From: Todd C. Miller Date: Sun, 17 Jan 1999 21:33:55 +0000 (+0000) Subject: No longer used now that we have configure options for everything. X-Git-Tag: SUDO_1_5_8~32 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2853eeffaa7cfbe611a089bfc2ef9c74b82b088d;p=sudo No longer used now that we have configure options for everything. --- diff --git a/OPTIONS b/OPTIONS deleted file mode 100644 index ae924434e..000000000 --- a/OPTIONS +++ /dev/null @@ -1,248 +0,0 @@ -The following options may be used to configure sudo 1.4 - -RUNAS_DEFAULT - The default user to run commands as if the -u flag is not specified - on the command line. This defaults to "root". - -FQDN - Define this if you want to put fully qualified hostnames in the sudoers - file. Ie: instead of myhost you would use myhost.mydomain.edu. - You may still use the short form if you wish (and even mix the two). - Beware that turning FQDN on requires sudo to make DNS lookups which - may make sudo unusable if your DNS is totally hosed. - Also note that you must use the host's official name as DNS knows it. - That is, you may not use a host alias (CNAME entry) due to performance - issues and the fact that there is no way to get all aliases from DNS. - This is off by default. - -LOGGING - How you want to do your logging. Your choices are SLOG_SYSLOG, SLOG_FILE, - or SLOG_BOTH. Setting this to SYSLOG is nice because you can keep all - your sudo logs in one place. If you don't have syslog or if your syslog - is of an ancient vintage (4.2BSD, SunOS 3.x and all versions of Ultrix) - you should probably use FILE logging (the pathname for the log file is - in pathnames.h). If you are really serious about security you may want - to set LOGGING to SLOG_BOTH (to keep people from killing your syslog with - a denial of service attack while they do something nasty). - The default is to use SLOG_SYSLOG. - -LOGFAC - What syslog facility to log to. This requires a 4.3BSD or later - version of syslog. You can still set this for ancient syslogs - but it will have no effect. - The default is to use LOG_LOCAL2 but you may want to use LOG_AUTH. - -MAXLOGFILELEN - Number of characters per line for the file log. This is only - used if you are LOGGING to FILE or BOTH. MAXLOGFILELEN is used to - decide when to wrap lines for nicer log files. You can set it to 0 - if you don't want any word wrapping in your log files. - The default is 80. - -NO_ROOT_SUDO - Don't let root run sudo. This can be used to prevent people from - "chaining" sudo commands to get a root shell by doing something - like "sudo sudo /bin/sh". - This is off by default. - -ALERTMAIL - User that mail from sudo is sent to. This should go to a sysadmin - at your site. - The default is "root". - -SEND_MAIL_WHEN_NO_USER - Send mail to ALERMAIL if the user invoking sudo is not in the sudoers file. - You probably want this on so you can yell at people trying to use sudo - when they are not allowed to. - This is on by default. - -SEND_MAIL_WHEN_NOT_OK - Send mail to ALERMAIL if the user is allowed to use sudo but the - command they are trying is not listed in their sudoers file entry. - This is off by default. - -EXEMPTGROUP - If this is defined then users in the group defined by EXEMPTGROUP - don't need to enter a password when running sudo. This may be useful - for sites that don't want their "core" sysadmins to have to enter - a password but where Jr. sysadmins need to. - This is off by default. - -ENV_EDITOR - Makes visudo consult the EDITOR and VISUAL environmental variables - before falling back on the default editor. Note that this may create - a security hole as most editors allow a user to get a shell (which would - be a root shell and hence, no logging). - This is off by default. - -SHORT_MESSAGE - Omits the copyright message from the "lecture" one gets when running - sudo for the first time on a machine. - This is on by default. - -NO_MESSAGE - Omits the "lecture" one gets when running sudo for the first time - on a machine. - This is off by default. - -TIMEOUT - Number of minutes that can elapse before sudo will ask for a passwd again. - The default is 5, set this to 0 to always prompt for a password. - -PASSWORD_TIMEOUT - Number of minutes before the sudo password prompt times out. - The default is 5, set this to 0 for no password timeout. - -TRIES_FOR_PASSWORD - Number of tries a user gets to enter his/her password before sudo - logs the failure and exits. - The default is 3. - -USE_INSULTS - Define this if you want to be insulted for typing an incorrect password - just like the original sudo(8). - This is off by default. - -CLASSIC_INSULTS - Uses insults from sudo "classic." If you just define USE_INSULTS - you will get the classic and CSOps insults. - This is on by default if USE_INSULTS is defined. - -HAL_INSULTS - Uses 2001-like insults when an incorrect password is entered. You must - define USE_INSULTS as well for this to have any effect. - This is off by default. - -GOONS_INSULTS - Insults the user with lines from the "Goon Show" when an incorrect - password is entered. You must define USE_INSULTS as well for this - to have any effect. - This is off by