Add a new option, lecture_file, that can be used to point to a custom

sudo lecture.

diff --git a/check.c b/check.c
index b2cf13e25f0ad108c6fee282639d739c261aa471..8c9198448d8b0d7d29057459dcff359c38936398 100644 (file)
--- a/check.c
+++ b/check.c
@@ -134,18 +134,26 @@ static void
 lecture(status)
     int status;
 {
+    FILE *fp;
+    char buf[BUFSIZ];
+    ssize_t nread;
 
     if (def_lecture == never ||
        (def_lecture == once && status != TS_MISSING && status != TS_ERROR))
        return;
 
-    (void) fputs("\n\
+    if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
+       while ((nread = fread(buf, sizeof(char), sizeof(buf), fp)) != 0)
+           fwrite(buf, nread, 1, stderr);
+    } else {
+       (void) fputs("\n\
 We trust you have received the usual lecture from the local System\n\
 Administrator. It usually boils down to these two things:\n\
 \n\
     #1) Respect the privacy of others.\n\
     #2) Think before you type.\n\n",
     stderr);
+    }
 }
 
 /*

diff --git a/def_data.c b/def_data.c
index 4ec5b29a7758e71f58d87fb5ddd9dde425567235..135df092e871e02118d011a2955eb95b45d31cd4 100644 (file)
--- a/def_data.c
+++ b/def_data.c
@@ -59,6 +59,9 @@ struct sudo_defs_types sudo_defs_table[] = {
        "lecture", T_TUPLE|T_BOOL,
        "Lecture user the first time they run sudo",
        def_data_lecture,
+    }, {
+       "lecture_file", T_STR|T_PATH|T_BOOL,
+       "Path to a file containing the sudo lecture: %s",
     }, {
        "authenticate", T_FLAG,
        "Require users to authenticate by default",

