-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
S\bSu\bud\bdo\bo P\bPl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
-1.8.0a1 February 21, 2010 1
+1.8.0a1 February 24, 2010 1
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
struct policy_plugin {
-1.8.0a1 February 21, 2010 2
+1.8.0a1 February 24, 2010 2
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
when running s\bsu\bud\bdo\bo. As such, they will only be present when the
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
+ debug_level=number
+ A numeric debug level, from 1-9, if specified via the -D
+ flag.
+
runas_user=string
The user name or uid to to run the command as, if specified
via the -u flag.
SELinux role to use when executing the command, if
specified by the -r flag.
- selinux_type=string
- SELinux type to use when executing the command, if
- specified by the -t flag.
+1.8.0a1 February 24, 2010 3
-1.8.0a1 February 21, 2010 3
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ selinux_type=string
+ SELinux type to use when executing the command, if
+ specified by the -t flag.
bsdauth_type=string
Authentication type, if specified by the -a flag, to use on
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
- close
- void (*close)(int exit_status, int error);
- The close function is called when the command being run by s\bsu\bud\bdo\bo
- finishes.
-1.8.0a1 February 21, 2010 4
+1.8.0a1 February 24, 2010 4
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
+ close
+ void (*close)(int exit_status, int error);
+
+ The close function is called when the command being run by s\bsu\bud\bdo\bo
+ finishes.
+
The function arguments are as follows:
exit_status
env_add
Additional environment variables specified by the user on the
- command line in the form of a NULL-terminated vector of
- "name=value" strings. The plugin may reject the command if one
- or more variables are not allowed to be set, or it may silently
- ignore such variables.
- When parsing _\be_\bn_\bv_\b__\ba_\bd_\bd, the plugin should split on the f\bfi\bir\brs\bst\bt
+1.8.0a1 February 24, 2010 5
-1.8.0a1 February 21, 2010 5
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ command line in the form of a NULL-terminated vector of
+ "name=value" strings. The plugin may reject the command if one
+ or more variables are not allowed to be set, or it may silently
+ ignore such variables.
+ When parsing _\be_\bn_\bv_\b__\ba_\bd_\bd, the plugin should split on the f\bfi\bir\brs\bst\bt
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
noexec=bool
If set, prevent the command from executing other programs.
- chroot=string
- The root directory to use when running the command.
-
- nice=int
- Nice value (priority) to use when executing the command.
+1.8.0a1 February 24, 2010 6
-1.8.0a1 February 21, 2010 6
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ chroot=string
+ The root directory to use when running the command.
+ nice=int
+ Nice value (priority) to use when executing the command.
The nice value, if specified, overrides the priority
associated with the _\bl_\bo_\bg_\bi_\bn_\b__\bc_\bl_\ba_\bs_\bs on BSD systems.
policy allows it. If NULL, the plugin should list the
privileges of the invoking user.
- argc
- The number of elements in _\ba_\br_\bg_\bv, not counting the final NULL
- pointer.
- argv
- If non-NULL, an argument vector describing a command the user
-1.8.0a1 February 21, 2010 7
+1.8.0a1 February 24, 2010 7
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
+ argc
+ The number of elements in _\ba_\br_\bg_\bv, not counting the final NULL
+ pointer.
+
+ argv
+ If non-NULL, an argument vector describing a command the user
wishes to check against the policy in the same form as what
would be passed to the _\be_\bx_\be_\bc_\bv_\be_\b(_\b) system call. If the command is
permitted by the policy, the fully-qualified path to the
plugin should not attempt to read directly from the standard input or
the user's tty.
+
+
+
+
+
+
+
+
+
+
+
+1.8.0a1 February 24, 2010 8
+
+
+
+
+
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
+
+
struct sudo_conv_message {
#define SUDO_CONV_PROMPT_ECHO_OFF 1
#define SUDO_CONV_PROMPT_ECHO_ON 2
char *reply;
};
-
-
-
-1.8.0a1 February 21, 2010 8
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
typedef int (*sudo_conv_t)(int num_msgs,
const struct sudo_conv_message msgs[],
struct sudo_conv_reply replies[]);
type
The type field should always be set to SUDO_IO_PLUGIN
+
+
+1.8.0a1 February 24, 2010 9
+
+
+
+
+
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
+
+
version
The version field should be set to SUDO_API_VERSION.
Returns 1 on success, 0 if the command should not be logged and -1
on error. On error, the plugin may optionally call the
-
-
-
-1.8.0a1 February 21, 2010 9
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
conversation function with SUDO_CONF_ERROR_MSG to present
additional error information to the user.
See the "Policy Plugin API" section for a list of all possible
strings.
- user_env
- The user's environment in the form of a NULL-terminated vector
- of "name=value" strings.
-
- When parsing _\bu_\bs_\be_\br_\b__\be_\bn_\bv, the plugin should split on the f\bfi\bir\brs\bst\bt
- equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
- itself but the _\bv_\ba_\bl_\bu_\be might.
- close
- void (*close)(int exit_status, int error);
- The close function is called when the command being run by s\bsu\bud\bdo\bo
+1.8.0a1 February 24, 2010 10
-1.8.0a1 February 21, 2010 10
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
+ user_env
+ The user's environment in the form of a NULL-terminated vector
+ of "name=value" strings.
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ When parsing _\bu_\bs_\be_\br_\b__\be_\bn_\bv, the plugin should split on the f\bfi\bir\brs\bst\bt
+ equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
+ itself but the _\bv_\ba_\bl_\bu_\be might.
+ close
+ void (*close)(int exit_status, int error);
+ The close function is called when the command being run by s\bsu\bud\bdo\bo
finishes.
The function arguments are as follows:
log_output
int (*log_output)(const char *buf, unsigned int len);
- The _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt function is called whenever data can be read from
- the command but before it is written to the user's terminal. This
- allows the plugin to reject data if it chooses to (for instance if
- the input contains banned content). Returns 1 if the data should
- be passed to the user, 0 if the data is rejected (which will
- terminate the command) or -1 if an error occurred.
- The function arguments are as follows:
- buf The buffer containing command output.
- len The length of _\bb_\bu_\bf in bytes.
+1.8.0a1 February 24, 2010 11
+
-1.8.0a1 February 21, 2010 11
+SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8)
+ The _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt function is called whenever data can be read from
+ the command but before it is written to the user's terminal. This
+ allows the plugin to reject data if it chooses to (for instance if
+ the input contains banned content). Returns 1 if the data should
+ be passed to the user, 0 if the data is rejected (which will
+ terminate the command) or -1 if an error occurred.
+ The function arguments are as follows:
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ buf The buffer containing command output.
+ len The length of _\bb_\bu_\bf in bytes.
U\bUn\bnh\bha\ban\bnd\bdl\ble\bed\bd c\bco\bom\bmm\bma\ban\bnd\bd l\bli\bin\bne\be o\bop\bpt\bti\bio\bon\bns\bs
The -L command line option has been deprecated as its output is covered
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.0a1 February 21, 2010 12
+1.8.0a1 February 24, 2010 12
projects / sudo / commitdiff