1 What's new in Sudo 1.8.4p4?
3 * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
6 What's new in Sudo 1.8.4p3?
8 * Fixed a crash on FreeBSD when no tty is present.
10 * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
11 specify environment variables to set on the command line without
12 having sudo "ALL" permissions or the "SETENV" tag.
14 * When visudo is run with the -c (check) option, the sudoers
15 file(s) owner and mode are now also checked unless the -f option
18 What's new in Sudo 1.8.4p2?
20 * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
21 was allocated for group IDs in the LDAP filter.
23 * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
24 was "/sudo.conf" instead of "/etc/sudo.conf".
26 * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
27 when I/O logging is enabled and input is from a pipe or file.
29 What's new in Sudo 1.8.4p1?
31 * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
32 deleting from the env_keep, env_check and env_delete lists in
33 sudoers on some platforms.
35 What's new in Sudo 1.8.4?
37 * The -D flag in sudo has been replaced with a more general debugging
38 framework that is configured in sudo.conf.
40 * Fixed a false positive in visudo strict mode when aliases are
43 * Fixed a crash with "sudo -i" when a runas group was specified
46 * The line on which a syntax error is reported in the sudoers file
47 is now more accurate. Previously it was often off by a line.
49 * Fixed a bug where stack garbage could be printed at the end of
50 the lecture when the "lecture_file" option was enabled.
52 * "make install" now honors the LINGUAS environment variable.
54 * The #include and #includedir directives in sudoers now support
55 relative paths. If the path is not fully qualified it is expected
56 to be located in the same directory of the sudoers file that is
59 * Serbian and Spanish translations for sudo from translationproject.org.
61 * LDAP-based sudoers may now access by group ID in addition to
64 * visudo will now fix the mode on the sudoers file even if no changes
65 are made unless the -f option is specified.
67 * The "use_loginclass" sudoers option works properly again.
69 * On systems that use login.conf, "sudo -i" now sets environment
70 variables based on login.conf.
72 * For LDAP-based sudoers, values in the search expression are now
73 escaped as per RFC 4515.
75 * The plugin close function is now properly called when a login
76 session is killed (as opposed to the actual command being killed).
77 This can happen when an ssh session is disconnected or the
78 terminal window is closed.
80 * The deprecated "noexec_file" sudoers option is no longer supported.
82 * Fixed a race condition when I/O logging is not enabled that could
83 result in tty-generated signals (e.g. control-C) being received
86 * If none of the standard input, output or error are connected to
87 a tty device, sudo will now check its parent's standard input,
88 output or error for the tty name on systems with /proc and BSD
89 systems that support the KERN_PROC_PID sysctl. This allows
90 tty-based tickets to work properly even when, e.g. standard
91 input, output and error are redirected to /dev/null.
93 * Added the --enable-kerb5-instance configure option to allow
94 people using Kerberos V authentication to specify a custom
95 instance so the principal name can be, e.g. "username/sudo"
96 similar to how ksu uses "username/root".
98 * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
99 the results, which would be incorrectly be interpreted as if the
100 sudoers file had specified a directory.
102 * "visudo -c" will now list any include files that were checked
103 in addition to the main sudoers file when everything parses OK.
105 * Users that only have read-only access to the sudoers file may
106 now run "visudo -c". Previously, write permissions were required
107 even though no writing is down in check-only mode.
109 * It is now possible to prevent the disabling of core dumps from
110 within sudo itself by adding a line to the sudo.conf file like
111 "Set disable_coredump false".
113 What's new in Sudo 1.8.3p2?
115 * Fixed a format string vulnerability when the sudo binary (or a
116 symbolic link to the sudo binary) contains printf format escapes
117 and the -D (debugging) flag is used.
119 What's new in Sudo 1.8.3p1?
121 * Fixed a crash in the monitor process on Solaris when NOPASSWD
122 was specified or when authentication was disabled.
124 * Fixed matching of a Runas_Alias in the group section of a
127 What's new in Sudo 1.8.3?
129 * Fixed expansion of strftime() escape sequences in the "log_dir"
132 * Esperanto, Italian and Japanese translations from translationproject.org.
134 * Sudo will now use PAM by default on AIX 6 and higher.
136 * Added --enable-werror configure option for gcc's -Werror flag.
138 * Visudo no longer assumes all editors support the +linenumber
139 command line argument. It now uses a whitelist of editors known
140 to support the option.
