# var_name
# TYPE
# description (or NULL)
+# array of struct def_values if TYPE == T_TUPLE
+#
+# NOTE: for tuples that can be used in a boolean context the first
+# value corresponds to boolean FALSE and the second to TRUE.
#
-syslog_ifac
- T_UINT
- NULL
-syslog_igoodpri
- T_UINT
- NULL
-syslog_ibadpri
- T_UINT
- NULL
syslog
T_LOGFAC|T_BOOL
"Syslog facility if syslog is being used for logging: %s"
T_FLAG
"Use a separate timestamp for each user/tty combo"
lecture
- T_FLAG
+ T_TUPLE|T_BOOL
"Lecture user the first time they run sudo"
+ never once always
+lecture_file
+ T_STR|T_PATH|T_BOOL
+ "File containing the sudo lecture: %s"
authenticate
T_FLAG
"Require users to authenticate by default"
stay_setuid
T_FLAG
"Only set the effective uid to the target user, not the real uid"
-env_reset
- T_FLAG
- "Reset the environment to a default set of variables"
preserve_groups
T_FLAG
"Don't initialize the group vector to that of the target user"
T_UINT|T_BOOL
"Length at which to wrap log file lines (0 for no wrap): %d"
timestamp_timeout
- T_INT|T_BOOL
- "Authentication timestamp timeout: %d minutes"
+ T_FLOAT|T_BOOL
+ "Authentication timestamp timeout: %.1f minutes"
passwd_timeout
- T_UINT|T_BOOL
- "Password prompt timeout: %d minutes"
+ T_FLOAT|T_BOOL
+ "Password prompt timeout: %.1f minutes"
passwd_tries
T_UINT
"Number of tries to enter a password: %d"
mailto
T_STR|T_BOOL
"Address to send mail to: %s"
+mailfrom
+ T_STR|T_BOOL
+ "Address to send mail from: %s"
mailsub
T_STR
"Subject line for mail messages: %s"
timestampdir
T_STR|T_PATH
"Path to authentication timestamp dir: %s"
+timestampowner
+ T_STR
+ "Owner of the authentication timestamp dir: %s"
exempt_group
T_STR|T_BOOL
"Users in this group are exempt from password and PATH requirements: %s"
passprompt
T_STR
"Default password prompt: %s"
+passprompt_override
+ T_FLAG
+ "If set, passprompt will override system prompt in all cases."
runas_default
T_STR
"Default user to run commands as: %s"
+secure_path
+ T_STR|T_BOOL
+ "Value to override user's $PATH with: %s"
editor
T_STR|T_PATH
"Path to the editor for use by visudo: %s"
+listpw
+ T_TUPLE|T_BOOL
+ "When to require a password for 'list' pseudocommand: %s"
+ never any all always
+verifypw
+ T_TUPLE|T_BOOL
+ "When to require a password for 'verify' pseudocommand: %s"
+ never all any always
+noexec
+ T_FLAG
+ "Preload the dummy exec functions contained in 'noexec_file'"
+noexec_file
+ T_STR|T_PATH
+ "File containing dummy exec functions: %s"
+ignore_local_sudoers
+ T_FLAG
+ "If LDAP directory is up, do we ignore local sudoers file"
+closefrom
+ T_INT
+ "File descriptors >= %d will be closed before executing a command"
+closefrom_override
+ T_FLAG
+ "If set, users may override the value of `closefrom' with the -C option"
+setenv
+ T_FLAG
+ "Allow users to set arbitrary environment variables"
+env_reset
+ T_FLAG
+ "Reset the environment to a default set of variables"
env_check
T_LIST|T_BOOL
"Environment variables to check for sanity:"
env_keep
T_LIST|T_BOOL
"Environment variables to preserve:"
-listpw_i
- T_UINT
- NULL
-verifypw_i
- T_UINT
- NULL
-listpw
- T_PWFLAG
- "When to require a password for 'list' pseudocommand: %s"
-verifypw
- T_PWFLAG
- "When to require a password for 'verify' pseudocommand: %s"
+role
+ T_STR
+ "SELinux role to use in the new security context: %s"
+type
+ T_STR
+ "SELinux type to use in the new security context: %s"
+askpass
+ T_STR|T_PATH|T_BOOL
+ "Path to the askpass helper program: %s"
+env_file
+ T_STR|T_PATH|T_BOOL
+ "Path to the sudo-specific environment file: %s"
+sudoers_locale
+ T_STR
+ "Locale to use while parsing sudoers: %s"
+visiblepw
+ T_FLAG
+ "Allow sudo to prompt for a password even if it would be visisble"
+pwfeedback
+ T_FLAG
+ "Provide visual feedback at the password prompt when there is user input"
+fast_glob
+ T_FLAG
+ "Use faster globbing that is less accurate but does not access the filesystem"
+umask_override
+ T_FLAG
+ "The umask specified in sudoers will override the user's, even if it is more permissive"
+log_input
+ T_FLAG
+ "Log user's input for the command being run"
+log_output
+ T_FLAG
+ "Log the output of the command being run"
+compress_io
+ T_FLAG
+ "Compress I/O logs using zlib"
+use_pty
+ T_FLAG
+ "Always run commands in a pseudo-tty"
+iolog_dir
+ T_STR|T_PATH
+ "Directory in which to store input/output logs"