From: Todd C. Miller Date: Tue, 20 Jul 2010 17:20:53 +0000 (-0400) Subject: The tty_tickets option is now on by default. X-Git-Tag: SUDO_1_8_0~352 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2675524c3256cf1c56507527d82f42751584cbeb;p=sudo The tty_tickets option is now on by default. --- diff --git a/INSTALL b/INSTALL index 02f5626ae..50ba1dc05 100644 --- a/INSTALL +++ b/INSTALL @@ -475,13 +475,10 @@ The following options are also configurable at runtime: Number of minutes before the sudo password prompt times out. The default is 5, set this to 0 for no password timeout. - --with-tty-tickets - This makes sudo use a different ticket file for each user/tty combo. - Ie: instead of the ticket path being "username" it is "username/tty". - This is useful for "shared" accounts like "operator". Note that this - means that there will be more files in the timestamp dir. This is not - a problem if your system has a cron job to remove of files from /tmp - (or wherever you specified the timestamp dir to be). + --without-tty-tickets + By default, sudo uses a different ticket file for each user/tty combo. + With this option disabled, a single ticket will be used for all + of a user's login sessions. --with-insults Define this if you want to be insulted for typing an incorrect password diff --git a/WHATSNEW b/WHATSNEW index 1a73dfaa5..ccc2d2241 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -19,6 +19,8 @@ What's new in Sudo 1.7.4? than the boot time are ignored on systems where it is possible to determine this. + * The tty_tickets sudoers option is now enabled by default. + * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. diff --git a/config.h.in b/config.h.in index 8e2ed6eb3..e25e81af9 100644 --- a/config.h.in +++ b/config.h.in @@ -603,6 +603,10 @@ /* Define to 1 if you want a two line OTP (S/Key or OPIE) prompt. */ #undef LONG_OTP_PROMPT +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + /* The subject of the mail sent by sudo to the MAILTO user/address. */ #undef MAILSUBJECT @@ -632,6 +636,9 @@ /* Define to 1 if root should not be allowed to use sudo. */ #undef NO_ROOT_SUDO +/* Define to 1 if you want a single ticket file instead of per-tty files. */ +#undef NO_TTY_TICKETS + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT @@ -644,6 +651,9 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION @@ -663,9 +673,6 @@ /* The syslog priority sudo will use for successful attempts. */ #undef PRI_SUCCESS -/* Define to 1 if the `putenv' has a const argument. */ -#undef PUTENV_CONST - /* The user sudo should run commands as by default. */ #undef RUNAS_DEFAULT @@ -719,9 +726,6 @@ /* Define to 1 if you use GNU stow packaging. */ #undef USE_STOW -/* Define to 1 if you want a different ticket file for each tty. */ -#undef USE_TTY_TICKETS - /* Define to avoid using the passwd/shadow file for authentication. */ #undef WITHOUT_PASSWD diff --git a/configure b/configure index 186491252..781cf6cc0 100755 --- a/configure +++ b/configure @@ -2810,7 +2810,7 @@ runas_default=root env_editor=off editor=vi passwd_tries=3 -tty_tickets=off +tty_tickets=on insults=off root_sudo=on path_info=on @@ -4806,14 +4806,14 @@ if test "${with_tty_tickets+set}" = set; then : esac fi -if test "$tty_tickets" = "on"; then - $as_echo "#define USE_TTY_TICKETS 1" >>confdefs.h +if test "$tty_tickets" = "off"; then + $as_echo "#define NO_TTY_TICKETS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5 diff --git a/configure.in b/configure.in index e0968ba46..d198a3f08 100644 --- a/configure.in +++ b/configure.in @@ -124,7 +124,7 @@ runas_default=root env_editor=off editor=vi passwd_tries=3 -tty_tickets=off +tty_tickets=on insults=off root_sudo=on path_info=on @@ -922,11 +922,11 @@ AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; esac]) -if test "$tty_tickets" = "on"; then - AC_DEFINE(USE_TTY_TICKETS) - AC_MSG_RESULT(yes) -else +if test "$tty_tickets" = "off"; then + AC_DEFINE(NO_TTY_TICKETS) AC_MSG_RESULT(no) +else + AC_MSG_RESULT(yes) fi AC_MSG_CHECKING(whether to include insults) @@ -2838,6 +2838,7 @@ AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) +AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) @@ -2848,7 +2849,6 @@ AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) -AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) diff --git a/doc/UPGRADE b/doc/UPGRADE index cde28f2a8..8f98d2f70 100644 --- a/doc/UPGRADE +++ b/doc/UPGRADE @@ -10,6 +10,12 @@ o Upgrading from a version prior to 1.7.4: system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. + Additionally, the