substitution in the sudo_plugin manual.
s\bsu\bud\bdo\bo [-\b-D\bD _\bl_\be_\bv_\be_\bl] -\b-h\bh | -\b-K\bK | -\b-k\bk | -\b-V\bV
s\bsu\bud\bdo\bo -\b-v\bv [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-D\bD _\bl_\be_\bv_\be_\bl] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br_\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
+ [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd]
s\bsu\bud\bdo\bo -\b-l\bl[\b[l\bl]\b] [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\ba_\bu_\bt_\bh_\b__\bt_\by_\bp_\be] [-\b-D\bD _\bl_\be_\bv_\be_\bl] [-\b-g\bg _\bg_\br_\bo_\bu_\bp _\bn_\ba_\bm_\be|_\b#_\bg_\bi_\bd]
[-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-U\bU _\bu_\bs_\be_\br _\bn_\ba_\bm_\be] [-\b-u\bu _\bu_\bs_\be_\br _\bn_\ba_\bm_\be|_\b#_\bu_\bi_\bd] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
-1.8.0a2 June 3, 2010 1
+1.8.0a2 June 9, 2010 1
-1.8.0a2 June 3, 2010 2
+1.8.0a2 June 9, 2010 2
-1.8.0a2 June 3, 2010 3
+1.8.0a2 June 9, 2010 3
-1.8.0a2 June 3, 2010 4
+1.8.0a2 June 9, 2010 4
-1.8.0a2 June 3, 2010 5
+1.8.0a2 June 9, 2010 5
matched is ALL, the user may set variables that would overwise be
forbidden. See _\bs_\bu_\bd_\bo_\be_\br_\bs(4) for more information.
+P\bPL\bLU\bUG\bGI\bIN\bNS\bS
+ s\bsu\bud\bdo\bo supports a plugin architecture for security policies and
+ input/output logging. Third parties can develop and distribute their
+ own policy and I/O logging modules to work seemlessly with the s\bsu\bud\bdo\bo
+ front end.
+
+ Plugins are dynamically loaded based on the contents of the
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file. If no _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file is present, s\bsu\bud\bdo\bo will
+ use the traditional _\bs_\bu_\bd_\bo_\be_\br_\bs security policy and I/O logging, which
+ corresponds to the following _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
+
+ #
+ # Default /etc/sudo.conf file
+ #
+ # Format:
+ # Plugin plugin_name plugin_path
+ #
+ # The plugin_path is relative to /usr/local/libexec unless
+ # fully qualified.
+ # The plugin_name corresponds to a global symbol in the plugin
+ # that contains the plugin interface structure.
+ #
+ Plugin policy_plugin sudoers.so
+ Plugin io_plugin sudoers.so
+
+ A Plugin line consists of the Plugin keyword, followed by the
+ _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be and the _\bp_\ba_\bt_\bh to the shared object containing the plugin.
+ The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be is the name of the struct policy_plugin or struct
+ io_plugin in the plugin shared object. The _\bp_\ba_\bt_\bh may be fully qualified
+ or relative. If not fully qualified it is relative to the
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any additional parameters after the _\bp_\ba_\bt_\bh
+ are ignored.
+
+ For more information, see the "_\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m) manual."
+
R\bRE\bET\bTU\bUR\bRN\bN V\bVA\bAL\bLU\bUE\bES\bS
Upon successful execution of a program, the exit status from s\bsu\bud\bdo\bo will
+
+
+
+1.8.0a2 June 9, 2010 6
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
simply be the exit status of the program that was executed.
Otherwise, s\bsu\bud\bdo\bo quits with an exit value of 1 if there is a
environment variables that s\bsu\bud\bdo\bo allows or denies is contained in the
output of sudo -V when run as root.
-
-
-
-1.8.0a2 June 3, 2010 6
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
setuid executables, including s\bsu\bud\bdo\bo. Depending on the operating system
not owned by root or if it is writable by a user other than root. On
systems that allow non-root users to give away files via _\bc_\bh_\bo_\bw_\bn(2), if
the time stamp directory is located in a directory writable by anyone
+
+
+
+1.8.0a2 June 9, 2010 7
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
(e.g., _\b/_\bt_\bm_\bp), it is possible for a user to create the time stamp
directory before s\bsu\bud\bdo\bo is run. However, because s\bsu\bud\bdo\bo checks the
ownership and mode of the directory and its contents, the only damage
appropriate owner (root) and permissions (0700) in the system startup
files.
