1 What's new in Sudo 1.7.4?
3 * Sudoedit will now preserve the file extension in the name of the
4 temporary file being edited. The extension is used by some
5 editors (such as emacs) to choose the editing mode.
7 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
8 /var/lib/sudo or /var/adm/sudo. The directories are checked for
9 existence in that order. This prevents users from receiving the
10 sudo lecture every time the system reboots. Time stamp files older
11 than the boot time are ignored on systems where it is possible to
14 * The tty_tickets sudoers option is now enabled by default.
16 * Ancillary documentation (README files, LICENSE, etc) is now installed
17 in a sudo documentation directory.
19 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
22 * Defaults settings that are tied to a user, host or command may
23 now include the negation operator. For example:
24 Defaults:!millert lecture
25 will match any user but millert.
27 * The default PATH environment variable, used when no PATH variable
28 exists, now includes /usr/sbin and /sbin.
30 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
31 for cross-platform packing.
33 * On Linux, sudo will now restore the nproc resource limit before
34 executing a command, unless the limit appears to have been modified
35 by pam_limits. This avoids a problem with bash scripts that open
36 more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
37 will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
39 * The HOME and MAIL environment variables are now reset based on the
40 target user's password database entry when the env_reset sudoers option
41 is enabled (which is the case in the default configuration). Users
42 wishing to preserve the original values should use a sudoers entry like:
43 Defaults env_keep += HOME
44 to preserve the old value of HOME and
45 Defaults env_keep += MAIL
46 to preserve the old value of MAIL.
48 * Fixed a problem in the restoration of the AIX authdb registry setting.
50 * Sudo will now fork(2) and wait until the command has completed before
51 calling pam_close_session().
53 * The default syslog facility is now "authpriv" if the operating system
54 supports it, else "auth".
56 What's new in Sudo 1.7.3?
58 * Support for logging I/O for the command being run.
59 For more information, see the documentation for the "log_input"
60 and "log_output" Defaults options in the sudoers manual. Also
61 see the sudoreplay manual for how to replay I/O log sessions.
63 * The use_pty sudoers option can be used to force a command to be
64 run in a pseudo-pty, even when I/O logging is not enabled.
66 * On some systems, sudo can now detect when a user has logged out
67 and back in again when tty-based time stamps are in use. Supported
68 systems include Solaris systems with the devices file system,
69 Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
72 * On AIX systems, the registry setting in /etc/security/user is
73 now taken into account when looking up users and groups. Sudo
74 now applies the correct the user and group ids when running a
75 command as a user whose account details come from a different
76 source (e.g. LDAP or DCE vs. local files).
78 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
79 When multiple entries are listed, sudo will try each one in the
80 order in which they are specified.
82 * Sudo's SELinux support should now function correctly when running
83 commands as a non-root user and when one of stdin, stdout or stderr
86 * Sudo will now use the Linux audit system with configure with
87 the --with-linux-audit flag.
89 * Sudo now uses mbr_check_membership() on systems that support it
90 to determine group membership. Currently, only Darwin (Mac OS X)
93 * When the tty_tickets sudoers option is enabled but there is no
94 terminal device, sudo will no longer use or create a tty-based
95 ticket file. Previously, sudo would use a tty name of "unknown".
96 As a consequence, if a user has no terminal device, sudo will
97 now always prompt for a password.
99 * The passwd_timeout and timestamp_timeout options may now be
100 specified as floating point numbers for more granular timeout
103 * Negating the fqdn option in sudoers now works correctly when sudo
104 is configured with the --with-fqdn option. In previous versions
105 of sudo the fqdn was set before sudoers was parsed.
107 What's new in Sudo 1.7.2?
109 * A new #includedir directive is available in sudoers. This can be
110 used to implement an /etc/sudo.d directory. Files in an includedir
111 are not edited by visudo unless they contain a syntax error.
113 * The -g option did not work properly when only setting the group
114 (and not the user). Also, in -l mode the wrong user was displayed
115 for sudoers entries where only the group was allowed to be set.
117 * Fixed a problem with the alias checking in visudo which
118 could prevent visudo from exiting.
120 * Sudo will now correctly parse the shell-style /etc/environment
121 file format used by pam_env on Linux.
123 * When doing password and group database lookups, sudo will only
124 cache an entry by name or by id, depending on how the entry was
125 looked up. Previously, sudo would cache by both name and id
126 from a single lookup, but this breaks sites that have multiple
127 password or group database names that map to the same uid or
130 * User and group names in sudoers may now be enclosed in double
131 quotes to avoid having to escape special characters.
