instead of running it as a child process.
P\bPl\blu\bug\bgi\bin\bns\bs
- Plugins are dynamically loaded based on the contents of the sudo.conf(4)
- file. If no sudo.conf(4) file is present, or it contains no Plugin
- lines, s\bsu\bud\bdo\bo will use the traditional _\bs_\bu_\bd_\bo_\be_\br_\bs security policy and I/O
- logging. See the sudo.conf(4) manual for details of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
- file and the sudo_plugin(1m) manual for more information about the s\bsu\bud\bdo\bo
- plugin architecture.
+ Plugins may be specified via Plugin directives in the sudo.conf(4) file.
+ They may be loaded as dynamic shared objects (on systems that support
+ them), or compiled directly into the s\bsu\bud\bdo\bo binary. If no sudo.conf(4)
+ file is present, or it contains no Plugin lines, s\bsu\bud\bdo\bo will use the
+ traditional _\bs_\bu_\bd_\bo_\be_\br_\bs security policy and I/O logging. See the
+ sudo.conf(4) manual for details of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file and the
+ sudo_plugin(1m) manual for more information about the s\bsu\bud\bdo\bo plugin
+ architecture.
E\bEX\bXI\bIT\bT V\bVA\bAL\bLU\bUE\bE
Upon successful execution of a program, the exit status from _\bs_\bu_\bd_\bo will
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.8 August 14, 2013 Sudo 1.8.8
+Sudo 1.8.9 December 4, 2013 Sudo 1.8.9
end. Plugins are dynamically loaded based on the contents of s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf.
A Plugin line consists of the Plugin keyword, followed by the _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
- and the _\bp_\ba_\bt_\bh to the shared object containing the plugin. The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
- is the name of the struct policy_plugin or struct io_plugin in the plugin
- shared object. The _\bp_\ba_\bt_\bh may be fully qualified or relative. If not
- fully qualified, it is relative to the directory specified by the
- _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bd_\bi_\br Path setting, which defaults to _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo. In
- other words:
+ and the _\bp_\ba_\bt_\bh to the dynamic shared object that contains the plugin. The
+ _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be is the name of the struct policy_plugin or struct io_plugin
+ symbol contained in the plugin. The _\bp_\ba_\bt_\bh may be fully qualified or
+ relative. If not fully qualified, it is relative to the directory
+ specified by the _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bd_\bi_\br Path setting, which defaults to
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo. In other words:
Plugin sudoers_policy sudoers.so
Plugin sudoers_policy /usr/local/libexec/sudo/sudoers.so
+ If the plugin was compiled statically into the s\bsu\bud\bdo\bo binary instead of
+ being installed as a dynamic shared object, the _\bp_\ba_\bt_\bh should be specified
+ without a leading directory, as it does not actually exist in the file
+ system. For example:
+
+ Plugin sudoers_policy sudoers.so
+
Starting with s\bsu\bud\bdo\bo 1.8.5, any additional parameters after the _\bp_\ba_\bt_\bh are
passed as arguments to the plugin's _\bo_\bp_\be_\bn function. For example, to
override the compile-time default sudoers file mode:
Plugin sudoers_policy sudoers.so sudoers_mode=0440
- The same shared object may contain multiple plugins, each with a
- different symbol name. The shared object file must be owned by uid 0 and
- only writable by its owner. Because of ambiguities that arise from
- composite policies, only a single policy plugin may be specified. This
- limitation does not apply to I/O plugins.
+ The same dynamic shared object may contain multiple plugins, each with a
+ different symbol name. The file must be owned by uid 0 and only writable
+ by its owner. Because of ambiguities that arise from composite policies,
+ only a single policy plugin may be specified. This limitation does not
+ apply to I/O plugins.
If no s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf file is present, or if it contains no Plugin lines, the
s\bsu\bud\bdo\boe\ber\brs\bs plugin will be used as the default security policy and for I/O
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.9 December 3, 2013 Sudo 1.8.9
+Sudo 1.8.9 December 4, 2013 Sudo 1.8.9
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDO" "5" "December 3, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO" "5" "December 4, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fIsymbol_name\fR
and the
\fIpath\fR
-to the shared object containing the plugin.
+to the dynamic shared object that contains the plugin.
The
\fIsymbol_name\fR
is the name of the
\fRstruct policy_plugin\fR
or
\fRstruct io_plugin\fR
-in the plugin shared object.
+symbol contained in the plugin.
The
\fIpath\fR
may be fully qualified or relative.
.RE
.fi
.PP
+If the plugin was compiled statically into the
+\fBsudo\fR
+binary instead of being installed as a dynamic shared object, the
+\fIpath\fR
+should be specified without a leading directory,
+as it does not actually exist in the file system.