142 * Fixed matching of network addresses when a netmask is specified
143 but the address is not the first one in the CIDR block.
145 * The configure script now check whether or not errno.h declares
146 the errno variable. Previously, sudo would always declare errno
147 itself for older systems that don't declare it in errno.h.
149 * The NOPASSWD tag is now honored for denied commands too, which
150 matches historic sudo behavior (prior to sudo 1.7.0).
152 * Sudo now honors the "DEREF" setting in ldap.conf which controls
153 how alias dereferencing is done during an LDAP search.
155 * A symbol conflict with the pam_ssh_agent_auth PAM module that
156 would cause a crash been resolved.
158 * The inability to load a group provider plugin is no longer
161 * A potential crash in the utmp handling code has been fixed.
163 * Two PAM session issues have been resolved. In previous versions
164 of sudo, the PAM session was opened as one user and closed as
165 another. Additionally, if no authentication was performed, the
166 PAM session would never be closed.
168 * Sudo will now work correctly with LDAP-based sudoers using TLS
169 or SSL on Debian systems.
171 * The LOGNAME, USER and USERNAME environment variables are preserved
172 correctly again in sudoedit mode.
174 What's new in Sudo 1.8.2?
176 * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
177 language support (NLS). This can be disabled by passing configure
178 the --disable-nls option. Sudo will use gettext(), if available,
179 to display translated messages. All translations are coordinated
180 via The Translation Project, http://translationproject.org/.
182 * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
183 RTLD_LOCAL. This fixes missing symbol problems in PAM modules
184 on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
186 * I/O logging is now supported for commands run in background mode
187 (using sudo's -b flag).
189 * Group ownership of the sudoers file is now only enforced when
190 the file mode on sudoers allows group readability or writability.
192 * Visudo now checks the contents of an alias and warns about cycles
193 when the alias is expanded.
195 * If the user specifies a group via sudo's -g option that matches
196 the target user's group in the password database, it is now
197 allowed even if no groups are present in the Runas_Spec.
199 * The sudo Makefiles now have more complete dependencies which are
200 automatically generated instead of being maintained manually.
202 * The "use_pty" sudoers option is now correctly passed back to the
203 sudo front end. This was missing in previous versions of sudo
204 1.8 which prevented "use_pty" from being honored.
206 * "sudo -i command" now works correctly with the bash version
207 2.0 and higher. Previously, the .bash_profile would not be
208 sourced prior to running the command unless bash was built with
209 NON_INTERACTIVE_LOGIN_SHELLS defined.
211 * When matching groups in the sudoers file, sudo will now match
212 based on the name of the group instead of the group ID. This can
213 substantially reduce the number of group lookups for sudoers
214 files that contain a large number of groups.
216 * Multi-factor authentication is now supported on AIX.
218 * Added support for non-RFC 4517 compliant LDAP servers that require
219 that seconds be present in a timestamp, such as Tivoli Directory Server.
221 * If the group vector is to be preserved, the PATH search for the
222 command is now done with the user's original group vector.
224 * For LDAP-based sudoers, the "runas_default" sudoOption now works
225 properly in a sudoRole that contains a sudoCommand.
227 * Spaces in command line arguments for "sudo -s" and "sudo -i" are
228 now escaped with a backslash when checking the security policy.
230 What's new in Sudo 1.8.1p2?
232 * Two-character CIDR-style IPv4 netmasks are now matched correctly
235 * A build error with MIT Kerberos V has been resolved.
237 * A crash on HP-UX in the sudoers plugin when wildcards are
238 present in the sudoers file has been resolved.
240 * Sudo now works correctly on Tru64 Unix again.
242 What's new in Sudo 1.8.1p1?
244 * Fixed a problem on AIX where sudo was unable to set the final
245 uid if the PAM module modified the effective uid.
247 * A non-existent includedir is now treated the same as an empty
248 directory and not reported as an error.
250 * Removed extraneous parens in LDAP filter when sudoers_search_filter
251 is enabled that can cause an LDAP search error.
253 * Fixed a "make -j" problem for "make install".
255 What's new in Sudo 1.8.1?
257 * A new LDAP setting, sudoers_search_filter, has been added to
258 ldap.conf. This setting can be used to restrict the set of
259 records returned by the LDAP query. Based on changes from Matthew
262 * White space is now permitted within a User_List when used in
263 conjunction with a per-user Defaults definition.
265 * A group ID (%#gid) may now be specified in a User_List or Runas_List.
