Number of minutes before the sudo password prompt times out.
The default is 5, set this to 0 for no password timeout.
- --with-tty-tickets
- This makes sudo use a different ticket file for each user/tty combo.
- Ie: instead of the ticket path being "username" it is "username/tty".
- This is useful for "shared" accounts like "operator". Note that this
- means that there will be more files in the timestamp dir. This is not
- a problem if your system has a cron job to remove of files from /tmp
- (or wherever you specified the timestamp dir to be).
+ --without-tty-tickets
+ By default, sudo uses a different ticket file for each user/tty combo.
+ With this option disabled, a single ticket will be used for all
+ of a user's login sessions.
--with-insults
Define this if you want to be insulted for typing an incorrect password
system reboots. Time stamp files older than the boot time are
ignored on systems where it is possible to determine this.
+ Additionally, the tty_tickets sudoers option is now enabled by
+ default. To restore the old behavior (single time stamp per user),
+ add a line like:
+ Defaults !tty_tickets
+ to sudoers or use the --without-tty-tickets configure option.
+
The HOME and MAIL environment variables are now reset based on the
target user's password database entry when the env_reset sudoers option
is enabled (which is the case in the default configuration). Users
/* Define to 1 if root should not be allowed to use sudo. */
#undef NO_ROOT_SUDO
+/* Define to 1 if you want a single ticket file instead of per-tty files. */
+#undef NO_TTY_TICKETS
+
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to 1 if you use GNU stow packaging. */
#undef USE_STOW
-/* Define to 1 if you want a different ticket file for each tty. */
-#undef USE_TTY_TICKETS
-
/* Define to 1 if using a non-Unix group lookup implementation. */
#undef USING_NONUNIX_GROUPS
env_editor=off
editor=vi
passwd_tries=3
-tty_tickets=off
+tty_tickets=on
insults=off
root_sudo=on
path_info=on
esac
fi
-if test "$tty_tickets" = "on"; then
- $as_echo "#define USE_TTY_TICKETS 1" >>confdefs.h
+if test "$tty_tickets" = "off"; then
+ $as_echo "#define NO_TTY_TICKETS 1" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5
env_editor=off
editor=vi
passwd_tries=3
-tty_tickets=off
+tty_tickets=on
insults=off
root_sudo=on
path_info=on
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
-if test "$tty_tickets" = "on"; then
- AC_DEFINE(USE_TTY_TICKETS)
- AC_MSG_RESULT(yes)
-else
+if test "$tty_tickets" = "off"; then
+ AC_DEFINE(NO_TTY_TICKETS)
AC_MSG_RESULT(no)
+else
+ AC_MSG_RESULT(yes)
fi
AC_MSG_CHECKING(whether to include insults)
AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
+AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
-AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
#ifdef SEND_MAIL_WHEN_NOT_OK
def_mail_no_perms = TRUE;
#endif
-#ifdef USE_TTY_TICKETS
+#ifndef NO_TTY_TICKETS
def_tty_tickets = TRUE;
#endif
#ifndef NO_LECTURE
-1.7.4 July 19, 2010 1
+1.7.4 July 20, 2010 1
-1.7.4 July 19, 2010 2
+1.7.4 July 20, 2010 2
-1.7.4 July 19, 2010 3
+1.7.4 July 20, 2010 3
-1.7.4 July 19, 2010 4
+1.7.4 July 20, 2010 4
-1.7.4 July 19, 2010 5
+1.7.4 July 20, 2010 5
-1.7.4 July 19, 2010 6
+1.7.4 July 20, 2010 6
-1.7.4 July 19, 2010 7
+1.7.4 July 20, 2010 7
-1.7.4 July 19, 2010 8
+1.7.4 July 20, 2010 8
-1.7.4 July 19, 2010 9
+1.7.4 July 20, 2010 9
-1.7.4 July 19, 2010 10
+1.7.4 July 20, 2010 10
-1.7.4 July 19, 2010 11
+1.7.4 July 20, 2010 11
-1.7.4 July 19, 2010 12
+1.7.4 July 20, 2010 12
-1.7.4 July 19, 2010 13
+1.7.4 July 20, 2010 13
-1.7.4 July 19, 2010 14
+1.7.4 July 20, 2010 14
available logs.
tty_tickets If set, users must authenticate on a per-tty basis.
- Normally, s\bsu\bud\bdo\bo uses a directory in the ticket dir with
- the same name as the user running it. With this flag
- enabled, s\bsu\bud\bdo\bo will use a file named for the tty the
- user is logged in on in that directory. This flag is
- _\bo_\bf_\bf by default.
+ With this flag enabled, s\bsu\bud\bdo\bo will use a file named for
+ the tty the user is logged in on in the user's time
+ stamp directory. If disabled, the time stamp of the
+ directory is used instead. This flag is _\bo_\bn by default.
umask_override If set, s\bsu\bud\bdo\bo will set the umask as specified by _\bs_\bu_\bd_\bo_\be_\br_\bs
without modification. This makes it possible to
-1.7.4 July 19, 2010 15
+
+1.7.4 July 20, 2010 15
-1.7.4 July 19, 2010 16
+1.7.4 July 20, 2010 16
-1.7.4 July 19, 2010 17
+1.7.4 July 20, 2010 17
-1.7.4 July 19, 2010 18
+1.7.4 July 20, 2010 18
-1.7.4 July 19, 2010 19
+1.7.4 July 20, 2010 19
-1.7.4 July 19, 2010 20
+1.7.4 July 20, 2010 20
-1.7.4 July 19, 2010 21
+1.7.4 July 20, 2010 21
-1.7.4 July 19, 2010 22
+1.7.4 July 20, 2010 22
-1.7.4 July 19, 2010 23
+1.7.4 July 20, 2010 23
-1.7.4 July 19, 2010 24
+1.7.4 July 20, 2010 24
-1.7.4 July 19, 2010 25
+1.7.4 July 20, 2010 25
-1.7.4 July 19, 2010 26
+1.7.4 July 20, 2010 26
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 19, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "July 20, 2010" "1.7.4" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
can also be used to list or search the available logs.
.IP "tty_tickets" 16
.IX Item "tty_tickets"
-If set, users must authenticate on a per-tty basis. Normally,
-\&\fBsudo\fR uses a directory in the ticket dir with the same name as
-the user running it. With this flag enabled, \fBsudo\fR will use a
-file named for the tty the user is logged in on in that directory.
-This flag is \fI@tty_tickets@\fR by default.
+If set, users must authenticate on a per-tty basis. With this flag
+enabled, \fBsudo\fR will use a file named for the tty the user is
+logged in on in the user's time stamp directory. If disabled, the
+time stamp of the directory is used instead. This flag is
+\&\fI@tty_tickets@\fR by default.
.IP "umask_override" 16
.IX Item "umask_override"
If set, \fBsudo\fR will set the umask as specified by \fIsudoers\fR without
=item tty_tickets
-If set, users must authenticate on a per-tty basis. Normally,
-B<sudo> uses a directory in the ticket dir with the same name as
-the user running it. With this flag enabled, B<sudo> will use a
-file named for the tty the user is logged in on in that directory.
-This flag is I<@tty_tickets@> by default.
+If set, users must authenticate on a per-tty basis. With this flag
+enabled, B<sudo> will use a file named for the tty the user is
+logged in on in the user's time stamp directory. If disabled, the
+time stamp of the directory is used instead. This flag is
+I<@tty_tickets@> by default.
=item umask_override
projects / sudo / commitdiff