diff --git a/def_data.h b/def_data.h
index d51e021d264366eefa6e12dba623c22121fbc222..3ed1a2f73bc349a550cf444fd69367e651949097 100644 (file)
--- a/def_data.h
+++ b/def_data.h
@@ -22,90 +22,92 @@
 #define I_TTY_TICKETS           10
 #define def_lecture             (sudo_defs_table[11].sd_un.tuple)
 #define I_LECTURE               11
-#define def_authenticate        (sudo_defs_table[12].sd_un.flag)
-#define I_AUTHENTICATE          12
-#define def_root_sudo           (sudo_defs_table[13].sd_un.flag)
-#define I_ROOT_SUDO             13
-#define def_log_host            (sudo_defs_table[14].sd_un.flag)
-#define I_LOG_HOST              14
-#define def_log_year            (sudo_defs_table[15].sd_un.flag)
-#define I_LOG_YEAR              15
-#define def_shell_noargs        (sudo_defs_table[16].sd_un.flag)
-#define I_SHELL_NOARGS          16
-#define def_set_home            (sudo_defs_table[17].sd_un.flag)
-#define I_SET_HOME              17
-#define def_always_set_home     (sudo_defs_table[18].sd_un.flag)
-#define I_ALWAYS_SET_HOME       18
-#define def_path_info           (sudo_defs_table[19].sd_un.flag)
-#define I_PATH_INFO             19
-#define def_fqdn                (sudo_defs_table[20].sd_un.flag)
-#define I_FQDN                  20
-#define def_insults             (sudo_defs_table[21].sd_un.flag)
-#define I_INSULTS               21
-#define def_requiretty          (sudo_defs_table[22].sd_un.flag)
-#define I_REQUIRETTY            22
-#define def_env_editor          (sudo_defs_table[23].sd_un.flag)
-#define I_ENV_EDITOR            23
-#define def_rootpw              (sudo_defs_table[24].sd_un.flag)
-#define I_ROOTPW                24
-#define def_runaspw             (sudo_defs_table[25].sd_un.flag)
-#define I_RUNASPW               25
-#define def_targetpw            (sudo_defs_table[26].sd_un.flag)
-#define I_TARGETPW              26
-#define def_use_loginclass      (sudo_defs_table[27].sd_un.flag)
-#define I_USE_LOGINCLASS        27
-#define def_set_logname         (sudo_defs_table[28].sd_un.flag)
-#define I_SET_LOGNAME           28
-#define def_stay_setuid         (sudo_defs_table[29].sd_un.flag)
-#define I_STAY_SETUID           29
-#define def_env_reset           (sudo_defs_table[30].sd_un.flag)
-#define I_ENV_RESET             30
-#define def_preserve_groups     (sudo_defs_table[31].sd_un.flag)
-#define I_PRESERVE_GROUPS       31
-#define def_loglinelen          (sudo_defs_table[32].sd_un.ival)
-#define I_LOGLINELEN            32
-#define def_timestamp_timeout   (sudo_defs_table[33].sd_un.ival)
-#define I_TIMESTAMP_TIMEOUT     33
-#define def_passwd_timeout      (sudo_defs_table[34].sd_un.ival)
-#define I_PASSWD_TIMEOUT        34
-#define def_passwd_tries        (sudo_defs_table[35].sd_un.ival)
-#define I_PASSWD_TRIES          35
-#define def_umask               (sudo_defs_table[36].sd_un.mode)
-#define I_UMASK                 36
-#define def_logfile             (sudo_defs_table[37].sd_un.str)
-#define I_LOGFILE               37
-#define def_mailerpath          (sudo_defs_table[38].sd_un.str)
-#define I_MAILERPATH            38
-#define def_mailerflags         (sudo_defs_table[39].sd_un.str)
-#define I_MAILERFLAGS           39
-#define def_mailto              (sudo_defs_table[40].sd_un.str)
-#define I_MAILTO                40
-#define def_mailsub             (sudo_defs_table[41].sd_un.str)
-#define I_MAILSUB               41
-#define def_badpass_message     (sudo_defs_table[42].sd_un.str)
-#define I_BADPASS_MESSAGE       42
-#define def_timestampdir        (sudo_defs_table[43].sd_un.str)
-#define I_TIMESTAMPDIR          43
-#define def_timestampowner      (sudo_defs_table[44].sd_un.str)
-#define I_TIMESTAMPOWNER        44
-#define def_exempt_group        (sudo_defs_table[45].sd_un.str)
-#define I_EXEMPT_GROUP          45
-#define def_passprompt          (sudo_defs_table[46].sd_un.str)
-#define I_PASSPROMPT            46
-#define def_runas_default       (sudo_defs_table[47].sd_un.str)
-#define I_RUNAS_DEFAULT         47
-#define def_editor              (sudo_defs_table[48].sd_un.str)
-#define I_EDITOR                48
-#define def_env_check           (sudo_defs_table[49].sd_un.list)
-#define I_ENV_CHECK             49
-#define def_env_delete          (sudo_defs_table[50].sd_un.list)
-#define I_ENV_DELETE            50
-#define def_env_keep            (sudo_defs_table[51].sd_un.list)
-#define I_ENV_KEEP              51
-#define def_listpw              (sudo_defs_table[52].sd_un.tuple)
-#define I_LISTPW                52
-#define def_verifypw            (sudo_defs_table[53].sd_un.tuple)
-#define I_VERIFYPW              53
+#define def_lecture_file        (sudo_defs_table[12].sd_un.str)
+#define I_LECTURE_FILE          12
+#define def_authenticate        (sudo_defs_table[13].sd_un.flag)
+#define I_AUTHENTICATE          13
+#define def_root_sudo           (sudo_defs_table[14].sd_un.flag)
+#define I_ROOT_SUDO             14
+#define def_log_host            (sudo_defs_table[15].sd_un.flag)
+#define I_LOG_HOST              15
+#define def_log_year            (sudo_defs_table[16].sd_un.flag)
+#define I_LOG_YEAR              16
+#define def_shell_noargs        (sudo_defs_table[17].sd_un.flag)
+#define I_SHELL_NOARGS          17
+#define def_set_home            (sudo_defs_table[18].sd_un.flag)
+#define I_SET_HOME              18
+#define def_always_set_home     (sudo_defs_table[19].sd_un.flag)
+#define I_ALWAYS_SET_HOME       19
+#define def_path_info           (sudo_defs_table[20].sd_un.flag)
+#define I_PATH_INFO             20
+#define def_fqdn                (sudo_defs_table[21].sd_un.flag)
+#define I_FQDN                  21
+#define def_insults             (sudo_defs_table[22].sd_un.flag)
+#define I_INSULTS               22
+#define def_requiretty          (sudo_defs_table[23].sd_un.flag)
+#define I_REQUIRETTY            23
+#define def_env_editor          (sudo_defs_table[24].sd_un.flag)
+#define I_ENV_EDITOR            24
+#define def_rootpw              (sudo_defs_table[25].sd_un.flag)
+#define I_ROOTPW                25
+#define def_runaspw             (sudo_defs_table[26].sd_un.flag)
+#define I_RUNASPW               26
+#define def_targetpw            (sudo_defs_table[27].sd_un.flag)
+#define I_TARGETPW              27
+#define def_use_loginclass      (sudo_defs_table[28].sd_un.flag)
+#define I_USE_LOGINCLASS        28
+#define def_set_logname         (sudo_defs_table[29].sd_un.flag)
+#define I_SET_LOGNAME           29
+#define def_stay_setuid         (sudo_defs_table[30].sd_un.flag)
+#define I_STAY_SETUID           30
+#define def_env_reset           (sudo_defs_table[31].sd_un.flag)
+#define I_ENV_RESET             31
+#define def_preserve_groups     (sudo_defs_table[32].sd_un.flag)
+#define I_PRESERVE_GROUPS       32
+#define def_loglinelen          (sudo_defs_table[33].sd_un.ival)
+#define I_LOGLINELEN            33
+#define def_timestamp_timeout   (sudo_defs_table[34].sd_un.ival)
+#define I_TIMESTAMP_TIMEOUT     34
+#define def_passwd_timeout      (sudo_defs_table[35].sd_un.ival)
+#define I_PASSWD_TIMEOUT        35
+#define def_passwd_tries        (sudo_defs_table[36].sd_un.ival)
+#define I_PASSWD_TRIES          36
+#define def_umask               (sudo_defs_table[37].sd_un.mode)
+#define I_UMASK                 37
+#define def_logfile             (sudo_defs_table[38].sd_un.str)
+#define I_LOGFILE               38
+#define def_mailerpath          (sudo_defs_table[39].sd_un.str)
+#define I_MAILERPATH            39
+#define def_mailerflags         (sudo_defs_table[40].sd_un.str)
+#define I_MAILERFLAGS           40
+#define def_mailto              (sudo_defs_table[41].sd_un.str)
+#define I_MAILTO                41
+#define def_mailsub             (sudo_defs_table[42].sd_un.str)
+#define I_MAILSUB               42
+#define def_badpass_message     (sudo_defs_table[43].sd_un.str)
+#define I_BADPASS_MESSAGE       43
+#define def_timestampdir        (sudo_defs_table[44].sd_un.str)
+#define I_TIMESTAMPDIR          44
+#define def_timestampowner      (sudo_defs_table[45].sd_un.str)
+#define I_TIMESTAMPOWNER        45
+#define def_exempt_group        (sudo_defs_table[46].sd_un.str)
+#define I_EXEMPT_GROUP          46
+#define def_passprompt          (sudo_defs_table[47].sd_un.str)
+#define I_PASSPROMPT            47
+#define def_runas_default       (sudo_defs_table[48].sd_un.str)
+#define I_RUNAS_DEFAULT         48
+#define def_editor              (sudo_defs_table[49].sd_un.str)
+#define I_EDITOR                49
+#define def_env_check           (sudo_defs_table[50].sd_un.list)
+#define I_ENV_CHECK             50
+#define def_env_delete          (sudo_defs_table[51].sd_un.list)
+#define I_ENV_DELETE            51
+#define def_env_keep            (sudo_defs_table[52].sd_un.list)
+#define I_ENV_KEEP              52
+#define def_listpw              (sudo_defs_table[53].sd_un.tuple)
+#define I_LISTPW                53
+#define def_verifypw            (sudo_defs_table[54].sd_un.tuple)
+#define I_VERIFYPW              54
 
