# # Sample /etc/sudo.conf file # # Format: # Plugin plugin_name plugin_path plugin_options ... # Path askpass /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug sudo /var/log/sudo_debug all@warn # Set disable_coredump true # # Sudo plugins: # # The plugin_path is relative to ${prefix}/libexec unless fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so # # Sudo askpass: # # An askpass helper program may be specified to provide a graphical # password prompt for "sudo -A" support. Sudo does not ship with its # own askpass program but can use the OpenSSH askpass. # # Use the OpenSSH askpass Path askpass /usr/X11R6/bin/ssh-askpass # # Use the Gnome OpenSSH askpass #Path askpass /usr/libexec/openssh/gnome-ssh-askpass # # Sudo noexec: # # Path to a shared library containing replacements for the execv(), # execve() and fexecve() library functions that just return an error. # This is used to implement the "noexec" functionality on systems that # support LD_PRELOAD or its equivalent. # The compiled-in value is usually sufficient and should only be changed # if you rename or move the sudo_noexec.so file. # Path noexec /usr/local/libexec/sudo_noexec.so Path noexec /usr/libexec/sudo_noexec.so # # Core dumps: # # By default, sudo disables core dumps while it is executing (they # are re-enabled for the command that is run). # To aid in debugging sudo problems, you may wish to enable core # dumps by setting "disable_coredump" to false. # Set disable_coredump false # # User groups: # # Sudo passes the user's group list to the policy plugin. # If the user is a member of the maximum number of groups (usually 16), # sudo will query the group database directly to be sure to include # the full list of groups. # # On some systems, this can be expensive so the behavior is configurable. # The "group_source" setting has three possible values: # static - use the user's list of groups returned by the kernel. # dynamic - query the group database to find the list of groups. # adaptive - if user is in less than the maximum number of groups. # use the kernel list, else query the group database. # Set group_source static