+For example:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so
+.RE
+.fi
+.PP
Starting with
\fBsudo\fR
1.8.5, any additional parameters after the
.RE
.fi
.PP
-The same shared object may contain multiple plugins, each with a
-different symbol name.
-The shared object file must be owned by uid 0 and only writable by its owner.
+The same dynamic shared object may contain multiple plugins,
+each with a different symbol name.
+The file must be owned by uid 0 and only writable by its owner.
Because of ambiguities that arise from composite policies, only a single
policy plugin may be specified.
This limitation does not apply to I/O plugins.
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 3, 2013
+.Dd December 4, 2013
.Dt SUDO @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Em symbol_name
and the
.Em path
-to the shared object containing the plugin.
+to the dynamic shared object that contains the plugin.
The
.Em symbol_name
is the name of the
.Li struct policy_plugin
or
.Li struct io_plugin
-in the plugin shared object.
+symbol contained in the plugin.
The
.Em path
may be fully qualified or relative.
Plugin sudoers_policy @PLUGINDIR@/sudoers.so
.Ed
.Pp
+If the plugin was compiled statically into the
+.Nm sudo
+binary instead of being installed as a dynamic shared object, the
+.Em path
+should be specified without a leading directory,
+as it does not actually exist in the file system.
+For example:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so
+.Ed
+.Pp
Starting with
.Nm sudo
1.8.5, any additional parameters after the
Plugin sudoers_policy sudoers.so sudoers_mode=0440
.Ed
.Pp
-The same shared object may contain multiple plugins, each with a
-different symbol name.
-The shared object file must be owned by uid 0 and only writable by its owner.
+The same dynamic shared object may contain multiple plugins,
+each with a different symbol name.
+The file must be owned by uid 0 and only writable by its owner.
Because of ambiguities that arise from composite policies, only a single
policy plugin may be specified.
This limitation does not apply to I/O plugins.
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "@mansectsu@" "August 14, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "December 4, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo\fR
may execute the command directly instead of running it as a child process.
.SS "Plugins"
-Plugins are dynamically loaded based on the contents of the
+Plugins may be specified via
+\fRPlugin\fR
+directives in the
sudo.conf(@mansectform@)
file.
+They may be loaded as dynamic shared objects (on systems that support them),
+or compiled directly into the
+\fBsudo\fR
+binary.
If no
sudo.conf(@mansectform@)
file is present, or it contains no
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd August 14, 2013
+.Dd December 4, 2013
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Nm sudo
may execute the command directly instead of running it as a child process.
.Ss Plugins
-Plugins are dynamically loaded based on the contents of the
+Plugins may be specified via
+.Li Plugin
+directives in the
.Xr sudo.conf @mansectform@
file.
+They may be loaded as dynamic shared objects (on systems that support them),
+or compiled directly into the
+.Nm sudo
+binary.
If no
.Xr sudo.conf @mansectform@
file is present, or it contains no
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
Starting with version 1.8, s\bsu\bud\bdo\bo supports a plugin API for policy and
- session logging. By default, the s\bsu\bud\bdo\boe\ber\brs\bs policy plugin and an associated
- I/O logging plugin are used. Via the plugin API, s\bsu\bud\bdo\bo can be configured
- to use alternate policy and/or I/O logging plugins provided by third
- parties. The plugins to be used are specified in the sudo.conf(4) file.
+ session logging. Plugins may be compiled as dynamic shared objects (the
+ default on systems that support them) or compiled statically into the
+ s\bsu\bud\bdo\bo binary itself. By default, the s\bsu\bud\bdo\boe\ber\brs\bs policy plugin and an
+ associated I/O logging plugin are used. Via the plugin API, s\bsu\bud\bdo\bo can be
+ configured to use alternate policy and/or I/O logging plugins provided by
+ third parties. The plugins to be used are specified in the sudo.conf(4)
+ file.
The API is versioned with a major and minor number. The minor version
number is incremented when additions are made. The major number is
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.8 August 16, 2013 Sudo 1.8.8
+Sudo 1.8.9 December 4, 2013 Sudo 1.8.9
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDO_PLUGIN" "5" "August 16, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO_PLUGIN" "5" "December 4, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudo\fR
supports a plugin API
for policy and session logging.
+Plugins may be compiled as dynamic shared objects (the default on
+systems that support them) or compiled statically into the
+\fBsudo\fR
+binary itself.
By default, the
\fBsudoers\fR
policy plugin and an associated I/O logging plugin are used.
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd August 16, 2013
+.Dd December 4, 2013
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Nm sudo
supports a plugin API
for policy and session logging.
+Plugins may be compiled as dynamic shared objects (the default on
+systems that support them) or compiled statically into the
+.Nm sudo
+binary itself.
By default, the
.Nm sudoers
policy plugin and an associated I/O logging plugin are used.
projects / sudo / commitdiff