1 static struct def_values def_data_lecture[] = {
8 static struct def_values def_data_listpw[] = {
16 static struct def_values def_data_verifypw[] = {
24 struct sudo_defs_types sudo_defs_table[] = {
26 "syslog", T_LOGFAC|T_BOOL,
27 "Syslog facility if syslog is being used for logging: %s",
30 "syslog_goodpri", T_LOGPRI,
31 "Syslog priority to use when user authenticates successfully: %s",
34 "syslog_badpri", T_LOGPRI,
35 "Syslog priority to use when user authenticates unsuccessfully: %s",
38 "long_otp_prompt", T_FLAG,
39 "Put OTP prompt on its own line",
43 "Ignore '.' in $PATH",
46 "mail_always", T_FLAG,
47 "Always send mail when sudo is run",
50 "mail_badpass", T_FLAG,
51 "Send mail if user authentication fails",
54 "mail_no_user", T_FLAG,
55 "Send mail if the user is not in sudoers",
58 "mail_no_host", T_FLAG,
59 "Send mail if the user is not in sudoers for this host",
62 "mail_no_perms", T_FLAG,
63 "Send mail if the user is not allowed to run a command",
66 "tty_tickets", T_FLAG,
67 "Use a separate timestamp for each user/tty combo",
70 "lecture", T_TUPLE|T_BOOL,
71 "Lecture user the first time they run sudo",
74 "lecture_file", T_STR|T_PATH|T_BOOL,
75 "File containing the sudo lecture: %s",
78 "authenticate", T_FLAG,
79 "Require users to authenticate by default",
87 "Log the hostname in the (non-syslog) log file",
91 "Log the year in the (non-syslog) log file",
94 "shell_noargs", T_FLAG,
95 "If sudo is invoked with no arguments, start a shell",
99 "Set $HOME to the target user when starting a shell with -s",
102 "always_set_home", T_FLAG,
103 "Always set $HOME to the target user's home directory",
107 "Allow some information gathering to give useful error messages",
111 "Require fully-qualified hostnames in the sudoers file",
115 "Insult the user when they enter an incorrect password",
118 "requiretty", T_FLAG,
119 "Only allow the user to run sudo if they have a tty",
122 "env_editor", T_FLAG,
123 "Visudo will honor the EDITOR environment variable",
127 "Prompt for root's password, not the users's",
131 "Prompt for the runas_default user's password, not the users's",
135 "Prompt for the target user's password, not the users's",
138 "use_loginclass", T_FLAG,
139 "Apply defaults in the target user's login class if there is one",
142 "set_logname", T_FLAG,
143 "Set the LOGNAME and USER environment variables",
146 "stay_setuid", T_FLAG,
147 "Only set the effective uid to the target user, not the real uid",
150 "preserve_groups", T_FLAG,
151 "Don't initialize the group vector to that of the target user",
154 "loglinelen", T_UINT|T_BOOL,
155 "Length at which to wrap log file lines (0 for no wrap): %d",
158 "timestamp_timeout", T_FLOAT|T_BOOL,
159 "Authentication timestamp timeout: %.1f minutes",
162 "passwd_timeout", T_FLOAT|T_BOOL,
163 "Password prompt timeout: %.1f minutes",
166 "passwd_tries", T_UINT,
167 "Number of tries to enter a password: %d",
170 "umask", T_MODE|T_BOOL,
171 "Umask to use or 0777 to use user's: 0%o",
174 "logfile", T_STR|T_BOOL|T_PATH,
175 "Path to log file: %s",
178 "mailerpath", T_STR|T_BOOL|T_PATH,
179 "Path to mail program: %s",
182 "mailerflags", T_STR|T_BOOL,
183 "Flags for mail program: %s",
186 "mailto", T_STR|T_BOOL,
187 "Address to send mail to: %s",
190 "mailfrom", T_STR|T_BOOL,
191 "Address to send mail from: %s",
195 "Subject line for mail messages: %s",
198 "badpass_message", T_STR,
199 "Incorrect password message: %s",
202 "timestampdir", T_STR|T_PATH,
203 "Path to authentication timestamp dir: %s",
206 "timestampowner", T_STR,
207 "Owner of the authentication timestamp dir: %s",
210 "exempt_group", T_STR|T_BOOL,
211 "Users in this group are exempt from password and PATH requirements: %s",
215 "Default password prompt: %s",
218 "passprompt_override", T_FLAG,
219 "If set, passprompt will override system prompt in all cases.",
222 "runas_default", T_STR,
223 "Default user to run commands as: %s",
226 "secure_path", T_STR|T_BOOL,
227 "Value to override user's $PATH with: %s",
230 "editor", T_STR|T_PATH,
231 "Path to the editor for use by visudo: %s",
234 "listpw", T_TUPLE|T_BOOL,
235 "When to require a password for 'list' pseudocommand: %s",
238 "verifypw", T_TUPLE|T_BOOL,
239 "When to require a password for 'verify' pseudocommand: %s",
243 "Preload the dummy exec functions contained in 'noexec_file'",
246 "noexec_file", T_STR|T_PATH,
247 "File containing dummy exec functions: %s",
250 "ignore_local_sudoers", T_FLAG,
251 "If LDAP directory is up, do we ignore local sudoers file",
255 "File descriptors >= %d will be closed before executing a command",
258 "closefrom_override", T_FLAG,
259 "If set, users may override the value of `closefrom' with the -C option",
263 "Allow users to set arbitrary environment variables",
267 "Reset the environment to a default set of variables",
270 "env_check", T_LIST|T_BOOL,
271 "Environment variables to check for sanity:",
274 "env_delete", T_LIST|T_BOOL,
275 "Environment variables to remove:",
278 "env_keep", T_LIST|T_BOOL,
279 "Environment variables to preserve:",
283 "SELinux role to use in the new security context: %s",
287 "SELinux type to use in the new security context: %s",
290 "askpass", T_STR|T_PATH|T_BOOL,
291 "Path to the askpass helper program: %s",
294 "env_file", T_STR|T_PATH|T_BOOL,
295 "Path to the sudo-specific environment file: %s",
298 "sudoers_locale", T_STR,
299 "Locale to use while parsing sudoers: %s",
303 "Allow sudo to prompt for a password even if it would be visisble",
306 "pwfeedback", T_FLAG,
307 "Provide visual feedback at the password prompt when there is user input",
311 "Use faster globbing that is less accurate but does not access the filesystem",
314 "umask_override", T_FLAG,
315 "The umask specified in sudoers will override the user's, even if it is more permissive",
319 "Log user's input for the command being run",
322 "log_output", T_FLAG,
323 "Log the output of the command being run",
326 "compress_io", T_FLAG,
327 "Compress I/O logs using zlib",
331 "Always run commands in a pseudo-tty",