.el .IP "\f(CW%u\fR" 4
.IX Item "%u"
expanded to the invoking user's login name
+.ie n .IP "%p" 4
+.el .IP "\f(CW%p\fR" 4
+.IX Item "%p"
+expanded to the user whose password is asked for (respects the presence of the
+rootpw, targetpw or runaspw options in the configuration)
+
.ie n .IP "\*(C`%%\*(C'" 4
.el .IP "\f(CW\*(C`%%\*(C'\fR" 4
.IX Item "%%"
Address to send warning and error mail to. The address should
be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
+.IP "exempt_group" 12
+.IX Item "exempt_group"
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
+On Debian systems, this is set to the group 'sudo' by default.
+.IP "syslog" 12
+.IX Item "syslog"
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR.
+.IP "verifypw" 12
+.IX Item "verifypw"
+This option controls when a password will be required when a user runs
+\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values:
+.RS 12
+.IP "all" 8
+.IX Item "all"
+All the user's \fIsudoers\fR entries for the current host must have
+the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "always" 8
+.IX Item "always"
+The user must always enter a password to use the \fB\-l\fR flag.
+.IP "any" 8
+.IX Item "any"
+At least one of the user's \fIsudoers\fR entries for the current host
+must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "never" 8
+.IX Item "never"
+The user need never enter a password to use the \fB\-l\fR flag.
+.RE
+.RS 12
+.Sp
+If no value is specified, a value of \fIany\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fIany\fR.
+.RE
+.IP "logfile" 12
+.IX Item "logfile"
+Path to the \fBsudo\fR log file (not the syslog log file). Setting a path
+turns on logging to a file; negating this option turns it off.
+By default, \fBsudo\fR logs via syslog.
+.IP "mailerflags" 12
+.IX Item "mailerflags"
+Flags to use when invoking mailer. Defaults to \fB\-t\fR.
+.IP "mailerpath" 12
+.IX Item "mailerpath"
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+.IP "mailto" 12
+.IX Item "mailto"
+Address to send warning and error mail to. The address should
+be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
+interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
.IP "syslog" 12
.IX Item "syslog"
Syslog facility if syslog is being used for logging (negate to