tty_tickets sudoers option is now enabled by + default. To restore the old behavior (single time stamp per user), + add a line like: + Defaults !tty_tickets + to sudoers or use the --without-tty-tickets configure option. + The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 7d2c664f1..28fafc722 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -45,10 +45,10 @@ DDEESSCCRRIIPPTTIIOONN _s_u_d_o_e_r_s uses time stamp files for credential caching. Once a user has been authenticated, a time stamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless - overridden by the _t_i_m_e_o_u_t option. By default, _s_u_d_o_e_r_s uses a per-user - time stamp which means the time stamp is shared across all of a user's - login sessions. The _t_t_y___t_i_c_k_e_t_s option can be used to enable per-tty - time stamps instead. + overridden by the _t_i_m_e_o_u_t option. By default, _s_u_d_o_e_r_s uses a tty-based + time stamp which means that there is a separate time stamp for each of + a user's login sessions. The _t_t_y___t_i_c_k_e_t_s option can be disabled to + force the use of a single time stamp for all of a user's sessions. _s_u_d_o_e_r_s can log both successful and unsuccessful attempts (as well as errors) to _s_y_s_l_o_g(3), a log file, or both. By default, _s_u_d_o_e_r_s will @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.8.0b1 July 19, 2010 1 +1.8.0b1 July 20, 2010 1 @@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT -1.8.0b1 July 19, 2010 2 +1.8.0b1 July 20, 2010 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 3 +1.8.0b1 July 20, 2010 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 4 +1.8.0b1 July 20, 2010 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 5 +1.8.0b1 July 20, 2010 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 6 +1.8.0b1 July 20, 2010 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 7 +1.8.0b1 July 20, 2010 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 8 +1.8.0b1 July 20, 2010 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 9 +1.8.0b1 July 20, 2010 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 10 +1.8.0b1 July 20, 2010 10 @@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.8.0b1 July 19, 2010 11 +1.8.0b1 July 20, 2010 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 12 +1.8.0b1 July 20, 2010 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 13 +1.8.0b1 July 20, 2010 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 14 +1.8.0b1 July 20, 2010 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 15 +1.8.0b1 July 20, 2010 15 @@ -1045,13 +1045,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) available logs. tty_tickets If set, users must authenticate on a per-tty basis. - Normally, ssuuddoo uses a directory in the ticket dir with - the same name as the user running it. With this flag - enabled, ssuuddoo will use a file named for the tty the + With this flag enabled, ssuuddoo will use a file named for + the tty the user is logged in on in the user's time + stamp directory. If disabled, the time stamp of the -1.8.0b1 July 19, 2010 16 +1.8.0b1 July 20, 2010 16 @@ -1060,8 +1060,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - user is logged in on in that directory. This flag is - _o_f_f by default. + directory is used instead. This flag is _o_n by default. umask_override If set, ssuuddoo will set the umask as specified by _s_u_d_o_e_r_s without modification. This makes it possible to @@ -1114,10 +1113,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) passwd_timeout Number of minutes before the ssuuddoo password prompt times out, or 0 for no timeout. The timeout may include a + fractional component if minute granularity is -1.8.0b1 July 19, 2010 17 +1.8.0b1 July 20, 2010 17 @@ -1126,7 +1126,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - fractional component if minute granularity is insufficient, for example 2.5. The default is 5. timestamp_timeout @@ -1183,7 +1182,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 18 + +1.8.0b1 July 20, 2010 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 19 +1.8.0b1 July 20, 2010 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 20 +1.8.0b1 July 20, 2010 20 @@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 21 +1.8.0b1 July 20, 2010 21 @@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 22 +1.8.0b1 July 20, 2010 22 @@ -1513,7 +1513,7 @@ EEXXAAMMPPLLEESS -1.8.0b1 July 19, 2010 23 +1.8.0b1 July 20, 2010 23 @@ -1579,7 +1579,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 24 +1.8.0b1 July 20, 2010 24 @@ -1645,7 +1645,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.8.0b1 July 19, 2010 25 +1.8.0b1 July 20, 2010 25 @@ -1711,7 +1711,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.8.0b1 July 19, 2010 26 +1.8.0b1 July 20, 2010 26 @@ -1777,7 +1777,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.8.0b1 July 19, 2010 27 +1.8.0b1 July 20, 2010 27 @@ -1843,7 +1843,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.8.0b1 July 19, 2010 28 +1.8.0b1 July 20, 2010 28 @@ -1909,6 +1909,6 @@ DDIISSCCLLAAIIMMEERR -1.8.0b1 July 19, 2010 29 +1.8.0b1 July 20, 2010 29 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index c77b27ff2..00e22d5c4 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "July 20, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -196,10 +196,10 @@ lookup is still done for root, not the user specified by \f(CW\*(C`SUDO_USER\*(C user has been authenticated, a time stamp is updated and the user may then use sudo without a password for a short period of time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless overridden by the \fItimeout\fR option. -By default, \fIsudoers\fR uses a per-user time stamp which means the -time stamp is shared across all of a user's login sessions. The -\&\fItty_tickets\fR option can be used to enable per-tty time stamps -instead. +By default, \fIsudoers\fR uses a tty-based time stamp which means that +there is a separate time stamp for each of a user's login sessions. +The \fItty_tickets\fR option can be disabled to force the use of a +single time stamp for all of a user's sessions. .PP \&\fIsudoers\fR can log both successful and unsuccessful attempts (as well as errors) to \fIsyslog\fR\|(3), a log file, or both. By default, \fIsudoers\fR @@ -1103,11 +1103,11 @@ Output logs may be viewed with the \fIsudoreplay\fR\|(@mansectsu@) utility, whic can also be used to list or search the available logs. .IP "tty_tickets" 16 .IX Item "tty_tickets" -If set, users must authenticate on a per-tty basis. Normally, -\&\fBsudo\fR uses a directory in the ticket dir with the same name as -the user running it. With this flag enabled, \fBsudo\fR will use a -file named for the tty the user is logged in on in that directory. -This flag is \fI@tty_tickets@\fR by default. +If set, users must authenticate on a per-tty basis. With this flag +enabled, \fBsudo\fR will use a file named for the tty the user is +logged in on in the user's time stamp directory. If disabled, the +time stamp of the directory is used instead. This flag is +\&\fI@tty_tickets@\fR by default. .IP "umask_override" 16 .IX Item "umask_override" If set, \fBsudo\fR will set the umask as specified by \fIsudoers\fR without diff --git a/doc/sudoers.pod b/doc/sudoers.pod index 83319a94d..a80b669a9 100644 --- a/doc/sudoers.pod +++ b/doc/sudoers.pod @@ -66,10 +66,10 @@ I uses time stamp files for credential caching. Once a user has been authenticated, a time stamp is updated and the user may then use sudo without a password for a short period of time (C<@timeout@> minutes unless overridden by the I option. -By default, I uses a per-user time stamp which means the -time stamp is shared across all of a user's login sessions. The -I option can be used to enable per-tty time stamps -instead. +By default, I uses a tty-based time stamp which means that +there is a separate time stamp for each of a user's login sessions. +The I option can be disabled to force the use of a +single time stamp for all of a user's sessions. I can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default, I @@ -1000,11 +1000,11 @@ can also be used to list or search the available logs. =item tty_tickets -If set, users must authenticate on a per-tty basis. Normally, -B uses a directory in the ticket dir with the same name as -the user running it. With this flag enabled, B will use a -file named for the tty the user is logged in on in that directory. -This flag is I<@tty_tickets@> by default. +If set, users must authenticate on a per-tty basis. With this flag +enabled, B will use a file named for the tty the user is +logged in on in the user's time stamp directory. If disabled, the +time stamp of the directory is used instead. This flag is +I<@tty_tickets@> by default. =item umask_override diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 0309658dc..8f39242a9 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -407,7 +407,7 @@ init_defaults(void) #ifdef SEND_MAIL_WHEN_NOT_OK def_mail_no_perms = TRUE; #endif -#ifdef USE_TTY_TICKETS +#ifndef NO_TTY_TICKETS def_tty_tickets = TRUE; #endif #ifndef NO_LECTURE