From: Todd C. Miller Date: Sun, 28 Apr 1996 00:40:14 +0000 (+0000) Subject: removed NO_PASSWD since it is not possible to do this in X-Git-Tag: SUDO_1_5_0~218 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3940833804f43d2c92b7691395b9e63a83dab55e;p=sudo removed NO_PASSWD since it is not possible to do this in the sudoers file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID. Added SUDOERS_MODE. --- diff --git a/OPTIONS b/OPTIONS index 5113004c2..bba3c018b 100644 --- a/OPTIONS +++ b/OPTIONS @@ -64,12 +64,6 @@ EXEMPTGROUP a password but where Jr. sysadmins need to. This is off by default. -NO_PASSWD - If this is defined then sudo will *never* ask for a password. - It should only be used in an environment where machines are - physically secure. It would be a very bad idea for an open - lab. - ENV_EDITOR Makes visudo consult the EDITOR and VISUAL environmental variables before falling back on the default editor. Note that this may create @@ -210,11 +204,19 @@ LONG_SKEY_PROMPT find it more convenient. This feature is off by default. -SUDOERS_OWNER - Who should own the sudoers file. This must be a username, *not* a uid. - This is useful if you want to make the sudoers file NFS-mounted - but don't want to let the clients mount the filesystem with - root proviledges. A good choice for SUDOERS_OWNER in this case is - "daemon", a bad choice would be nobody. Note that this is usually - set in the Makefile. - The default is "root" (remember the quotes). +SUDOERS_MODE + File mode for the sudoers file (octal). This should be 0440 if + you want to be able to share the sudoers file via NFS or 0400 + if you do not. The default mode is 0440. + +SUDOERS_UID + User id that "owns" the sudoers file. Note that this is the + numeric id, *not* the symbolic name. Also Note that this is + usually set in the Makefile. + The default is 0. + +SUDOERS_GID + Group id that "owns" the sudoers file. Note that this is the + numeric id, *not* the symbolic name. Also note that this is + usually set in the Makefile. + The default is 0. diff --git a/options.h b/options.h index 2f53ce591..f43a30d9b 100644 --- a/options.h +++ b/options.h @@ -40,7 +40,6 @@ #define SEND_MAIL_WHEN_NO_USER /* send mail when user not in sudoers file */ /*#define SEND_MAIL_WHEN_NOT_OK /* send mail if no permissions to run command */ /*#define EXEMPTGROUP "sudo" /* no passwd needed for users in this group */ -/*#define NO_PASSWD /* no passwds are required */ /*#define ENV_EDITOR /* visudo honors EDITOR and VISUAL envars */ #define SHORT_MESSAGE /* short sudo message, no copyright printed */ #define TIMEOUT 5 /* minutes before sudo asks for passwd again */ @@ -65,9 +64,15 @@ /*#define SKEY_ONLY /* validate user via s/key only */ /*#define LONG_SKEY_PROMPT /* use a two line s/key prompt */ #define FAST_MATCH /* command check fails if basenames not same */ -#ifndef SUDOERS_OWNER -#define SUDOERS_OWNER "root" /* sudoers file owner (usually root) */ -#endif /* SUDOERS_OWNER */ +#ifndef SUDOERS_MODE +#define SUDOERS_MODE 0440 /* file mode for sudoers (octal) */ +#endif /* SUDOERS_MODE */ +#ifndef SUDOERS_UID +#define SUDOERS_UID 0 /* user id that owns sudoers (*not* a name) */ +#endif /* SUDOERS_UID */ +#ifndef SUDOERS_GID +#define SUDOERS_GID 0 /* group id that owns sudoers (*not* a name) */ +#endif /* SUDOERS_GID */ /********** You probably don't want to modify anything below here ***********/