-.SH "SUDO.CONF"
-The
-\fI@sysconfdir@/sudo.conf\fR
-file determines which plugins the
-\fBsudo\fR
-front end will load.
-If no
-\fI@sysconfdir@/sudo.conf\fR
-file
-is present, or it contains no
-\fRPlugin\fR
-lines,
-\fBsudo\fR
-will use the
-\fIsudoers\fR
-security policy and I/O logging, which corresponds to the following
-\fI@sysconfdir@/sudo.conf\fR
-file.
-.nf
-.sp
-.RS 0n
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
-.RE
-.fi
-.SS "Plugin options"
-Starting with
-\fBsudo\fR
-1.8.5, it is possible to pass options to the
-\fIsudoers\fR
-plugin.
-Options may be listed after the path to the plugin (i.e.\& after
-\fIsudoers.so\fR);
-multiple options should be space-separated.
-For example:
-.nf
-.sp
-.RS 0n
-Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440
-.RE
-.fi
-.PP
-The following plugin options are supported:
-.TP 10n
-sudoers_file=pathname
-The
-\fIsudoers_file\fR
-option can be used to override the default path
-to the
-\fIsudoers\fR
-file.
-.TP 10n
-sudoers_uid=uid
-The
-\fIsudoers_uid\fR
-option can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
-.TP 10n
-sudoers_gid=gid
-The
-\fIsudoers_gid\fR
-option can be used to override the default group of the sudoers file.
-It should be specified as a numeric group ID.
-.TP 10n
-sudoers_mode=mode
-The
-\fIsudoers_mode\fR
-option can be used to override the default file mode for the sudoers file.
-It should be specified as an octal value.
-.SS "Debug flags"
-Versions 1.8.4 and higher of the
-\fIsudoers\fR
-plugin supports a debugging framework that can help track down what the
-plugin is doing internally if there is a problem.
-This can be configured in the
-\fI@sysconfdir@/sudo.conf\fR
-file as described in
-sudo(@mansectsu@).
-.PP
-The
-\fIsudoers\fR
-plugin uses the same debug flag format as the
-\fBsudo\fR
-front-end:
-\fIsubsystem\fR@\fIpriority\fR.
-.PP
-The priorities used by
-\fIsudoers\fR,
-in order of decreasing severity,
-are:
-\fIcrit\fR,
-\fIerr\fR,
-\fIwarn\fR,
-\fInotice\fR,
-\fIdiag\fR,
-\fIinfo\fR,
-\fItrace\fR
-and
-\fIdebug\fR.
-Each priority, when specified, also includes all priorities higher than it.
-For example, a priority of
-\fInotice\fR
-would include debug messages logged at
-\fInotice\fR
-and higher.
-.PP
-The following subsystems are used by
-\fIsudoers\fR:
-.TP 10n
-\fIalias\fR
-\fRUser_Alias\fR,
-\fRRunas_Alias\fR,
-\fRHost_Alias\fR
-and
-\fRCmnd_Alias\fR
-processing
-.TP 10n
-\fIall\fR
-matches every subsystem
-.TP 10n
-\fIaudit\fR
-BSM and Linux audit code
-.TP 10n
-\fIauth\fR
-user authentication
-.TP 10n
-\fIdefaults\fR
-\fIsudoers\fR
-\fIDefaults\fR
-settings
-.TP 10n
-\fIenv\fR
-environment handling
-.TP 10n
-\fIldap\fR
-LDAP-based sudoers
-.TP 10n
-\fIlogging\fR
-logging support
-.TP 10n
-\fImatch\fR
-matching of users, groups, hosts and netgroups in
-\fIsudoers\fR
-.TP 10n
-\fInetif\fR
-network interface handling
-.TP 10n
-\fInss\fR
-network service switch handling in
-\fIsudoers\fR
-.TP 10n
-\fIparser\fR
-\fIsudoers\fR
-file parsing
-.TP 10n
-\fIperms\fR
-permission setting
-.TP 10n
-\fIplugin\fR
-The equivalent of
-\fImain\fR
-for the plugin.
-.TP 10n
-\fIpty\fR
-pseudo-tty related code
-.TP 10n
-\fIrbtree\fR
-redblack tree internals
-.TP 10n
-\fIutil\fR
-utility functions