timestampdir The directory in which s\bsu\bud\bdo\bo stores its time stamp
files. This directory should be cleared when the
- system reboots. The default is _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo_\b/_\bt_\bs.
+ system reboots. The default is _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo_\b/_\bt_\bs.
timestampowner The owner of the lecture status directory, time stamp
directory and the time stamps stored therein. The
`N' is the group ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs file) to the s\bsu\bud\bdo\boe\ber\brs\bs Plugin
line in the sudo.conf(4) file.
- unable to open /var/adm/sudo/ts/username/ttyname
+ unable to open /var/run/sudo/ts/username
_\bs_\bu_\bd_\bo_\be_\br_\bs was unable to read or create the user's time stamp file.
- unable to write to /var/adm/sudo/ts/username/ttyname
+ unable to write to /var/run/sudo/ts/username
_\bs_\bu_\bd_\bo_\be_\br_\bs was unable to write to the user's time stamp file.
- unable to mkdir to /var/adm/sudo/ts/username
- _\bs_\bu_\bd_\bo_\be_\br_\bs was unable to create the user's time stamp directory.
+ /var/run/sudo/ts is owned by uid X, should be Y
+ The time stamp directory is owned by a user other than _\bt_\bi_\bm_\be_\bs_\bt_\ba_\bm_\bp_\bo_\bw_\bn_\be_\br.
+ This can occur when the value of _\bt_\bi_\bm_\be_\bs_\bt_\ba_\bm_\bp_\bo_\bw_\bn_\be_\br has been changed.
+ _\bs_\bu_\bd_\bo_\be_\br_\bs will ignore the time stamp directory until the owner is
+ corrected. This can occur when
+
+ /var/run/sudo/ts is group writable
+ The time stamp directory is group-writable; it should be writable only
+ by _\bt_\bi_\bm_\be_\bs_\bt_\ba_\bm_\bp_\bo_\bw_\bn_\be_\br. The default mode for the time stamp directory is
+ 0700. _\bs_\bu_\bd_\bo_\be_\br_\bs will ignore the time stamp directory until the mode is
+ corrected.
N\bNo\bot\bte\bes\bs o\bon\bn l\blo\bog\bgg\bgi\bin\bng\bg v\bvi\bia\ba s\bsy\bys\bsl\blo\bog\bg
By default, _\bs_\bu_\bd_\bo_\be_\br_\bs logs messages via syslog(3). The _\bd_\ba_\bt_\be, _\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be, and
_\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo I/O log files
- _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo_\b/_\bt_\bs Directory containing time stamps for the
+ _\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo_\b/_\bt_\bs Directory containing time stamps for the
_\bs_\bu_\bd_\bo_\be_\br_\bs security policy
+ _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo_\b/_\bl_\be_\bc_\bt_\bu_\br_\be_\bd Directory containing lecture status files for
+ the _\bs_\bu_\bd_\bo_\be_\br_\bs security policy
+
_\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi mode on AIX and
Linux systems
T\bTi\bim\bme\be s\bst\bta\bam\bmp\bp f\bfi\bil\ble\be c\bch\bhe\bec\bck\bks\bs
_\bs_\bu_\bd_\bo_\be_\br_\bs will check the ownership of its time stamp directory
- (_\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo_\b/_\bt_\bs by default) and ignore the directory's contents if it
+ (_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo_\b/_\bt_\bs by default) and ignore the directory's contents if it
is not owned by root or if it is writable by a user other than root.
Older versions of s\bsu\bud\bdo\bo stored time stamp files in _\b/_\bt_\bm_\bp; this is no longer
recommended as it may be possible for a user to create the time stamp
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.10 January 29, 2014 Sudo 1.8.10
+Sudo 1.8.10 February 1, 2014 Sudo 1.8.10
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "@mansectsu@" "January 29, 2014" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
+.TH "SUDOERS" "@mansectsu@" "February 1, 2014" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fInot\fR
be cleared when the system reboots.
The default is
-\fI@lecture_dir@\fR.
+\fI@vardir@/lectured\fR.
.TP 18n
limitprivs
The default Solaris limit privileges to use when constructing a new
stores its time stamp files.
This directory should be cleared when the system reboots.
The default is
-\fI@timedir@\fR.
+\fI@rundir@/ts\fR.
.TP 18n
timestampowner
The owner of the lecture status directory, time stamp directory and the
sudo.conf(@mansectform@)
file.
.TP 3n
-unable to open @timedir@/username/ttyname
+unable to open @rundir@/ts/username
\fIsudoers\fR
was unable to read or create the user's time stamp file.
.TP 3n
-unable to write to @timedir@/username/ttyname
+unable to write to @rundir@/ts/username
\fIsudoers\fR
was unable to write to the user's time stamp file.
.TP 3n
-unable to mkdir to @timedir@/username
+@rundir@/ts is owned by uid X, should be Y
+The time stamp directory is owned by a user other than
+\fItimestampowner\fR.
+This can occur when the value of
+\fItimestampowner\fR
+has been changed.
+\fIsudoers\fR
+will ignore the time stamp directory until the owner is corrected.
+This can occur when
+.TP 3n
+@rundir@/ts is group writable
+The time stamp directory is group-writable; it should be writable only by
+\fItimestampowner\fR.
+The default mode for the time stamp directory is 0700.
\fIsudoers\fR
-was unable to create the user's time stamp directory.
+will ignore the time stamp directory until the mode is corrected.
.SS "Notes on logging via syslog"
By default,
\fIsudoers\fR
\fI@iolog_dir@\fR
I/O log files
.TP 26n
-\fI@timedir@\fR
+\fI@rundir@/ts\fR
Directory containing time stamps for the
\fIsudoers\fR
security policy
.TP 26n
+\fI@vardir@/lectured\fR
+Directory containing lecture status files for the
+\fIsudoers\fR
+security policy
+.TP 26n
\fI/etc/environment\fR
Initial environment for
\fB\-i\fR
.SS "Time stamp file checks"
\fIsudoers\fR
will check the ownership of its time stamp directory
-(\fI@timedir@\fR
+(\fI@rundir@/ts\fR
by default)
and ignore the directory's contents if it is not owned by root or
if it is writable by a user other than root.
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd January 31, 2014
+.Dd February 1, 2014
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Em not
be cleared when the system reboots.
The default is
-.Pa @libdir@/lectured .
+.Pa @vardir@/lectured .
.It limitprivs
The default Solaris limit privileges to use when constructing a new
privilege set for a command.
.It unable to write to @rundir@/ts/username
.Em sudoers
was unable to write to the user's time stamp file.
+.It @rundir@/ts is owned by uid X, should be Y
+The time stamp directory is owned by a user other than
+.Em timestampowner .
+This can occur when the value of
+.Em timestampowner
+has been changed.
+.Em sudoers
+will ignore the time stamp directory until the owner is corrected.
+This can occur when
+.It @rundir@/ts is group writable
+The time stamp directory is group-writable; it should be writable only by
+.Em timestampowner .
+The default mode for the time stamp directory is 0700.
+.Em sudoers
+will ignore the time stamp directory until the mode is corrected.
.El
.Ss Notes on logging via syslog
By default,
Directory containing time stamps for the
.Em sudoers
security policy
-.It Pa @libdir@/lectured
+.It Pa @vardir@/lectured
Directory containing lecture status files for the
.Em sudoers
security policy
projects / sudo / commitdiff