- s\bsu\bud\bdo\bo will not honor time stamps set far in the future. Timestamps with
- a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
- will log and complain. This is done to keep a user from creating
+ s\bsu\bud\bdo\bo will not honor time stamps set far in the future. Time stamps
+ with a date greater than current_time + 2 * TIMEOUT will be ignored and
+ sudo will log and complain. This is done to keep a user from creating
his/her own time stamp with a bogus date on systems that allow users to
give away files.
Administrators should not rely on this feature as it is not universally
available.
-
-
-1.8.0a2 June 3, 2010 7
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
Please note that s\bsu\bud\bdo\bo will normally only log the command it explicitly
runs. If a user runs a command such as sudo su or sudo sh, subsequent
commands run from that shell will _\bn_\bo_\bt be logged, nor will s\bsu\bud\bdo\bo's access
HOME In -\b-s\bs or -\b-H\bH mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the
+
+
+
+1.8.0a2 June 9, 2010 8
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
target user
PATH Set to a sane value if the _\bs_\be_\bc_\bu_\br_\be_\b__\bp_\ba_\bt_\bh sudoers option
SUDO_EDITOR is not set
F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo plugin configuration
+
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
_\b/_\bv_\ba_\br_\b/_\br_\bu_\bn_\b/_\bs_\bu_\bd_\bo Directory containing time stamps
-
-
-1.8.0a2 June 3, 2010 8
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
_\b/_\be_\bt_\bc_\b/_\be_\bn_\bv_\bi_\br_\bo_\bn_\bm_\be_\bn_\bt Initial environment for -\b-i\bi mode on Linux and
AIX
$ sudo -u yaz ls ~yaz
+
+
+
+1.8.0a2 June 9, 2010 9
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
To edit the _\bi_\bn_\bd_\be_\bx_\b._\bh_\bt_\bm_\bl file as user www:
$ sudo -u www vi ~www/htdocs/index.html
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
_\bg_\br_\be_\bp(1), _\bs_\bu(1), _\bs_\bt_\ba_\bt(2), _\bl_\bo_\bg_\bi_\bn_\b__\bc_\ba_\bp(3), _\bp_\ba_\bs_\bs_\bw_\bd(4), _\bs_\bu_\bd_\bo_\be_\br_\bs(4),
- _\bv_\bi_\bs_\bu_\bd_\bo(1m)
+ "_\bs_\bu_\bd_\bo_\b__\bp_\bl_\bu_\bg_\bi_\bn(1m), "_\bs_\bu_\bd_\bo_\br_\be_\bp_\bl_\ba_\by(1m), _\bv_\bi_\bs_\bu_\bd_\bo(1m)""
A\bAU\bUT\bTH\bHO\bOR\bRS\bS
Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists
There is no easy way to prevent a user from gaining a root shell if
that user is allowed to run arbitrary commands via s\bsu\bud\bdo\bo. Also, many
programs (such as editors) allow the user to run commands via shell
-
-
-
-1.8.0a2 June 3, 2010 9
-
-
-
-
-
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-
-
escapes, thus avoiding s\bsu\bud\bdo\bo's checks. However, on most systems it is
possible to prevent shell escapes with s\bsu\bud\bdo\bo's _\bn_\bo_\be_\bx_\be_\bc functionality.
See the _\bs_\bu_\bd_\bo_\be_\br_\bs(4) manual for details.
their own program that gives them a root shell regardless of any '!'
elements in the user specification.
+
+
+
+1.8.0a2 June 9, 2010 10
+
+
+
+
+
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+
+
Running shell scripts via s\bsu\bud\bdo\bo can expose the same kernel bugs that
make setuid shell scripts unsafe on some operating systems (if your OS
has a /dev/fd/ directory, setuid shell scripts are generally safe).
