The following parameters may be specified by security policy:
- o\bo real and effective user ID
+ +\b+\bo\bo real and effective user ID
- o\bo real and effective group ID
+ +\b+\bo\bo real and effective group ID
- o\bo supplementary group IDs
+ +\b+\bo\bo supplementary group IDs
- o\bo the environment list
+ +\b+\bo\bo the environment list
- o\bo current working directory
+ +\b+\bo\bo current working directory
- o\bo file creation mode mask (umask)
+ +\b+\bo\bo file creation mode mask (umask)
- o\bo SELinux role and type
+ +\b+\bo\bo SELinux role and type
- o\bo Solaris project
+ +\b+\bo\bo Solaris project
- o\bo Solaris privileges
+ +\b+\bo\bo Solaris privileges
- o\bo BSD login class
+ +\b+\bo\bo BSD login class
- o\bo scheduling priority (aka nice value)
+ +\b+\bo\bo scheduling priority (aka nice value)
P\bPr\bro\boc\bce\bes\bss\bs m\bmo\bod\bde\bel\bl
When s\bsu\bud\bdo\bo runs a command, it calls fork(2), sets up the execution
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.11 February 15, 2014 Sudo 1.8.11
+Sudo 1.8.12 February 15, 2014 Sudo 1.8.12
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.11 October 21, 2014 Sudo 1.8.11
+Sudo 1.8.12 October 21, 2014 Sudo 1.8.12
signals while the plugin functions are run. The following signals are
trapped by default before the command is executed:
- o\bo SIGALRM
- o\bo SIGHUP
- o\bo SIGINT
- o\bo SIGQUIT
- o\bo SIGTERM
- o\bo SIGTSTP
- o\bo SIGUSR1
- o\bo SIGUSR2
+ +\b+\bo\bo SIGALRM
+ +\b+\bo\bo SIGHUP
+ +\b+\bo\bo SIGINT
+ +\b+\bo\bo SIGQUIT
+ +\b+\bo\bo SIGTERM
+ +\b+\bo\bo SIGTSTP
+ +\b+\bo\bo SIGUSR1
+ +\b+\bo\bo SIGUSR2
If a fatal signal is received before the command is executed, s\bsu\bud\bdo\bo will
call the plugin's c\bcl\blo\bos\bse\be() function with an exit status of 128 plus the
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.11 October 21, 2014 Sudo 1.8.11
+Sudo 1.8.12 October 21, 2014 Sudo 1.8.12
group provider plugin. For instance, the QAS AD plugin supports the
following formats:
- o\bo Group in the same domain: "%:Group Name"
+ +\b+\bo\bo Group in the same domain: "%:Group Name"
- o\bo Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
+ +\b+\bo\bo Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
- o\bo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
+ +\b+\bo\bo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
See _\bG_\bR_\bO_\bU_\bP _\bP_\bR_\bO_\bV_\bI_\bD_\bE_\bR _\bP_\bL_\bU_\bG_\bI_\bN_\bS for more information.
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.11 October 10, 2014 Sudo 1.8.11
+Sudo 1.8.12 October 10, 2014 Sudo 1.8.12
Using LDAP for _\bs_\bu_\bd_\bo_\be_\br_\bs has several benefits:
- o\bo s\bsu\bud\bdo\bo no longer needs to read _\bs_\bu_\bd_\bo_\be_\br_\bs in its entirety. When LDAP is
+ +\b+\bo\bo s\bsu\bud\bdo\bo no longer needs to read _\bs_\bu_\bd_\bo_\be_\br_\bs in its entirety. When LDAP is
used, there are only two or three LDAP queries per invocation. This
makes it especially fast and particularly usable in LDAP
environments.
- o\bo s\bsu\bud\bdo\bo no longer exits if there is a typo in _\bs_\bu_\bd_\bo_\be_\br_\bs. It is not
+ +\b+\bo\bo s\bsu\bud\bdo\bo no longer exits if there is a typo in _\bs_\bu_\bd_\bo_\be_\br_\bs. It is not
possible to load LDAP data into the server that does not conform to
the sudoers schema, so proper syntax is guaranteed. It is still
possible to have typos in a user or host name, but this will not
prevent s\bsu\bud\bdo\bo from running.
- o\bo It is possible to specify per-entry options that override the global
+ +\b+\bo\bo It is possible to specify per-entry options that override the global
default options. _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs only supports default options and
limited options associated with user/host/commands/aliases. The
syntax is complicated and can be difficult for users to understand.
Placing the options directly in the entry is more natural.
- o\bo The v\bvi\bis\bsu\bud\bdo\bo program is no longer needed. v\bvi\bis\bsu\bud\bdo\bo provides locking and
+ +\b+\bo\bo The v\bvi\bis\bsu\bud\bdo\bo program is no longer needed. v\bvi\bis\bsu\bud\bdo\bo provides locking and
syntax checking of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs file. Since LDAP updates are
atomic, locking is no longer necessary. Because syntax is checked
when the data is inserted into LDAP, there is no need for a
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.11 July 10, 2014 Sudo 1.8.11
+Sudo 1.8.12 July 10, 2014 Sudo 1.8.12
the underlying group provider plugin.
For instance, the QAS AD plugin supports the following formats:
.TP 6n
-\fBo\fR
+\fB\(bu\fR
Group in the same domain: "%:Group Name"
.TP 6n
-\fBo\fR
+\fB\(bu\fR
Group in any domain: "%:Group Name@FULLY.QUALIFIED.DOMAIN"
.TP 6n
-\fBo\fR
+\fB\(bu\fR
Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
.PP
See
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.11 February 15, 2014 Sudo 1.8.11
+Sudo 1.8.12 February 15, 2014 Sudo 1.8.12
projects / sudo / commitdiff