|
# Set disable_coredump true
|
|
#
|
|
# Sudo plugins:
|
|
#
|
|
# The plugin_path is relative to ${prefix}/libexec unless fully qualified.
|
|
# The plugin_name corresponds to a global symbol in the plugin
|
|
# that contains the plugin interface structure.
|
|
# The plugin_options are optional.
|
|
#
|
|
# The sudoers plugin is used by default if no Plugin lines are present.
|
|
Plugin sudoers_policy sudoers.so
|
|
Plugin sudoers_io sudoers.so
|
|
|
|
#
|
|
# Sudo askpass:
|
|
#
|
|
# An askpass helper program may be specified to provide a graphical
|
|
# password prompt for "sudo -A" support. Sudo does not ship with its
|
|
# own askpass program but can use the OpenSSH askpass.
|
|
#
|
|
# Use the OpenSSH askpass
|
|
#Path askpass /usr/X11R6/bin/ssh-askpass
|
|
#
|
|
# Use the Gnome OpenSSH askpass
|
|
#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
|
|
|
|
#
|
|
# Sudo noexec:
|
|
#
|
|
# Path to a shared library containing replacements for the execv(),
|
|
# execve() and fexecve() library functions that just return an error.
|
|
# This is used to implement the "noexec" functionality on systems that
|
|
# support LD_PRELOAD or its equivalent.
|
|
# The compiled-in value is usually sufficient and should only be changed
|
|
# if you rename or move the sudo_noexec.so file.
|
|
#
|
|
#Path noexec /usr/libexec/sudo_noexec.so
|
|
|
|
#
|
|
# Core dumps:
|
|
#
|
|
# By default, sudo disables core dumps while it is executing (they
|
|
# are re-enabled for the command that is run).
|
|
# To aid in debugging sudo problems, you may wish to enable core
|
|
# dumps by setting "disable_coredump" to false.
|
|
#
|
|
#Set disable_coredump false
|
|
|
|
#
|
|
# User groups:
|
|
#
|
|
# Sudo passes the user's group list to the policy plugin.
|
|
# If the user is a member of the maximum number of groups (usually 16),
|
|
# sudo will query the group database directly to be sure to include
|
|
# the full list of groups.
|
|
#
|
|
# On some systems, this can be expensive so the behavior is configurable.
|
|
# The "group_source" setting has three possible values:
|
|
# static - use the user's list of groups returned by the kernel.
|
|
# dynamic - query the group database to find the list of groups.
|
|
# adaptive - if user is in less than the maximum number of groups.
|
|
# use the kernel list, else query the group database.
|
|
#
|
|
#Set group_source static
|