See the LICENSE file distributed with s\bsu\bud\bdo\bo or
http://www.sudo.ws/sudo/license.html for complete details.
+P\bPO\bOD\bD E\bER\bRR\bRO\bOR\bRS\bS
+ Hey! T\bTh\bhe\be a\bab\bbo\bov\bve\be d\bdo\boc\bcu\bum\bme\ben\bnt\bt h\bha\bad\bd s\bso\bom\bme\be c\bco\bod\bdi\bin\bng\bg e\ber\brr\bro\bor\brs\bs,\b, w\bwh\bhi\bic\bch\bh a\bar\bre\be e\bex\bxp\bpl\bla\bai\bin\bne\bed\bd
+ b\bbe\bel\blo\bow\bw:\b:
+
+ Around line 442:
+ Unterminated L<...> sequence
+
+ Around line 678:
+ Unterminated L<L<...>> sequence
+
+
+
+
+
+
-1.8.0a2 June 3, 2010 10
+1.8.0a2 June 9, 2010 11
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "June 3, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "June 9, 2010" "1.8.0a2" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
[\fB\-D\fR\ \fIlevel\fR]
[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
-[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
.PP
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
is set in \fIsudoers\fR, the command to be run has the \f(CW\*(C`SETENV\*(C'\fR tag
set or the command matched is \f(CW\*(C`ALL\*(C'\fR, the user may set variables
that would overwise be forbidden. See \fIsudoers\fR\|(@mansectform@) for more information.
+.SH "PLUGINS"
+.IX Header "PLUGINS"
+\&\fBsudo\fR supports a plugin architecture for security policies and
+input/output logging. Third parties can develop and distribute
+their own policy and I/O logging modules to work seemlessly with
+the \fBsudo\fR front end.
+.PP
+Plugins are dynamically loaded based on the contents of the
+\&\fI@sysconfdir@/sudo.conf\fR file. If no \fI@sysconfdir@/sudo.conf\fR
+file is present, \fBsudo\fR will use the traditional \fIsudoers\fR security
+policy and I/O logging, which corresponds to the following
+\&\fI@sysconfdir@/sudo.conf\fR file.
+.PP
+.Vb 10
+\& #
+\& # Default @sysconfdir@/sudo.conf file
+\& #
+\& # Format:
+\& # Plugin plugin_name plugin_path
+\& #
+\& # The plugin_path is relative to @prefix@/libexec unless
+\& # fully qualified.
+\& # The plugin_name corresponds to a global symbol in the plugin
+\& # that contains the plugin interface structure.
+\& #
+\& Plugin policy_plugin sudoers.so
+\& Plugin io_plugin sudoers.so
+.Ve
+.PP
+A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword, followed by the
+\&\fIsymbol_name\fR and the \fIpath\fR to the shared object containing the
+plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
+or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
+may be fully qualified or relative. If not fully qualified it is
+relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
+after the \fIpath\fR are ignored.
+.PP
+For more information, see the \*(L"\fIsudo_plugin\fR\|(@mansectsu@) manual.\*(R"
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Upon successful execution of a program, the exit status from \fBsudo\fR
and permissions (0700) in the system startup files.
.PP
\&\fBsudo\fR will not honor time stamps set far in the future.
-Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
+Time stamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
will be ignored and sudo will log and complain. This is done to
keep a user from creating his/her own time stamp with a bogus
date on systems that allow users to give away files.
is not set
.SH "FILES"
.IX Header "FILES"
+.ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24
+.el .IP "\fI@sysconfdir@/sudo.conf\fR" 24
+.IX Item "@sysconfdir@/sudo.conf"
+\&\fBsudo\fR plugin configuration
.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
.el .IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers"
.IX Header "SEE ALSO"
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
.if \n(LC \&\fIlogin_cap\fR\|(3),
-\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIvisudo\fR\|(@mansectsu@)
+\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), "\fIsudo_plugin\fR\|(@mansectsu@), "\fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)""
.SH "AUTHORS"
.IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years; this
and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0
file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
for complete details.
