--without-umask
Preserves the umask of the user invoking sudo.
+ --with-umask-override
+ Use the umask specified in sudoers even if it is less restrictive
+ than the user's. The default is to use the intersection of the
+ user's umask and the umask specified in sudoers.
+
--with-runas-default=USER
The default user to run commands as if the -u flag is not specified
on the command line. This defaults to "root".
/* Define to 1 if the code in interfaces.c does not compile for you. */
#undef STUB_LOAD_INTERFACES
-/* The umask that the root-run prog should use. */
+/* The umask that the sudo-run prog should use. */
#undef SUDO_UMASK
/* The number of minutes before sudo asks for a password again. */
/* The number of tries a user gets to enter their password. */
#undef TRIES_FOR_PASSWORD
+/* Define to 1 to use the umask specified in sudoers even when it is less
+ restrictive than the invoking user's. */
+#undef UMASK_OVERRIDE
+
/* Define to 1 if the `unsetenv' function returns void instead of `int'. */
#undef UNSETENV_VOID
lecture
long_otp_prompt
passprompt
+umask_override
sudo_umask
password_timeout
timeout
with_sudoers_uid
with_sudoers_gid
with_umask
+with_umask_override
with_runas_default
with_exempt
with_editor
--with-umask umask with which the prog should run (default is
022)
--without-umask Preserves the umask of the user invoking sudo.
+ --with-umask-override Use the umask specified in sudoers even if it is
+ less restrictive than the user's.
--with-runas-default User to run commands as (default is "root")
--with-exempt=group no passwd needed for users in this group
--with-editor=path Default editor for visudo (defaults to vi)
+
#
timeout=5
password_timeout=5
sudo_umask=0022
+umask_override=off
passprompt="Password:"
long_otp_prompt=off
lecture=once
$as_echo "$sudo_umask" >&6; }
fi
+
+# Check whether --with-umask-override was given.
+if test "${with_umask_override+set}" = set; then :
+ withval=$with_umask_override; case $with_umask_override in
+ yes) $as_echo "#define UMASK_OVERRIDE 1" >>confdefs.h
+
+ umask_override=on
+ ;;
+ no) umask_override=off
+ ;;
+ *) as_fn_error "\"--with-umask-override does not take an argument.\"" "$LINENO" 5
+ ;;
+esac
+fi
+
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default user to run commands as" >&5
$as_echo_n "checking for default user to run commands as... " >&6; }
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6765: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6787: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6768: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6790: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6771: output\"" >&5)
+ (eval echo "\"\$as_me:6793: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7976 "configure"' > conftest.$ac_ext
+ echo '#line 7998 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9369: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9391: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9373: \$? = $ac_status" >&5
+ echo "$as_me:9395: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9708: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9730: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9712: \$? = $ac_status" >&5
+ echo "$as_me:9734: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9813: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9835: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9817: \$? = $ac_status" >&5
+ echo "$as_me:9839: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9868: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9890: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9872: \$? = $ac_status" >&5
+ echo "$as_me:9894: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12235 "configure"
+#line 12257 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12331 "configure"
+#line 12353 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
+
AC_SUBST([timeout])
AC_SUBST([password_timeout])
AC_SUBST([sudo_umask])
+AC_SUBST([umask_override])
AC_SUBST([passprompt])
AC_SUBST([long_otp_prompt])
AC_SUBST([lecture])
timeout=5
password_timeout=5
sudo_umask=0022
+umask_override=off
passprompt="Password:"
long_otp_prompt=off
lecture=once
*) AC_MSG_ERROR(["you must enter a numeric mask."])
;;
esac])
-AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
+AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
if test "$sudo_umask" = "0777"; then
AC_MSG_RESULT(user)
else
AC_MSG_RESULT($sudo_umask)
fi
+AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
+[case $with_umask_override in
+ yes) AC_DEFINE(UMASK_OVERRIDE)
+ umask_override=on
+ ;;
+ no) umask_override=off
+ ;;
+ *) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
+ ;;
+esac])
+
AC_MSG_CHECKING(for default user to run commands as)
AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
[case $with_runas_default in
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
+AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
#ifdef ENV_EDITOR
def_env_editor = TRUE;
#endif
+#ifdef UMASK_OVERRIDE
+ def_umask_override = TRUE;
+#endif
#ifdef _PATH_SUDO_ASKPASS
def_askpass = estrdup(_PATH_SUDO_ASKPASS);
#endif
-1.7.4 July 21, 2010 1
+1.7.5 September 14, 2010 1
-1.7.4 July 21, 2010 2
+1.7.5 September 14, 2010 2
-1.7.4 July 21, 2010 3
+1.7.5 September 14, 2010 3
-1.7.4 July 21, 2010 4
+1.7.5 September 14, 2010 4
-1.7.4 July 21, 2010 5
+1.7.5 September 14, 2010 5
-1.7.4 July 21, 2010 6
+1.7.5 September 14, 2010 6
-1.7.4 July 21, 2010 7
+1.7.5 September 14, 2010 7
-1.7.4 July 21, 2010 8
+1.7.5 September 14, 2010 8
-1.7.4 July 21, 2010 9
+1.7.5 September 14, 2010 9
that the -\b-H\bH option is always implied. Note that HOME
is already set when the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is
enabled, so _\ba_\bl_\bw_\ba_\by_\bs_\b__\bs_\be_\bt_\b__\bh_\bo_\bm_\be is only effective for
- configurations where _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled. This flag
- is _\bo_\bf_\bf by default.
+ configurations where either _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled or
+ HOME is present in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list. This flag is _\bo_\bf_\bf
+ by default.
authenticate If set, users must authenticate themselves via a
password (or other means of authentication) before they
its value will be used for the PATH environment
variable. This flag is _\bo_\bn by default.