266 Likewise, for non-Unix groups the syntax is %:#gid.
268 * Support for double-quoted words in the sudoers file has been fixed.
269 The change in 1.7.5 for escaping the double quote character
270 caused the double quoting to only be available at the beginning
273 * The fix for resuming a suspended shell in 1.7.5 caused problems
274 with resuming non-shells on Linux. Sudo will now save the process
275 group ID of the program it is running on suspend and restore it
276 when resuming, which fixes both problems.
278 * A bug that could result in corrupted output in "sudo -l" has been
281 * Sudo will now create an entry in the utmp (or utmpx) file when
282 allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp"
283 and "utmp_runas" sudoers file options can be used to control this.
284 Other policy plugins may use the "set_utmp" and "utmp_user"
285 entries in the command_info list.
287 * The sudoers policy now stores the TSID field in the logs
288 even when the "iolog_file" sudoers option is defined to a value
289 other than %{sessid}. Previously, the TSID field was only
290 included in the log file when the "iolog_file" option was set
291 to its default value.
293 * The sudoreplay utility now supports arbitrary session IDs.
294 Previously, it would only work with the base-36 session IDs
295 that the sudoers plugin uses by default.
297 * Sudo now passes "run_shell=true" to the policy plugin in the
298 settings list when sudo's -s command line option is specified.
299 The sudoers policy plugin uses this to implement the "set_home"
300 sudoers option which was missing from sudo 1.8.0.
302 * The "noexec" functionality has been moved out of the sudoers
303 policy plugin and into the sudo front-end, which matches the
304 behavior documented in the plugin writer's guide. As a result,
305 the path to the noexec file is now specified in the sudo.conf
306 file instead of the sudoers file.
308 * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
309 implement the "noexec" feature. Previously, this was implemented
310 via the LD_PRELOAD environment variable.
312 * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
313 have been fixed in the sudoers policy plugin.
315 * The sudoers policy plugin now passes the login class, if any,
316 back to the sudo front-end.
318 * The sudoers policy plugin was not being linked with requisite
319 libraries in certain configurations.
321 * Sudo now parses command line arguments before loading any plugins.
322 This allows "sudo -V" or "sudo -h" to work even if there is a problem
325 * Plugins are now linked with the static version of libgcc to allow
326 the plugin to run on a system where no shared libgcc is installed,
327 or where it is installed in a different location.
329 What's new in Sudo 1.8.0?
331 * Sudo has been refactored to use a modular framework that can
332 support third-party policy and I/O logging plugins. The default
333 plugin is "sudoers" which provides the traditional sudo functionality.
334 See the sudo_plugin manual for details on the plugin API and the
335 sample in the plugins directory for a simple example.
337 What's new in Sudo 1.7.5?
339 * When using visudo in check mode, a file named "-" may be used to
340 check sudoers data on the standard input.
342 * Sudo now only fetches shadow password entries when using the
343 password database directly for authentication.
345 * Password and group entries are now cached using the same key
346 that was used to look them up. This fixes a problem when looking
347 up entries by name if the name in the retrieved entry does not
348 match the name used to look it up. This may happen on some systems
349 that do case insensitive lookups or that truncate long names.
351 * GCC will no longer display warnings on glibc systems that use
352 the warn_unused_result attribute for write(2) and other system calls.
354 * If a PAM account management module denies access, sudo now prints
355 a more useful error message and stops trying to validate the user.
357 * Fixed a potential hang on idle systems when the sudo-run process
360 * Sudo now includes a copy of zlib that will be used on systems
361 that do not have zlib installed.
363 * The --with-umask-override configure flag has been added to enable
364 the "umask_override" sudoers Defaults option at build time.
366 * Sudo now unblocks all signals on startup to avoid problems caused
367 by the parent process changing the default signal mask.
369 * LDAP Sudoers entries may now specify a time period for which
370 the entry is valid. This requires an updated sudoers schema
371 that includes the sudoNotBefore and sudoNotAfter attributes.
372 Support for timed entries must be explicitly enabled in the
373 ldap.conf file. Based on changes from Andreas Mueller.
375 * LDAP Sudoers entries may now specify a sudoOrder attribute that
376 determines the order in which matching entries are applied. The
377 last matching entry is used, just like file-based sudoers. This
378 requires an updated sudoers schema that includes the sudoOrder
379 attribute. Based on changes from Andreas Mueller.