133 * BSM audit fixes when changing to a non-root uid.
135 * Experimental non-Unix group support. Currently only works with
136 Quest Authorization Services and allows Active Directory groups
139 * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
140 paths may be specified as a directory or a file. However, version
141 5.0 of the SDK only appears to support using a directory (despite
142 documentation to the contrary). If SSL client initialization
143 fails and the certificate or key paths look like they could be
144 default file name, strip off the last path element and try again.
146 * A setenv() compatibility fix for Linux systems, where a NULL
147 value is treated the same as an empty string and the variable
148 name is checked against the NULL pointer.
150 What's new in Sudo 1.7.1?
152 * A new Defaults option "pwfeedback" will cause sudo to provide visual
153 feedback when the user is entering a password.
155 * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
156 function for file name globbing instead of glob(). When this option
157 is enabled, sudo will not check the file system when expanding wildcards.
158 This is faster but a side effect is that relative paths with wildcard
161 * New BSM audit support for systems that support it such as FreeBSD
164 * The file name specified with the #include directive may now include
165 a %h escape which is expanded to the short form of hostname.
167 * The -k flag may now be specified along with a command, causing the
168 user's timestamp file to be ignored.
170 * New support for Tivoli-based LDAP START_TLS, present in AIX.
172 * New support for /etc/netsvc.conf on AIX.
174 * The unused alias checks in visudo now handle the case of an alias
175 referring to another alias.
177 What's new in Sudo 1.7.0?
179 * Rewritten parser that converts sudoers into a set of data structures.
180 This eliminates a number of ordering issues and makes it possible to
181 apply sudoers Defaults entries before searching for the command.
182 It also adds support for per-command Defaults specifications.
184 * Sudoers now supports a #include facility to allow the inclusion of other
185 sudoers-format files.
187 * Sudo's -l (list) flag has been enhanced:
188 o applicable Defaults options are now listed
189 o a command argument can be specified for testing whether a user
190 may run a specific command.
191 o a new -U flag can be used in conjunction with "sudo -l" to allow
192 root (or a user with "sudo ALL") list another user's privileges.
194 * A new -g flag has been added to allow the user to specify a
195 primary group to run the command as. The sudoers syntax has been
196 extended to include a group section in the Runas specification.
198 * A uid may now be used anywhere a username is valid.
200 * The "secure_path" run-time Defaults option has been restored.
202 * Password and group data is now cached for fast lookups.
204 * The file descriptor at which sudo starts closing all open files is now
205 configurable via sudoers and, optionally, the command line.
207 * Visudo will now warn about aliases that are defined but not used.
209 * The -i and -s command line flags now take an optional command
210 to be run via the shell. Previously, the argument was passed
211 to the shell as a script to run.
213 * Improved LDAP support. SASL authentication may now be used in
214 conjunction when connecting to an LDAP server. The krb5_ccname
215 parameter in ldap.conf may be used to enable Kerberos.
217 * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
218 to specify the sudoers order. E.g.:
220 to check LDAP, then /etc/sudoers. The default is "files", even
221 when LDAP support is compiled in. This differs from sudo 1.6
222 where LDAP was always consulted first.
224 * Support for /etc/environment on AIX and Linux. If sudo is run
225 with the -i flag, the contents of /etc/environment are used to
226 populate the new environment that is passed to the command being
229 * If no terminal is available or if the new -A flag is specified,
230 sudo will use a helper program to read the password if one is
231 configured. Typically, this is a graphical password prompter
234 * A new Defaults option, "mailfrom" that sets the value of the
235 "From:" field in the warning/error mail. If unspecified, the
236 login name of the invoking user is used.
238 * A new Defaults option, "env_file" that refers to a file containing
239 environment variables to be set in the command being run.
241 * A new flag, -n, may be used to indicate that sudo should not
242 prompt the user for a password and, instead, exit with an error
243 if authentication is required.
245 * If sudo needs to prompt for a password and it is unable to disable
246 echo (and no askpass program is defined), it will refuse to run
247 unless the "visiblepw" Defaults option has been specified.
249 * Prior to version 1.7.0, hitting enter/return at the Password: prompt
250 would exit sudo. In sudo 1.7.0 and beyond, this is treated as
251 an empty password. To exit sudo, the user must press ^C or ^D
254 * visudo will now check the sudoers file owner and mode in -c (check)
255 mode when the -s (strict) flag is specified.
257 * A new Defaults option "umask_override" will cause sudo to set the
258 umask specified in sudoers even if it is more permissive than the
259 invoking user's umask.