Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   sudo.conf    ( 5 )

конфигурация для внешнего интерфейса sudo (configuration for sudo front end)

  Name  |  Description  |  Files  |    Examples    |  See also  |  History  |

Примеры (Examples)

#
     # Default /etc/sudo.conf file
     #
     # Sudo plugins:
     #   Plugin plugin_name plugin_path plugin_options ...
     #
     # The plugin_path is relative to /usr/local/libexec/sudo unless
     #   fully qualified.
     # The plugin_name corresponds to a global symbol in the plugin
     #   that contains the plugin interface structure.
     # The plugin_options are optional.
     #
     # The sudoers plugin is used by default if no Plugin lines are present.
     #Plugin sudoers_policy sudoers.so
     #Plugin sudoers_io sudoers.so
     #Plugin sudoers_audit sudoers.so

# # Sudo askpass: # Path askpass /path/to/askpass # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with its # own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass #Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass

# # Sudo device search path: # Path devsearch /dev/path1:/dev/path2:/dev # # A colon-separated list of paths to check when searching for a user's # terminal device. # #Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev

# # Sudo command interception: # Path intercept /path/to/sudo_intercept.so # # Path to a shared library containing replacements for the execv() # and execve() library functions that perform a policy check to verify # the command is allowed and simply return an error if not. This is # used to implement the "intercept" functionality on systems that # support LD_PRELOAD or its equivalent. # # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_intercept.so file. # #Path intercept /usr/local/libexec/sudo/sudo_intercept.so

# # Sudo noexec: # Path noexec /path/to/sudo_noexec.so # # Path to a shared library containing replacements for the execv() # family of library functions that just return an error. This is # used to implement the "noexec" functionality on systems that support # LD_PRELOAD or its equivalent. # # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # #Path noexec /usr/local/libexec/sudo/sudo_noexec.so

# # Sudo plugin directory: # Path plugin_dir /path/to/plugins # # The default directory to use when searching for plugins that are # specified without a fully qualified path name. # #Path plugin_dir /usr/local/libexec/sudo

# # Sudo developer mode: # Set developer_mode true|false # # Allow loading of plugins that are owned by non-root or are writable # by "group" or "other". Should only be used during plugin development. #Set developer_mode true

# # Core dumps: # Set disable_coredump true|false # # By default, sudo disables core dumps while it is executing (they # are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # #Set disable_coredump false

# # User groups: # Set group_source static|dynamic|adaptive # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # #Set group_source static

# # Sudo interface probing: # Set probe_interfaces true|false # # By default, sudo will probe the system's network interfaces and # pass the IP address of each enabled interface to the policy plugin. # On systems with a large number of virtual interfaces this may take # a noticeable amount of time. # #Set probe_interfaces false

# # Sudo debug files: # Debug program /path/to/debug_log subsystem@priority[,subsyste@priority] # # Sudo and related programs support logging debug information to a file. # The program is typically sudo, sudoers.so, sudoreplay or visudo. # # Subsystems vary based on the program; "all" matches all subsystems. # Priority may be crit, err, warn, notice, diag, info, trace or debug. # Multiple subsystem@priority may be specified, separated by a comma. # #Debug sudo /var/log/sudo_debug all@debug #Debug sudoers.so /var/log/sudoers_debug all@debug