381 * When run as sudoedit, or when given the -e flag, sudo now treats
382 command line arguments as pathnames. This means that slashes
383 in the sudoers file entry must explicitly match slashes in
384 the command line arguments. As a result, and entry such as:
385 user ALL = sudoedit /etc/*
386 will allow editing of /etc/motd but not /etc/security/default.
388 * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
389 compatibility with OpenLDAP configuration files.
391 * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
393 * The I/O log directory may now be specified in the sudoers file.
395 * Sudo will no longer refuse to run if the sudoers file is writable
398 * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
399 after validating the command so the sudoers entries do not need
400 to include the backslashes.
402 * Logging and email sending are now done in the locale specified
403 by the "sudoers_locale" setting ("C" by default). Email send by
404 sudo now includes MIME headers when "sudoers_locale" is not "C".
406 * The configure script has a new option, --disable-env-reset, to
407 allow one to change the default for the sudoers Default setting
408 "env_reset" at compile time.
410 * When logging "sudo -l command", sudo will now prepend "list "
411 to the command in the log line to distinguish between an
412 actual command invocation in the logs.
414 * Double-quoted group and user names may now include escaped double
415 quotes as part of the name. Previously this was a parse error.
417 * Sudo once again restores the state of the signal handlers it
418 modifies before executing the command. This allows sudo to be
419 used with the nohup command.
421 * Resuming a suspended shell now works properly when I/O logging
422 is not enabled (the I/O logging case was already correct).
424 What's new in Sudo 1.7.4p6?
426 * A bug has been fixed in the I/O logging support that could cause
427 visual artifacts in full-screen programs such as text editors.
429 What's new in Sudo 1.7.4p5?
431 * A bug has been fixed that would allow a command to be run without the
432 user entering a password when sudo's -g flag is used without the -u flag.
434 * If user has no supplementary groups, sudo will now fall back on checking
435 the group file explicitly, which restores historic sudo behavior.
437 * A crash has been fixed when sudo's -g flag is used without the -u flag
438 and the sudoers file contains an entry with no runas user or group listed.
440 * A crash has been fixed when the Solaris project support is enabled
441 and sudo's -g flag is used without the -u flag.
443 * Sudo no longer exits with an error when support for auditing is
444 compiled in but auditing is not enabled.
446 * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
447 being honored when the "targetpw" sudoers Defaults option was enabled.
449 * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
451 * A crash has been fixed in "sudo -l" when sudo is built with auditing
452 support and the user is not allowed to run any commands on the host.
454 What's new in Sudo 1.7.4p4?
456 * A potential security issue has been fixed with respect to the handling
457 of sudo's -g command line option when -u is also specified. The flaw
458 may allow an attacker to run commands as a user that is not authorized
461 * A bug has been fixed where "sudo -l" output was incomplete if multiple
462 sudoers sources were defined in nsswitch.conf and there was an error
463 querying one of the sources.
465 * The log_input, log_output, and use_pty sudoers options now work correctly
466 on AIX. Previously, sudo would hang if they were enabled.
468 * The "make install" target now works correctly when sudo is built in a
469 directory other than the source directory.
471 * The "runas_default" sudoers setting now works properly in a per-command
474 * Suspending and resuming the bash shell when PAM is in use now works
475 correctly. The SIGCONT signal was not propagated to the child process.
477 What's new in Sudo 1.7.4p3?
479 * A bug has been fixed where duplicate HOME environment variables could be
480 present when the env_reset setting was disabled and the always_set_home
481 setting was enabled in sudoers.
483 * The value of sysconfdir is now substituted into the path to the sudoers.d
484 directory in the installed sudoers file.
486 * Compilation problems on IRIX and other platforms have been fixed.
488 * If multiple PAM "auth" actions are specified and the user enters ^C at
489 the password prompt, sudo will no longer prompt for a password for any
490 subsequent "auth" actions. Previously it was necessary to enter ^C for
493 What's new in Sudo 1.7.4p2?
495 * A bug where sudo could spin in a busy loop waiting for the child process
498 What's new in Sudo 1.7.4p1?
500 * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
501 functioning when the tty_tickets sudoers option is enabled has been fixed.
503 * Sudo no longer prints a warning when the -k or -K options are specified
504 and the ticket file does not exist.
506 * It is now easier to cross-compile sudo.
508 What's new in Sudo 1.7.4?
510 * Sudoedit will now preserve the file extension in the name of the
511 temporary file being edited. The extension is used by some
512 editors (such as emacs) to choose the editing mode.
