diff options
Diffstat (limited to 'plugins/sudoers/def_data.in')
-rw-r--r-- | plugins/sudoers/def_data.in | 359 |
1 files changed, 359 insertions, 0 deletions
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in new file mode 100644 index 0000000..99d4360 --- /dev/null +++ b/plugins/sudoers/def_data.in @@ -0,0 +1,359 @@ +# +# Format: +# +# var_name +# TYPE +# description (or NULL) +# array of struct def_values if TYPE == T_TUPLE +# +# NOTE: for tuples that can be used in a boolean context the first +# value corresponds to boolean FALSE and the second to TRUE. +# + +syslog + T_LOGFAC|T_BOOL + "Syslog facility if syslog is being used for logging: %s" +syslog_goodpri + T_LOGPRI|T_BOOL + "Syslog priority to use when user authenticates successfully: %s" +syslog_badpri + T_LOGPRI|T_BOOL + "Syslog priority to use when user authenticates unsuccessfully: %s" +long_otp_prompt + T_FLAG + "Put OTP prompt on its own line" +ignore_dot + T_FLAG + "Ignore '.' in $PATH" +mail_always + T_FLAG + "Always send mail when sudo is run" +mail_badpass + T_FLAG + "Send mail if user authentication fails" +mail_no_user + T_FLAG + "Send mail if the user is not in sudoers" +mail_no_host + T_FLAG + "Send mail if the user is not in sudoers for this host" +mail_no_perms + T_FLAG + "Send mail if the user is not allowed to run a command" +mail_all_cmnds + T_FLAG + "Send mail if the user tries to run a command" +tty_tickets + T_FLAG + "Use a separate timestamp for each user/tty combo" +lecture + T_TUPLE|T_BOOL + "Lecture user the first time they run sudo" + never once always +lecture_file + T_STR|T_PATH|T_BOOL + "File containing the sudo lecture: %s" +authenticate + T_FLAG + "Require users to authenticate by default" +root_sudo + T_FLAG + "Root may run sudo" +log_host + T_FLAG + "Log the hostname in the (non-syslog) log file" +log_year + T_FLAG + "Log the year in the (non-syslog) log file" +shell_noargs + T_FLAG + "If sudo is invoked with no arguments, start a shell" +set_home + T_FLAG + "Set $HOME to the target user when starting a shell with -s" +always_set_home + T_FLAG + "Always set $HOME to the target user's home directory" +path_info + T_FLAG + "Allow some information gathering to give useful error messages" +fqdn + T_FLAG + "Require fully-qualified hostnames in the sudoers file" +insults + T_FLAG + "Insult the user when they enter an incorrect password" +requiretty + T_FLAG + "Only allow the user to run sudo if they have a tty" +env_editor + T_FLAG + "Visudo will honor the EDITOR environment variable" +rootpw + T_FLAG + "Prompt for root's password, not the users's" +runaspw + T_FLAG + "Prompt for the runas_default user's password, not the users's" +targetpw + T_FLAG + "Prompt for the target user's password, not the users's" +use_loginclass + T_FLAG + "Apply defaults in the target user's login class if there is one" +set_logname + T_FLAG + "Set the LOGNAME and USER environment variables" +stay_setuid + T_FLAG + "Only set the effective uid to the target user, not the real uid" +preserve_groups + T_FLAG + "Don't initialize the group vector to that of the target user" +loglinelen + T_UINT|T_BOOL + "Length at which to wrap log file lines (0 for no wrap): %u" +timestamp_timeout + T_TIMESPEC|T_BOOL + "Authentication timestamp timeout: %.1f minutes" +passwd_timeout + T_TIMESPEC|T_BOOL + "Password prompt timeout: %.1f minutes" +passwd_tries + T_UINT + "Number of tries to enter a password: %u" +umask + T_MODE|T_BOOL + "Umask to use or 0777 to use user's: 0%o" +logfile + T_STR|T_BOOL|T_PATH + "Path to log file: %s" +mailerpath + T_STR|T_BOOL|T_PATH + "Path to mail program: %s" +mailerflags + T_STR|T_BOOL + "Flags for mail program: %s" +mailto + T_STR|T_BOOL + "Address to send mail to: %s" +mailfrom + T_STR|T_BOOL + "Address to send mail from: %s" +mailsub + T_STR + "Subject line for mail messages: %s" +badpass_message + T_STR + "Incorrect password message: %s" +lecture_status_dir + T_STR|T_PATH + "Path to lecture status dir: %s" +timestampdir + T_STR|T_PATH + "Path to authentication timestamp dir: %s" +timestampowner + T_STR + "Owner of the authentication timestamp dir: %s" +exempt_group + T_STR|T_BOOL + "Users in this group are exempt from password and PATH requirements: %s" +passprompt + T_STR + "Default password prompt: %s" +passprompt_override + T_FLAG + "If set, passprompt will override system prompt in all cases." +runas_default + T_STR + "Default user to run commands as: %s" +secure_path + T_STR|T_BOOL + "Value to override user's $PATH with: %s" +editor + T_STR|T_PATH + "Path to the editor for use by visudo: %s" +listpw + T_TUPLE|T_BOOL + "When to require a password for 'list' pseudocommand: %s" + never any all always +verifypw + T_TUPLE|T_BOOL + "When to require a password for 'verify' pseudocommand: %s" + never all any always +noexec + T_FLAG + "Preload the dummy exec functions contained in the sudo_noexec library" +ignore_local_sudoers + T_FLAG + "If LDAP directory is up, do we ignore local sudoers file" +closefrom + T_INT + "File descriptors >= %d will be closed before executing a command" +closefrom_override + T_FLAG + "If set, users may override the value of `closefrom' with the -C option" +setenv + T_FLAG + "Allow users to set arbitrary environment variables" +env_reset + T_FLAG + "Reset the environment to a default set of variables" +env_check + T_LIST|T_BOOL + "Environment variables to check for sanity:" +env_delete + T_LIST|T_BOOL + "Environment variables to remove:" +env_keep + T_LIST|T_BOOL + "Environment variables to preserve:" +role + T_STR + "SELinux role to use in the new security context: %s" +type + T_STR + "SELinux type to use in the new security context: %s" +env_file + T_STR|T_PATH|T_BOOL + "Path to the sudo-specific environment file: %s" +restricted_env_file + T_STR|T_PATH|T_BOOL + "Path to the restricted sudo-specific environment file: %s" +sudoers_locale + T_STR + "Locale to use while parsing sudoers: %s" +visiblepw + T_FLAG + "Allow sudo to prompt for a password even if it would be visible" +pwfeedback + T_FLAG + "Provide visual feedback at the password prompt when there is user input" +fast_glob + T_FLAG + "Use faster globbing that is less accurate but does not access the filesystem" +umask_override + T_FLAG + "The umask specified in sudoers will override the user's, even if it is more permissive" +log_input + T_FLAG + "Log user's input for the command being run" +log_output + T_FLAG + "Log the output of the command being run" +compress_io + T_FLAG + "Compress I/O logs using zlib" +use_pty + T_FLAG + "Always run commands in a pseudo-tty" +group_plugin + T_STR + "Plugin for non-Unix group support: %s" +iolog_dir + T_STR|T_PATH + "Directory in which to store input/output logs: %s" +iolog_file + T_STR + "File in which to store the input/output log: %s" +set_utmp + T_FLAG + "Add an entry to the utmp/utmpx file when allocating a pty" +utmp_runas + T_FLAG + "Set the user in utmp to the runas user, not the invoking user" +privs + T_STR + "Set of permitted privileges: %s" +limitprivs + T_STR + "Set of limit privileges: %s" +exec_background + T_FLAG + "Run commands on a pty in the background" +pam_service + T_STR + "PAM service name to use: %s" +pam_login_service + T_STR + "PAM service name to use for login shells: %s" +pam_setcred + T_FLAG + "Attempt to establish PAM credentials for the target user" +pam_session + T_FLAG + "Create a new PAM session for the command to run in" +maxseq + T_UINT + "Maximum I/O log sequence number: %u" +use_netgroups + T_FLAG + "Enable sudoers netgroup support" +sudoedit_checkdir + T_FLAG + "Check parent directories for writability when editing files with sudoedit" +sudoedit_follow + T_FLAG + "Follow symbolic links when editing files with sudoedit" +always_query_group_plugin + T_FLAG + "Query the group plugin for unknown system groups" +netgroup_tuple + T_FLAG + "Match netgroups based on the entire tuple: user, host and domain" +ignore_audit_errors + T_FLAG + "Allow commands to be run even if sudo cannot write to the audit log" +ignore_iolog_errors + T_FLAG + "Allow commands to be run even if sudo cannot write to the I/O log" +ignore_logfile_errors + T_FLAG + "Allow commands to be run even if sudo cannot write to the log file" +match_group_by_gid + T_FLAG + "Resolve groups in sudoers and match on the group ID, not the name" +syslog_maxlen + T_UINT + "Log entries larger than this value will be split into multiple syslog messages: %u" +iolog_user + T_STR|T_BOOL + "User that will own the I/O log files: %s" +iolog_group + T_STR|T_BOOL + "Group that will own the I/O log files: %s" +iolog_mode + T_MODE + "File mode to use for the I/O log files: 0%o" +fdexec + T_TUPLE|T_BOOL + "Execute commands by file descriptor instead of by path: %s" + never digest_only always +ignore_unknown_defaults + T_FLAG + "Ignore unknown Defaults entries in sudoers instead of producing a warning" +command_timeout + T_TIMEOUT|T_BOOL + "Time in seconds after which the command will be terminated: %u" +user_command_timeouts + T_FLAG + "Allow the user to specify a timeout on the command line" +iolog_flush + T_FLAG + "Flush I/O log data to disk immediately instead of buffering it" +syslog_pid + T_FLAG + "Include the process ID when logging via syslog" +timestamp_type + T_TUPLE + "Type of authentication timestamp record: %s" + global ppid tty kernel +authfail_message + T_STR + "Authentication failure message: %s" +case_insensitive_user + T_FLAG + "Ignore case when matching user names" +case_insensitive_group + T_FLAG + "Ignore case when matching group names" |