+.SH "SUDO.CONF"
+.IX Header "SUDO.CONF"
+The \fI@sysconfdir@/sudo.conf\fR file determines which plugins the
+\&\fBsudo\fR front end will load. If no \fI@sysconfdir@/sudo.conf\fR file
+is present, or it contains no \f(CW\*(C`Plugin\*(C'\fR lines, \fBsudo\fR will use the
+\&\fIsudoers\fR security policy and I/O logging, which corresponds to
+the following \fI@sysconfdir@/sudo.conf\fR file.
+.PP
+.Vb 10
+\& #
+\& # Default @sysconfdir@/sudo.conf file
+\& #
+\& # Format:
+\& # Plugin plugin_name plugin_path plugin_options ...
+\& # Path askpass /path/to/askpass
+\& # Path noexec /path/to/sudo_noexec.so
+\& # Debug sudo /var/log/sudo_debug all@warn
+\& # Set disable_coredump true
+\& #
+\& # The plugin_path is relative to @prefix@/libexec unless
+\& # fully qualified.
+\& # The plugin_name corresponds to a global symbol in the plugin
+\& # that contains the plugin interface structure.
+\& # The plugin_options are optional.
+\& #
+\& Plugin policy_plugin sudoers.so
+\& Plugin io_plugin sudoers.so
+.Ve
+.SS "\s-1PLUGIN\s0 \s-1OPTIONS\s0"
+.IX Subsection "PLUGIN OPTIONS"
+Starting with \fBsudo\fR 1.8.5 it is possible to pass options to the
+\&\fIsudoers\fR plugin. Options may be listed after the path to the
+plugin (i.e. after \fIsudoers.so\fR); multiple options should be
+space-separated. For example:
+.PP
+.Vb 1
+\& Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440
+.Ve
+.PP
+The following plugin options are supported:
+.IP "sudoers_file=pathname" 10
+.IX Item "sudoers_file=pathname"
+The \fIsudoers_file\fR option can be used to override the default path
+to the \fIsudoers\fR file.
+.IP "sudoers_uid=uid" 10
+.IX Item "sudoers_uid=uid"
+The \fIsudoers_uid\fR option can be used to override the default owner
+of the sudoers file. It should be specified as a numeric user \s-1ID\s0.
+.IP "sudoers_gid=gid" 10
+.IX Item "sudoers_gid=gid"
+The \fIsudoers_gid\fR option can be used to override the default group
+of the sudoers file. It should be specified as a numeric group \s-1ID\s0.
+.IP "sudoers_mode=mode" 10
+.IX Item "sudoers_mode=mode"
+The \fIsudoers_mode\fR option can be used to override the default file
+mode for the sudoers file. It should be specified as an octal value.
+.SS "\s-1DEBUG\s0 \s-1FLAGS\s0"
+.IX Subsection "DEBUG FLAGS"
+Versions 1.8.4 and higher of the \fIsudoers\fR plugin supports a
+debugging framework that can help track down what the plugin is
+doing internally if there is a problem. This can be configured in
+the \fI@sysconfdir@/sudo.conf\fR file as described in \fIsudo\fR\|(@mansectsu@).
+.PP
+The \fIsudoers\fR plugin uses the same debug flag format as \fBsudo\fR
+itself: \fIsubsystem\fR@\fIpriority\fR.
+.PP
+The priorities used by \fIsudoers\fR, in order of decreasing severity,
+are: \fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
+and \fIdebug\fR. Each priority, when specified, also includes all
+priorities higher than it. For example, a priority of \fInotice\fR
+would include debug messages logged at \fInotice\fR and higher.
+.PP
+The following subsystems are used by \fIsudoers\fR:
+.IP "\fIalias\fR" 10
+.IX Item "alias"
+\&\f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR and \f(CW\*(C`Cmnd_Alias\*(C'\fR processing
+.IP "\fIall\fR" 10
+.IX Item "all"
+matches every subsystem
+.IP "\fIaudit\fR" 10
+.IX Item "audit"
+\&\s-1BSM\s0 and Linux audit code
+.IP "\fIauth\fR" 10
+.IX Item "auth"
+user authentication
+.IP "\fIdefaults\fR" 10
+.IX Item "defaults"
+\&\fIsudoers\fR \fIDefaults\fR settings
+.IP "\fIenv\fR" 10
+.IX Item "env"
+environment handling
+.IP "\fIldap\fR" 10
+.IX Item "ldap"
+LDAP-based sudoers
+.IP "\fIlogging\fR" 10
+.IX Item "logging"
+logging support
+.IP "\fImatch\fR" 10
+.IX Item "match"
+matching of users, groups, hosts and netgroups in \fIsudoers\fR
+.IP "\fInetif\fR" 10
+.IX Item "netif"
+network interface handling
+.IP "\fInss\fR" 10
+.IX Item "nss"
+network service switch handling in \fIsudoers\fR
+.IP "\fIparser\fR" 10
+.IX Item "parser"
+\&\fIsudoers\fR file parsing
+.IP "\fIperms\fR" 10
+.IX Item "perms"
+permission setting
+.IP "\fIplugin\fR" 10
+.IX Item "plugin"
+The equivalent of \fImain\fR for the plugin.
+.IP "\fIpty\fR" 10
+.IX Item "pty"
+pseudo-tty related code
+.IP "\fIrbtree\fR" 10
+.IX Item "rbtree"
+redblack tree internals
+.IP "\fIutil\fR" 10
+.IX Item "util"
+utility functions