514 * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
515 /var/lib/sudo or /var/adm/sudo. The directories are checked for
516 existence in that order. This prevents users from receiving the
517 sudo lecture every time the system reboots. Time stamp files older
518 than the boot time are ignored on systems where it is possible to
521 * The tty_tickets sudoers option is now enabled by default.
523 * Ancillary documentation (README files, LICENSE, etc) is now installed
524 in a sudo documentation directory.
526 * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
529 * Defaults settings that are tied to a user, host or command may
530 now include the negation operator. For example:
531 Defaults:!millert lecture
532 will match any user but millert.
534 * The default PATH environment variable, used when no PATH variable
535 exists, now includes /usr/sbin and /sbin.
537 * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
538 for cross-platform packing.
540 * On Linux, sudo will now restore the nproc resource limit before
541 executing a command, unless the limit appears to have been modified
542 by pam_limits. This avoids a problem with bash scripts that open
543 more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
544 will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
546 * The HOME and MAIL environment variables are now reset based on the
547 target user's password database entry when the env_reset sudoers option
548 is enabled (which is the case in the default configuration). Users
549 wishing to preserve the original values should use a sudoers entry like:
550 Defaults env_keep += HOME
551 to preserve the old value of HOME and
552 Defaults env_keep += MAIL
553 to preserve the old value of MAIL.
555 * Fixed a problem in the restoration of the AIX authdb registry setting.
557 * Sudo will now fork(2) and wait until the command has completed before
558 calling pam_close_session().
560 * The default syslog facility is now "authpriv" if the operating system
561 supports it, else "auth".
563 What's new in Sudo 1.7.3?
565 * Support for logging I/O for the command being run.
566 For more information, see the documentation for the "log_input"
567 and "log_output" Defaults options in the sudoers manual. Also
568 see the sudoreplay manual for how to replay I/O log sessions.
570 * The use_pty sudoers option can be used to force a command to be
571 run in a pseudo-pty, even when I/O logging is not enabled.
573 * On some systems, sudo can now detect when a user has logged out
574 and back in again when tty-based time stamps are in use. Supported
575 systems include Solaris systems with the devices file system,
576 Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
579 * On AIX systems, the registry setting in /etc/security/user is
580 now taken into account when looking up users and groups. Sudo
581 now applies the correct the user and group ids when running a
582 command as a user whose account details come from a different
583 source (e.g. LDAP or DCE vs. local files).
585 * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
586 When multiple entries are listed, sudo will try each one in the
587 order in which they are specified.
589 * Sudo's SELinux support should now function correctly when running
590 commands as a non-root user and when one of stdin, stdout or stderr
593 * Sudo will now use the Linux audit system with configure with
594 the --with-linux-audit flag.
596 * Sudo now uses mbr_check_membership() on systems that support it
597 to determine group membership. Currently, only Darwin (Mac OS X)
600 * When the tty_tickets sudoers option is enabled but there is no
601 terminal device, sudo will no longer use or create a tty-based
602 ticket file. Previously, sudo would use a tty name of "unknown".
603 As a consequence, if a user has no terminal device, sudo will
604 now always prompt for a password.
606 * The passwd_timeout and timestamp_timeout options may now be
607 specified as floating point numbers for more granular timeout
610 * Negating the fqdn option in sudoers now works correctly when sudo
611 is configured with the --with-fqdn option. In previous versions
612 of sudo the fqdn was set before sudoers was parsed.
614 What's new in Sudo 1.7.2?
616 * A new #includedir directive is available in sudoers. This can be
617 used to implement an /etc/sudo.d directory. Files in an includedir
618 are not edited by visudo unless they contain a syntax error.
620 * The -g option did not work properly when only setting the group
621 (and not the user). Also, in -l mode the wrong user was displayed
622 for sudoers entries where only the group was allowed to be set.
624 * Fixed a problem with the alias checking in visudo which
625 could prevent visudo from exiting.
627 * Sudo will now correctly parse the shell-style /etc/environment
628 file format used by pam_env on Linux.
630 * When doing password and group database lookups, sudo will only
631 cache an entry by name or by id, depending on how the entry was
632 looked up. Previously, sudo would cache by both name and id
633 from a single lookup, but this breaks sites that have multiple
634 password or group database names that map to the same uid or
637 * User and group names in sudoers may now be enclosed in double
638 quotes to avoid having to escape special characters.
640 * BSM audit fixes when changing to a non-root uid.