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 442:" 4
+.IX Item "Around line 442:"
+Unterminated L<...> sequence
+.IP "Around line 678:" 4
+.IX Item "Around line 678:"
+Unterminated L<L<...>> sequence
S<[B<-a> I<auth_type>]>
S<[B<-D> I<level>]>
S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
-S<[B<-u> I<username>|I<#uid>]>
+S<[B<-u> I<user name>|I<#uid>]>
B<sudo> B<-l[l]> [B<-AknS>]
S<[B<-a> I<auth_type>]>
set or the command matched is C<ALL>, the user may set variables
that would overwise be forbidden. See L<sudoers(5)> for more information.
+=head1 PLUGINS
+
+B<sudo> supports a plugin architecture for security policies and
+input/output logging. Third parties can develop and distribute
+their own policy and I/O logging modules to work seemlessly with
+the B<sudo> front end.
+
+Plugins are dynamically loaded based on the contents of the
+F<@sysconfdir@/sudo.conf> file. If no F<@sysconfdir@/sudo.conf>
+file is present, B<sudo> will use the traditional I<sudoers> security
+policy and I/O logging, which corresponds to the following
+F<@sysconfdir@/sudo.conf> file.
+
+ #
+ # Default @sysconfdir@/sudo.conf file
+ #
+ # Format:
+ # Plugin plugin_name plugin_path
+ #
+ # The plugin_path is relative to @prefix@/libexec unless
+ # fully qualified.
+ # The plugin_name corresponds to a global symbol in the plugin
+ # that contains the plugin interface structure.
+ #
+ Plugin policy_plugin sudoers.so
+ Plugin io_plugin sudoers.so
+
+A C<Plugin> line consists of the C<Plugin> keyword, followed by the
+I<symbol_name> and the I<path> to the shared object containing the
+plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
+or C<struct io_plugin> in the plugin shared object. The I<path>
+may be fully qualified or relative. If not fully qualified it is
+relative to the F<@prefix@/libexec> directory. Any additional parameters
+after the I<path> are ignored.
+
+For more information, see the L<sudo_plugin(8) manual.
+
=head1 RETURN VALUES
Upon successful execution of a program, the exit status from B<sudo>
and permissions (0700) in the system startup files.
B<sudo> will not honor time stamps set far in the future.
-Timestamps with a date greater than current_time + 2 * C<TIMEOUT>
+Time stamps with a date greater than current_time + 2 * C<TIMEOUT>
will be ignored and sudo will log and complain. This is done to
keep a user from creating his/her own time stamp with a bogus
date on systems that allow users to give away files.
=over 24
+=item F<@sysconfdir@/sudo.conf>
+
+B<sudo> plugin configuration
+
=item F<@sysconfdir@/sudoers>
List of who can run what
L<grep(1)>, L<su(1)>, L<stat(2)>,
L<login_cap(3)>,
-L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
+L<passwd(5)>, L<sudoers(5)>, L<sudo_plugin(8), L<sudoreplay(8), L<visudo(8)>
=head1 AUTHORS
The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be is the name of the struct policy_plugin or struct
io_plugin in the plugin shared object. The _\bp_\ba_\bt_\bh may be fully qualified
or relative. If not fully qualified it is relative to the
- $prefix/libexec directory where the prefix is specified at build time
- (/usr/local by default).
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any additional parameters after the _\bp_\ba_\bt_\bh
+ are ignored.
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid 0
# Format:
# Plugin plugin_name plugin_path
#
- # The plugin_path relative to prefix/libexec unless fully qualified
+ # The plugin_path is relative to /usr/local/libexec unless
+ # fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface.
+ # that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
global scope. This structure contains pointers to the functions that
implement the s\bsu\bud\bdo\bo policy checks. The name of the symbol should be
specified in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf along with a path to the plugin so that
- s\bsu\bud\bdo\bo can load it.
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ s\bsu\bud\bdo\bo can load it.
