плагин политики безопасности sudo по умолчанию (default sudo security policy plugin)
GROUP PROVIDER PLUGINS
The sudoers plugin supports its own plugin interface to allow non-
Unix group lookups which can query a group source other than the
standard Unix group database. This can be used to implement
support for the nonunix_group syntax described earlier.
Group provider plugins are specified via the group_plugin setting.
The argument to group_plugin should consist of the plugin path,
either fully-qualified or relative to the /usr/local/libexec/sudo
directory, followed by any configuration options the plugin
requires. These options (if specified) will be passed to the
plugin's initialization function. If options are present, the
string must be enclosed in double quotes ("").
The following group provider plugins are installed by default:
group_file
The group_file plugin supports an alternate group file
that uses the same syntax as the /etc/group file. The
path to the group file should be specified as an option
to the plugin. For example, if the group file to be used
is /etc/sudo-group:
Defaults group_plugin="group_file.so /etc/sudo-group"
system_group
The system_group plugin supports group lookups via the
standard C library functions getgrnam() and getgrid().
This plugin can be used in instances where the user
belongs to groups not present in the user's supplemental
group vector. This plugin takes no options:
Defaults group_plugin=system_group.so
The group provider plugin API is described in detail in
sudo_plugin(5).
