add group_source example

author Todd C. Miller <Todd.Miller@courtesan.com>

Tue, 5 Feb 2013 16:42:46 +0000 (11:42 -0500)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Tue, 5 Feb 2013 16:42:46 +0000 (11:42 -0500)
author Todd C. Miller <Todd.Miller@courtesan.com>
Tue, 5 Feb 2013 16:42:46 +0000 (11:42 -0500)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Tue, 5 Feb 2013 16:42:46 +0000 (11:42 -0500)
diff --git a/doc/sample.sudo.conf b/doc/sample.sudo.conf

index 0724c25031c2ba4aa447a7c11a81d0c9692f08d8..c605bb5b5546ea57b3b4879ac08141b6c39c82c6 100644 (file)
--- a/doc/sample.sudo.conf
+++ b/doc/sample.sudo.conf
@@ -53,3 +53,20 @@ Plugin sudoers_io sudoers.so
  # dumps by setting "disable_coredump" to false.
  #
  #Set disable_coredump false
+
+#
+# User groups:
+#
+# Sudo passes the user's group list to the policy plugin.
+# If the user is a member of the maximum number of groups (usually 16),
+# sudo will query the group database directly to be sure to include
+# the full list of groups.
+#
+# On some systems, this can be expensive so the behavior is configurable.
+# The "group_source" setting has three possible values:
+#   static   - use the user's list of groups returned by the kernel.
+#   dynamic  - query the group database to find the list of groups.
+#   adaptive - if user is in less than the maximum number of groups.
+#             use the kernel list, else query the group database.
+#
+#Set group_source static
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Tue, 5 Feb 2013 16:42:46 +0000 (11:42 -0500)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Tue, 5 Feb 2013 16:42:46 +0000 (11:42 -0500)