 enum def_tupple {
        never,

diff --git a/def_data.in b/def_data.in
index 66710616e5ecb9f31fdedc6f2662a969011de506..eadb803585f226cdaefd5cb4a331bea0b25acee3 100644 (file)
--- a/def_data.in
+++ b/def_data.in
@@ -44,6 +44,9 @@ lecture
        T_TUPLE|T_BOOL
        "Lecture user the first time they run sudo"
        never once always
+lecture_file
+       T_STR|T_PATH|T_BOOL
+       "Path to a file containing the sudo lecture: %s"
 authenticate
        T_FLAG
        "Require users to authenticate by default"

diff --git a/sudoers.man.in b/sudoers.man.in
index fe82d626c5328236f862563e59e5177e3c0362e5..9f38af1d4be2304326f3f1a1714626c9089eaf96 100644 (file)
--- a/sudoers.man.in
+++ b/sudoers.man.in
@@ -167,7 +167,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "December 30, 2003" "1.6.8" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "January  4, 2004" "1.6.8" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudoers \- list of which users may execute what
 .SH "DESCRIPTION"
@@ -706,6 +706,10 @@ Always lecture the user.
 .Sp
 The default value is \fI@lecture@\fR.
 .RE
+.IP "lecture_file" 12
+.IX Item "lecture_file"
+Path to a file containing an alternate sudo lecture that will
+be used in place of the standard lecture if the named file exists.
 .IP "logfile" 12
 .IX Item "logfile"
 Path to the \fBsudo\fR log file (not the syslog log file).  Setting a path

diff --git a/sudoers.pod b/sudoers.pod
index 655eae4ff66cec0b18d4d45def79d8adcbae2aaa..78edcc0e69255d7c2c0db2f881d65d321d72e5ff 100644 (file)
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -609,6 +609,10 @@ Always lecture the user.
 
 The default value is I<@lecture@>.
 
+=item lecture_file
+
+Path to a file containing an alternate sudo lecture that will
+be used in place of the standard lecture if the named file exists.
 
 =item logfile