- fast_glob Normally, s\bsu\bud\bdo\bo uses the _\bg_\bl_\bo_\bb(3) function to do shell-
-1.7.4 July 21, 2010 10
+1.7.5 September 14, 2010 10
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ fast_glob Normally, s\bsu\bud\bdo\bo uses the _\bg_\bl_\bo_\bb(3) function to do shell-
style globbing when matching path names. However,
since it accesses the file system, _\bg_\bl_\bo_\bb(3) can take a
long time to complete for some patterns, especially
insults If set, s\bsu\bud\bdo\bo will insult users when they enter an
incorrect password. This flag is _\bo_\bf_\bf by default.
- log_host If set, the host name will be logged in the (non-
-1.7.4 July 21, 2010 11
+1.7.5 September 14, 2010 11
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ log_host If set, the host name will be logged in the (non-
syslog) s\bsu\bud\bdo\bo log file. This flag is _\bo_\bf_\bf by default.
log_year If set, the four-digit year will be logged in the (non-
passprompt_override
The password prompt specified by _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will
normally only be used if the password prompt provided
- by systems such as PAM matches the string "Password:".
-1.7.4 July 21, 2010 12
+1.7.5 September 14, 2010 12
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ by systems such as PAM matches the string "Password:".
If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set, _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always
be used. This flag is _\bo_\bf_\bf by default.
-\b-u\bu option is used). This effectively makes the -\b-s\bs
option imply -\b-H\bH. Note that HOME is already set when
the the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled, so _\bs_\be_\bt_\b__\bh_\bo_\bm_\be is
- only effective for configurations where _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is
- disabled. This flag is _\bo_\bf_\bf by default.
-
- set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
+ only effective for configurations where either
+ _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled or HOME is present in the
+ _\be_\bn_\bv_\b__\bk_\be_\be_\bp list. This flag is _\bo_\bf_\bf by default.
-1.7.4 July 21, 2010 13
+1.7.5 September 14, 2010 13
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ set_logname Normally, s\bsu\bud\bdo\bo will set the LOGNAME, USER and USERNAME
environment variables to the name of the target user
(usually root unless the -\b-u\bu option is given). However,
since some programs (including the RCS revision control
-
-1.7.4 July 21, 2010 14
+1.7.5 September 14, 2010 14
-1.7.4 July 21, 2010 15
+1.7.5 September 14, 2010 15
-1.7.4 July 21, 2010 16
+1.7.5 September 14, 2010 16
-1.7.4 July 21, 2010 17
+1.7.5 September 14, 2010 17
-1.7.4 July 21, 2010 18
+1.7.5 September 14, 2010 18
-1.7.4 July 21, 2010 19
+1.7.5 September 14, 2010 19
-1.7.4 July 21, 2010 20
+1.7.5 September 14, 2010 20
-1.7.4 July 21, 2010 21
+1.7.5 September 14, 2010 21
-1.7.4 July 21, 2010 22
+1.7.5 September 14, 2010 22
-1.7.4 July 21, 2010 23
+1.7.5 September 14, 2010 23
-1.7.4 July 21, 2010 24
+1.7.5 September 14, 2010 24
-1.7.4 July 21, 2010 25
+1.7.5 September 14, 2010 25
-1.7.4 July 21, 2010 26
+1.7.5 September 14, 2010 26
-1.7.4 July 21, 2010 27
+1.7.5 September 14, 2010 27
.nr BA @BAMAN@
.nr LC @LCMAN@
.\"
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
.\"
.\" Standard preamble:
.\" ========================================================================
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 21, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "September 14, 2010" "1.7.5" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
option is used). This effectively means that the \fB\-H\fR option is
always implied. Note that \f(CW\*(C`HOME\*(C'\fR is already set when the the
\&\fIenv_reset\fR option is enabled, so \fIalways_set_home\fR is only
-effective for configurations where \fIenv_reset\fR is disabled.
+effective for configurations where either \fIenv_reset\fR is disabled
+or \f(CW\*(C`HOME\*(C'\fR is present in the \fIenv_keep\fR list.
This flag is \fIoff\fR by default.
.IP "authenticate" 16
.IX Item "authenticate"
user (which is root unless the \fB\-u\fR option is used). This effectively
makes the \fB\-s\fR option imply \fB\-H\fR. Note that \f(CW\*(C`HOME\*(C'\fR is already
set when the the \fIenv_reset\fR option is enabled, so \fIset_home\fR is
-only effective for configurations where \fIenv_reset\fR is disabled.
+only effective for configurations where either \fIenv_reset\fR is disabled
+or \f(CW\*(C`HOME\*(C'\fR is present in the \fIenv_keep\fR list.
This flag is \fIoff\fR by default.
.IP "set_logname" 16
.IX Item "set_logname"
umask in \fIsudoers\fR than the user's own umask and matches historical
behavior. If \fIumask_override\fR is not set, \fBsudo\fR will set the
umask to be the union of the user's umask and what is specified in
-\&\fIsudoers\fR. This flag is \fIoff\fR by default.
+\&\fIsudoers\fR. This flag is \fI@umask_override@\fR by default.
.if \n(LC \{\
.IP "use_loginclass" 16
.IX Item "use_loginclass"
umask in I<sudoers> than the user's own umask and matches historical
behavior. If I<umask_override> is not set, B<sudo> will set the
umask to be the union of the user's umask and what is specified in
-I<sudoers>. This flag is I<off> by default.
+I<sudoers>. This flag is I<@umask_override@> by default.
=item use_loginclass
projects / sudo / commitdiff