642 * Experimental non-Unix group support. Currently only works with
643 Quest Authorization Services and allows Active Directory groups
646 * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
647 paths may be specified as a directory or a file. However, version
648 5.0 of the SDK only appears to support using a directory (despite
649 documentation to the contrary). If SSL client initialization
650 fails and the certificate or key paths look like they could be
651 default file name, strip off the last path element and try again.
653 * A setenv() compatibility fix for Linux systems, where a NULL
654 value is treated the same as an empty string and the variable
655 name is checked against the NULL pointer.
657 What's new in Sudo 1.7.1?
659 * A new Defaults option "pwfeedback" will cause sudo to provide visual
660 feedback when the user is entering a password.
662 * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
663 function for file name globbing instead of glob(). When this option
664 is enabled, sudo will not check the file system when expanding wildcards.
665 This is faster but a side effect is that relative paths with wildcard
668 * New BSM audit support for systems that support it such as FreeBSD
671 * The file name specified with the #include directive may now include
672 a %h escape which is expanded to the short form of hostname.
674 * The -k flag may now be specified along with a command, causing the
675 user's timestamp file to be ignored.
677 * New support for Tivoli-based LDAP START_TLS, present in AIX.
679 * New support for /etc/netsvc.conf on AIX.
681 * The unused alias checks in visudo now handle the case of an alias
682 referring to another alias.
684 What's new in Sudo 1.7.0?
686 * Rewritten parser that converts sudoers into a set of data structures.
687 This eliminates a number of ordering issues and makes it possible to
688 apply sudoers Defaults entries before searching for the command.
689 It also adds support for per-command Defaults specifications.
691 * Sudoers now supports a #include facility to allow the inclusion of other
692 sudoers-format files.
694 * Sudo's -l (list) flag has been enhanced:
695 o applicable Defaults options are now listed
696 o a command argument can be specified for testing whether a user
697 may run a specific command.
698 o a new -U flag can be used in conjunction with "sudo -l" to allow
699 root (or a user with "sudo ALL") list another user's privileges.
701 * A new -g flag has been added to allow the user to specify a
702 primary group to run the command as. The sudoers syntax has been
703 extended to include a group section in the Runas specification.
705 * A uid may now be used anywhere a username is valid.
707 * The "secure_path" run-time Defaults option has been restored.
709 * Password and group data is now cached for fast lookups.
711 * The file descriptor at which sudo starts closing all open files is now
712 configurable via sudoers and, optionally, the command line.
714 * Visudo will now warn about aliases that are defined but not used.
716 * The -i and -s command line flags now take an optional command
717 to be run via the shell. Previously, the argument was passed
718 to the shell as a script to run.
720 * Improved LDAP support. SASL authentication may now be used in
721 conjunction when connecting to an LDAP server. The krb5_ccname
722 parameter in ldap.conf may be used to enable Kerberos.
724 * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
725 to specify the sudoers order. E.g.:
727 to check LDAP, then /etc/sudoers. The default is "files", even
728 when LDAP support is compiled in. This differs from sudo 1.6
729 where LDAP was always consulted first.
731 * Support for /etc/environment on AIX and Linux. If sudo is run
732 with the -i flag, the contents of /etc/environment are used to
733 populate the new environment that is passed to the command being
736 * If no terminal is available or if the new -A flag is specified,
737 sudo will use a helper program to read the password if one is
738 configured. Typically, this is a graphical password prompter
741 * A new Defaults option, "mailfrom" that sets the value of the
742 "From:" field in the warning/error mail. If unspecified, the
743 login name of the invoking user is used.
745 * A new Defaults option, "env_file" that refers to a file containing
746 environment variables to be set in the command being run.
748 * A new flag, -n, may be used to indicate that sudo should not
749 prompt the user for a password and, instead, exit with an error
750 if authentication is required.
752 * If sudo needs to prompt for a password and it is unable to disable
753 echo (and no askpass program is defined), it will refuse to run
754 unless the "visiblepw" Defaults option has been specified.
756 * Prior to version 1.7.0, hitting enter/return at the Password: prompt
757 would exit sudo. In sudo 1.7.0 and beyond, this is treated as
758 an empty password. To exit sudo, the user must press ^C or ^D
761 * visudo will now check the sudoers file owner and mode in -c (check)
762 mode when the -s (strict) flag is specified.
764 * A new Defaults option "umask_override" will cause sudo to set the
765 umask specified in sudoers even if it is more permissive than the
766 invoking user's umask.