default. - -CSOPS_INSULTS - Insults the user with an extra set of insults (some quotes, some original) - from a sysadmin group at CU (CSOps). You must define USE_INSULTS as well - for this to have any effect. - This is on by default if USE_INSULTS is defined. - -EDITOR - This is the default editor used by visudo (and the only editor used unless - ENV_EDITOR is defined). - The default is _PATH_VI (where vi lives). - -MAILER - Mailer used to send mail when someone tries to sudo and access is denied. - As such, this should not be /usr/ucb/Mail or mailx. Sudo is setup to - use sendmail, but it should be possible to use smail as well. - The default is _PATH_SENDMAIL (where sendmail lives). - -UMASK - Umask to use when running the root command. If you do not define this - sudo will preserve the umask of the user invoking sudo. - The default is 0022. - -INCORRECT_PASSWORD - Message that is displayed if a user enters an incorrect password. - The default is "Sorry, try again." - -MAILSUBJECT - Subject of the mail sent to the ALERTMAIL user. The token "%h" - will expand to the hostname of the machine. - Default is "*** SECURITY information for %h ***". - -PASSPROMPT - Default prompt to use when asking for a password. Can be overridden - via the -p option. Supports two escapes: "%u" expands to the - user's login name and "%h" expands to the local hostname. - Default is "Password:". - -SECURE_PATH - Path used for every command run from sudo(8). If you don't trust - the people running sudo to have a sane PATH environmental variable - you may want to define SECURE_PATH. Another use is if you want to - have the "root path" be separate from the "user path." You will - need to customize the path for your site. - NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP. - This is off by default. - -IGNORE_DOT_PATH - If defined, sudo will ignore '.' or '' (current dir) in $PATH. - The $PATH itself is not modified. - This is off by default. - -USE_EXECV - Use execv() to exec the command instead of execvp(). I can't think of - a reason to actually do this since execvp() is passed a fully qualified - pathname but someone might thoroughly distrust execvp(). Note that if - you define this you lose the ability to exec scripts that are missing the - '#!/bin/sh' cookie (like /bin/kill on sunos and /etc/fastboot on 4.3BSD). - This is off by default. - -SHELL_IF_NO_ARGS - If sudo is invoked with no arguments it acts as if the "-s" flag - had been given. Namely, it runs a shell as root (the shell is - determined by the SHELL envariable, falling back on the shell listed - in the invoking user's /etc/passwd entry). - This is off by default. - -SHELL_SETS_HOME - If sudo is invoked with the "-s" flag the HOME environmental variable - will be set to the home directory of the target user (which is root - unless the "-u" option is used). This option effectively makes the - "-s" flag imply "-H". - This is off by default. - -USE_TTY_TICKETS - This makes sudo use a different ticket file for each tty (per user). - Ie: instead of the ticket file being "username" it is "username.tty". - This offers increased security in an open lab or with "shared" - accounts like "operator." Note that this means that there will - be more files in the timestamp dir. This is not a problem is your - system has a cron job to remove of files from /tmp (or wherever - you specified the timestamp dir to be). - This feature is off by default. - -STUB_LOAD_INTERFACES - This option keeps sudo from trying to glean the ip address from - each attached ethernet interface. It is only useful on a machine - where sudo's interface reading support does not work, which may - be the case on some SysV-based OS's. - -FAST_MATCH - When matching a given command to a path listed in the sudoers file, - only check the inodes for a match if the basenames match. - If you want links to a command to be allowed then you should turn - this off, but it will make things take a little longer. - This is on by default. - -OTP_ONLY - When validating the user, only allow a One Time Password (OTP) - passkey. Do not compare against the passwd file or use any - other authentication scheme. This is only useful if you want - to force people to use s/key or opie. - This feature is off by default. - -LONG_OTP_PROMPT - When validating with a One Time Password scheme (s/key or opie) - a two-line prompt is used to make it easier to cut and paste - the challenge to a local window. It's not as pretty as the - default but some people find it more convenient. - This feature is off by default. - -SUDOERS_MODE - File mode for the sudoers file (octal). Note that if you - wish to NFS-mount the sudoers file this must be group - readable. Also Note that this is usually set in the Makefile. - The default mode is 0440. - -SUDOERS_UID - User id that "owns" the sudoers file. Note that this is the - numeric id, *not* the symbolic name. Also Note that this is - usually set in the Makefile. - The default is 0. - -SUDOERS_GID - Group id that "owns" the sudoers file. Note that this is the - numeric id, *not* the symbolic name. Also note that this is - usually set in the Makefile. - The default is 0.