removed NO_PASSWD since it is not possible to do this in

the sudoers file itself.  Replaced SUDOERS_OWNER with SUDOERS_UID
and SUDOERS_GID.  Added SUDOERS_MODE.

diff --git a/OPTIONS b/OPTIONS
index 5113004c2c163d3ea0f352576512d8a28a2c2277..bba3c018bcf77a85d15c9e9258ed85369f73c13f 100644 (file)
--- a/OPTIONS
+++ b/OPTIONS
@@ -64,12 +64,6 @@ EXEMPTGROUP
     a password but where Jr. sysadmins need to.
     This is off by default.
 
-NO_PASSWD
-    If this is defined then sudo will *never* ask for a password.
-    It should only be used in an environment where machines are
-    physically secure.  It would be a very bad idea for an open
-    lab.
-
 ENV_EDITOR
     Makes visudo consult the EDITOR and VISUAL environmental variables
     before falling back on the default editor.  Note that this may create
@@ -210,11 +204,19 @@ LONG_SKEY_PROMPT
     find it more convenient.
     This feature is off by default.
 
-SUDOERS_OWNER
-    Who should own the sudoers file.  This must be a username, *not* a uid.
-    This is useful if you want to make the sudoers file NFS-mounted
-    but don't want to let the clients mount the filesystem with
-    root proviledges.  A good choice for SUDOERS_OWNER in this case is
-    "daemon", a bad choice would be nobody.  Note that this is usually
-    set in the Makefile.
-    The default is "root" (remember the quotes).
+SUDOERS_MODE
+    File mode for the sudoers file (octal).  This should be 0440 if
+    you want to be able to share the sudoers file via NFS or 0400
+    if you do not.  The default mode is 0440.
+
+SUDOERS_UID
+    User id that "owns" the sudoers file.  Note that this is the
+    numeric id, *not* the symbolic name.  Also Note that this is
+    usually set in the Makefile.
+    The default is 0.
+
+SUDOERS_GID
+    Group id that "owns" the sudoers file.  Note that this is the
+    numeric id, *not* the symbolic name.  Also note that this is
+    usually set in the Makefile.
+    The default is 0.

diff --git a/options.h b/options.h
index 2f53ce5914e726ad635d21b0ee124faacf3f1868..f43a30d9b51ea348f218daaeb8b22c6d4f07dee2 100644 (file)
--- a/options.h
+++ b/options.h
@@ -40,7 +40,6 @@
 #define SEND_MAIL_WHEN_NO_USER /* send mail when user not in sudoers file */
 /*#define SEND_MAIL_WHEN_NOT_OK        /* send mail if no permissions to run command */
 /*#define EXEMPTGROUP "sudo"   /* no passwd needed for users in this group */
-/*#define NO_PASSWD            /* no passwds are required */
 /*#define ENV_EDITOR           /* visudo honors EDITOR and VISUAL envars */
 #define SHORT_MESSAGE          /* short sudo message, no copyright printed */
 #define TIMEOUT 5              /* minutes before sudo asks for passwd again */
@@ -65,9 +64,15 @@
 /*#define SKEY_ONLY            /* validate user via s/key only */
 /*#define LONG_SKEY_PROMPT     /* use a two line s/key prompt */
 #define FAST_MATCH             /* command check fails if basenames not same */
-#ifndef SUDOERS_OWNER
-#define SUDOERS_OWNER "root"   /* sudoers file owner (usually root) */
-#endif /* SUDOERS_OWNER */
+#ifndef SUDOERS_MODE
+#define SUDOERS_MODE 0440      /* file mode for sudoers (octal) */
+#endif /* SUDOERS_MODE */
+#ifndef SUDOERS_UID
+#define SUDOERS_UID 0          /* user id that owns sudoers (*not* a name) */
+#endif /* SUDOERS_UID */
+#ifndef SUDOERS_GID
+#define SUDOERS_GID 0          /* group id that owns sudoers (*not* a name) */
+#endif /* SUDOERS_GID */
 
 /**********  You probably don't want to modify anything below here  ***********/