1static struct def_values def_data_lecture[] = { 2 { "never", never }, 3 { "once", once }, 4 { "always", always }, 5 { NULL, 0 }, 6}; 7 8static struct def_values def_data_listpw[] = { 9 { "never", never }, 10 { "any", any }, 11 { "all", all }, 12 { "always", always }, 13 { NULL, 0 }, 14}; 15 16static struct def_values def_data_verifypw[] = { 17 { "never", never }, 18 { "all", all }, 19 { "any", any }, 20 { "always", always }, 21 { NULL, 0 }, 22}; 23 24struct sudo_defs_types sudo_defs_table[] = { 25 { 26 "syslog", T_LOGFAC|T_BOOL, 27 "Syslog facility if syslog is being used for logging: %s", 28 NULL, 29 }, { 30 "syslog_goodpri", T_LOGPRI, 31 "Syslog priority to use when user authenticates successfully: %s", 32 NULL, 33 }, { 34 "syslog_badpri", T_LOGPRI, 35 "Syslog priority to use when user authenticates unsuccessfully: %s", 36 NULL, 37 }, { 38 "long_otp_prompt", T_FLAG, 39 "Put OTP prompt on its own line", 40 NULL, 41 }, { 42 "ignore_dot", T_FLAG, 43 "Ignore '.' in $PATH", 44 NULL, 45 }, { 46 "mail_always", T_FLAG, 47 "Always send mail when sudo is run", 48 NULL, 49 }, { 50 "mail_badpass", T_FLAG, 51 "Send mail if user authentication fails", 52 NULL, 53 }, { 54 "mail_no_user", T_FLAG, 55 "Send mail if the user is not in sudoers", 56 NULL, 57 }, { 58 "mail_no_host", T_FLAG, 59 "Send mail if the user is not in sudoers for this host", 60 NULL, 61 }, { 62 "mail_no_perms", T_FLAG, 63 "Send mail if the user is not allowed to run a command", 64 NULL, 65 }, { 66 "tty_tickets", T_FLAG, 67 "Use a separate timestamp for each user/tty combo", 68 NULL, 69 }, { 70 "lecture", T_TUPLE|T_BOOL, 71 "Lecture user the first time they run sudo", 72 def_data_lecture, 73 }, { 74 "lecture_file", T_STR|T_PATH|T_BOOL, 75 "File containing the sudo lecture: %s", 76 NULL, 77 }, { 78 "authenticate", T_FLAG, 79 "Require users to authenticate by default", 80 NULL, 81 }, { 82 "root_sudo", T_FLAG, 83 "Root may run sudo", 84 NULL, 85 }, { 86 "log_host", T_FLAG, 87 "Log the hostname in the (non-syslog) log file", 88 NULL, 89 }, { 90 "log_year", T_FLAG, 91 "Log the year in the (non-syslog) log file", 92 NULL, 93 }, { 94 "shell_noargs", T_FLAG, 95 "If sudo is invoked with no arguments, start a shell", 96 NULL, 97 }, { 98 "set_home", T_FLAG, 99 "Set $HOME to the target user when starting a shell with -s", 100 NULL, 101 }, { 102 "always_set_home", T_FLAG, 103 "Always set $HOME to the target user's home directory", 104 NULL, 105 }, { 106 "path_info", T_FLAG, 107 "Allow some information gathering to give useful error messages", 108 NULL, 109 }, { 110 "fqdn", T_FLAG, 111 "Require fully-qualified hostnames in the sudoers file", 112 NULL, 113 }, { 114 "insults", T_FLAG, 115 "Insult the user when they enter an incorrect password", 116 NULL, 117 }, { 118 "requiretty", T_FLAG, 119 "Only allow the user to run sudo if they have a tty", 120 NULL, 121 }, { 122 "env_editor", T_FLAG, 123 "Visudo will honor the EDITOR environment variable", 124 NULL, 125 }, { 126 "rootpw", T_FLAG, 127 "Prompt for root's password, not the users's", 128 NULL, 129 }, { 130 "runaspw", T_FLAG, 131 "Prompt for the runas_default user's password, not the users's", 132 NULL, 133 }, { 134 "targetpw", T_FLAG, 135 "Prompt for the target user's password, not the users's", 136 NULL, 137 }, { 138 "use_loginclass", T_FLAG, 139 "Apply defaults in the target user's login class if there is one", 140 NULL, 141 }, { 142 "set_logname", T_FLAG, 143 "Set the LOGNAME and USER environment variables", 144 NULL, 145 }, { 146 "stay_setuid", T_FLAG, 147 "Only set the effective uid to the target user, not the real uid", 148 NULL, 149 }, { 150 "preserve_groups", T_FLAG, 151 "Don't initialize the group vector to that of the target user", 152 NULL, 153 }, { 154 "loglinelen", T_UINT|T_BOOL, 155 "Length at which to wrap log file lines (0 for no wrap): %d", 156 NULL, 157 }, { 158 "timestamp_timeout", T_FLOAT|T_BOOL, 159 "Authentication timestamp timeout: %.1f minutes", 160 NULL, 161 }, { 162 "passwd_timeout", T_FLOAT|T_BOOL, 163 "Password prompt timeout: %.1f minutes", 164 NULL, 165 }, { 166 "passwd_tries", T_UINT, 167 "Number of tries to enter a password: %d", 168 NULL, 169 }, { 170 "umask", T_MODE|T_BOOL, 171 "Umask to use or 0777 to use user's: 0%o", 172 NULL, 173 }, { 174 "logfile", T_STR|T_BOOL|T_PATH, 175 "Path to log file: %s", 176 NULL, 177 }, { 178 "mailerpath", T_STR|T_BOOL|T_PATH, 179 "Path to mail program: %s", 180 NULL, 181 }, { 182 "mailerflags", T_STR|T_BOOL, 183 "Flags for mail program: %s", 184 NULL, 185 }, { 186 "mailto", T_STR|T_BOOL, 187 "Address to send mail to: %s", 188 NULL, 189 }, { 190 "mailfrom", T_STR|T_BOOL, 191 "Address to send mail from: %s", 192 NULL, 193 }, { 194 "mailsub", T_STR, 195 "Subject line for mail messages: %s", 196 NULL, 197 }, { 198 "badpass_message", T_STR, 199 "Incorrect password message: %s", 200 NULL, 201 }, { 202 "timestampdir", T_STR|T_PATH, 203 "Path to authentication timestamp dir: %s", 204 NULL, 205 }, { 206 "timestampowner", T_STR, 207 "Owner of the authentication timestamp dir: %s", 208 NULL, 209 }, { 210 "exempt_group", T_STR|T_BOOL, 211 "Users in this group are exempt from password and PATH requirements: %s", 212 NULL, 213 }, { 214 "passprompt", T_STR, 215 "Default password prompt: %s", 216 NULL, 217 }, { 218 "passprompt_override", T_FLAG, 219 "If set, passprompt will override system prompt in all cases.", 220 NULL, 221 }, { 222 "runas_default", T_STR, 223 "Default user to run commands as: %s", 224 NULL, 225 }, { 226 "secure_path", T_STR|T_BOOL, 227 "Value to override user's $PATH with: %s", 228 NULL, 229 }, { 230 "editor", T_STR|T_PATH, 231 "Path to the editor for use by visudo: %s", 232 NULL, 233 }, { 234 "listpw", T_TUPLE|T_BOOL, 235 "When to require a password for 'list' pseudocommand: %s", 236 def_data_listpw, 237 }, { 238 "verifypw", T_TUPLE|T_BOOL, 239 "When to require a password for 'verify' pseudocommand: %s", 240 def_data_verifypw, 241 }, { 242 "noexec", T_FLAG, 243 "Preload the dummy exec functions contained in 'noexec_file'", 244 NULL, 245 }, { 246 "noexec_file", T_STR|T_PATH, 247 "File containing dummy exec functions: %s", 248 NULL, 249 }, { 250 "ignore_local_sudoers", T_FLAG, 251 "If LDAP directory is up, do we ignore local sudoers file", 252 NULL, 253 }, { 254 "closefrom", T_INT, 255 "File descriptors >= %d will be closed before executing a command", 256 NULL, 257 }, { 258 "closefrom_override", T_FLAG, 259 "If set, users may override the value of `closefrom' with the -C option", 260 NULL, 261 }, { 262 "setenv", T_FLAG, 263 "Allow users to set arbitrary environment variables", 264 NULL, 265 }, { 266 "env_reset", T_FLAG, 267 "Reset the environment to a default set of variables", 268 NULL, 269 }, { 270 "env_check", T_LIST|T_BOOL, 271 "Environment variables to check for sanity:", 272 NULL, 273 }, { 274 "env_delete", T_LIST|T_BOOL, 275 "Environment variables to remove:", 276 NULL, 277 }, { 278 "env_keep", T_LIST|T_BOOL, 279 "Environment variables to preserve:", 280 NULL, 281 }, { 282 "role", T_STR, 283 "SELinux role to use in the new security context: %s", 284 NULL, 285 }, { 286 "type", T_STR, 287 "SELinux type to use in the new security context: %s", 288 NULL, 289 }, { 290 "askpass", T_STR|T_PATH|T_BOOL, 291 "Path to the askpass helper program: %s", 292 NULL, 293 }, { 294 "env_file", T_STR|T_PATH|T_BOOL, 295 "Path to the sudo-specific environment file: %s", 296 NULL, 297 }, { 298 "sudoers_locale", T_STR, 299 "Locale to use while parsing sudoers: %s", 300 NULL, 301 }, { 302 "visiblepw", T_FLAG, 303 "Allow sudo to prompt for a password even if it would be visible", 304 NULL, 305 }, { 306 "pwfeedback", T_FLAG, 307 "Provide visual feedback at the password prompt when there is user input", 308 NULL, 309 }, { 310 "fast_glob", T_FLAG, 311 "Use faster globbing that is less accurate but does not access the filesystem", 312 NULL, 313 }, { 314 "umask_override", T_FLAG, 315 "The umask specified in sudoers will override the user's, even if it is more permissive", 316 NULL, 317 }, { 318 "log_input", T_FLAG, 319 "Log user's input for the command being run", 320 NULL, 321 }, { 322 "log_output", T_FLAG, 323 "Log the output of the command being run", 324 NULL, 325 }, { 326 "compress_io", T_FLAG, 327 "Compress I/O logs using zlib", 328 NULL, 329 }, { 330 "use_pty", T_FLAG, 331 "Always run commands in a pseudo-tty", 332 NULL, 333 }, { 334 "iolog_dir", T_STR|T_PATH, 335 "Directory in which to store input/output logs: %s", 336 NULL, 337 }, { 338 NULL, 0, NULL 339 } 340}; 341