+
struct policy_plugin {
#define SUDO_POLICY_PLUGIN 1
unsigned int type; /* always SUDO_POLICY_PLUGIN */
-
-
1.8.0a2 June 9, 2010 2
plugin and an associated I/O logging plugin are used. Via the plugin
\&\s-1API\s0, \fBsudo\fR can be configured to use alternate policy and/or I/O
logging plugins provided by third parties. The plugins to be used
-are specified via the \fI/etc/sudo.conf\fR file.
+are specified via the \fI@sysconfdir@/sudo.conf\fR file.
.PP
The \s-1API\s0 is versioned with a major and minor number. The minor
version number is incremented when additions are made. The major
The plugin \s-1API\s0 is defined by the \f(CW\*(C`sudo_plugin.h\*(C'\fR header file.
.SS "The sudo.conf File"
.IX Subsection "The sudo.conf File"
-The \fI/etc/sudo.conf\fR file contains plugin configuration directives.
+The \fI@sysconfdir@/sudo.conf\fR file contains plugin configuration directives.
Currently, the only supported keyword is the \f(CW\*(C`Plugin\*(C'\fR directive,
which causes a plugin plugin to be loaded.
.PP
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is
-relative to the \f(CW$prefix\fR/libexec directory where the prefix is
-specified at build time (/usr/local by default).
+relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
+after the \fIpath\fR are ignored.
.PP
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
from composite policies, only a single policy plugin may be specified.
This limitation does not apply to I/O plugins.
.PP
-.Vb 12
+.Vb 10
\& #
-\& # Default /etc/sudo.conf file
+\& # Default @sysconfdir@/sudo.conf file
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
\& #
-\& # The plugin_path relative to prefix/libexec unless fully qualified
+\& # The plugin_path is relative to @prefix@/libexec unless
+\& # fully qualified.
\& # The plugin_name corresponds to a global symbol in the plugin
-\& # that contains the plugin interface.
+\& # that contains the plugin interface structure.
\& #
\& Plugin policy_plugin sudoers.so
\& Plugin io_plugin sudoers.so
A policy plugin must declare and populate a \f(CW\*(C`policy_plugin\*(C'\fR struct
in the global scope. This structure contains pointers to the functions
that implement the \fBsudo\fR policy checks. The name of the symbol should
-be specified in \fI/etc/sudo.conf\fR along with a path to the plugin
+be specified in \fI@sysconfdir@/sudo.conf\fR along with a path to the plugin
so that \fBsudo\fR can load it.
.PP
.Vb 10
plugin and an associated I/O logging plugin are used. Via the plugin
API, B<sudo> can be configured to use alternate policy and/or I/O
logging plugins provided by third parties. The plugins to be used
-are specified via the F</etc/sudo.conf> file.
+are specified via the F<@sysconfdir@/sudo.conf> file.
The API is versioned with a major and minor number. The minor
version number is incremented when additions are made. The major
=head2 The sudo.conf File
-The F</etc/sudo.conf> file contains plugin configuration directives.
+The F<@sysconfdir@/sudo.conf> file contains plugin configuration directives.
Currently, the only supported keyword is the C<Plugin> directive,
which causes a plugin plugin to be loaded.
plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is
-relative to the $prefix/libexec directory where the prefix is
-specified at build time (/usr/local by default).
+relative to the F<@prefix@/libexec> directory. Any additional parameters
+after the I<path> are ignored.
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
This limitation does not apply to I/O plugins.
#
- # Default /etc/sudo.conf file
+ # Default @sysconfdir@/sudo.conf file
#
# Format:
# Plugin plugin_name plugin_path
#
- # The plugin_path relative to prefix/libexec unless fully qualified
+ # The plugin_path is relative to @prefix@/libexec unless
+ # fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface.
+ # that contains the plugin interface structure.
#
Plugin policy_plugin sudoers.so
Plugin io_plugin sudoers.so
A policy plugin must declare and populate a C<policy_plugin> struct
in the global scope. This structure contains pointers to the functions
that implement the B<sudo> policy checks. The name of the symbol should
-be specified in F</etc/sudo.conf> along with a path to the plugin
+be specified in F<@sysconfdir@/sudo.conf> along with a path to the plugin
so that B<sudo> can load it.
struct policy_plugin {
projects / sudo / commitdiff