# # Format: # # var_name # TYPE # description (or NULL) # array of struct def_values if TYPE == T_TUPLE # # NOTE: for tuples that can be used in a boolean context the first # value corresponds to boolean FALSE and the second to TRUE. # syslog T_LOGFAC|T_BOOL "Syslog facility if syslog is being used for logging: %s" syslog_goodpri T_LOGPRI|T_BOOL "Syslog priority to use when user authenticates successfully: %s" syslog_badpri T_LOGPRI|T_BOOL "Syslog priority to use when user authenticates unsuccessfully: %s" long_otp_prompt T_FLAG "Put OTP prompt on its own line" ignore_dot T_FLAG "Ignore '.' in $PATH" mail_always T_FLAG "Always send mail when sudo is run" mail_badpass T_FLAG "Send mail if user authentication fails" mail_no_user T_FLAG "Send mail if the user is not in sudoers" mail_no_host T_FLAG "Send mail if the user is not in sudoers for this host" mail_no_perms T_FLAG "Send mail if the user is not allowed to run a command" mail_all_cmnds T_FLAG "Send mail if the user tries to run a command" tty_tickets T_FLAG "Use a separate timestamp for each user/tty combo" lecture T_TUPLE|T_BOOL "Lecture user the first time they run sudo" never once always lecture_file T_STR|T_PATH|T_BOOL "File containing the sudo lecture: %s" authenticate T_FLAG "Require users to authenticate by default" root_sudo T_FLAG "Root may run sudo" log_host T_FLAG "Log the hostname in the (non-syslog) log file" log_year T_FLAG "Log the year in the (non-syslog) log file" shell_noargs T_FLAG "If sudo is invoked with no arguments, start a shell" set_home T_FLAG "Set $HOME to the target user when starting a shell with -s" always_set_home T_FLAG "Always set $HOME to the target user's home directory" path_info T_FLAG "Allow some information gathering to give useful error messages" fqdn T_FLAG "Require fully-qualified hostnames in the sudoers file" insults T_FLAG "Insult the user when they enter an incorrect password" requiretty T_FLAG "Only allow the user to run sudo if they have a tty" env_editor T_FLAG "Visudo will honor the EDITOR environment variable" rootpw T_FLAG "Prompt for root's password, not the users's" runaspw T_FLAG "Prompt for the runas_default user's password, not the users's" targetpw T_FLAG "Prompt for the target user's password, not the users's" use_loginclass T_FLAG "Apply defaults in the target user's login class if there is one" set_logname T_FLAG "Set the LOGNAME and USER environment variables" stay_setuid T_FLAG "Only set the effective uid to the target user, not the real uid" preserve_groups T_FLAG "Don't initialize the group vector to that of the target user" loglinelen T_UINT|T_BOOL "Length at which to wrap log file lines (0 for no wrap): %u" timestamp_timeout T_TIMESPEC|T_BOOL "Authentication timestamp timeout: %.1f minutes" passwd_timeout T_TIMESPEC|T_BOOL "Password prompt timeout: %.1f minutes" passwd_tries T_UINT "Number of tries to enter a password: %u" umask T_MODE|T_BOOL "Umask to use or 0777 to use user's: 0%o" logfile T_STR|T_BOOL|T_PATH "Path to log file: %s" mailerpath T_STR|T_BOOL|T_PATH "Path to mail program: %s" mailerflags T_STR|T_BOOL "Flags for mail program: %s" mailto T_STR|T_BOOL "Address to send mail to: %s" mailfrom T_STR|T_BOOL "Address to send mail from: %s" mailsub T_STR "Subject line for mail messages: %s" badpass_message T_STR "Incorrect password message: %s" lecture_status_dir T_STR|T_PATH "Path to lecture status dir: %s" timestampdir T_STR|T_PATH "Path to authentication timestamp dir: %s" timestampowner T_STR "Owner of the authentication timestamp dir: %s" exempt_group T_STR|T_BOOL "Users in this group are exempt from password and PATH requirements: %s" passprompt T_STR "Default password prompt: %s" passprompt_override T_FLAG "If set, passprompt will override system prompt in all cases." runas_default T_STR "Default user to run commands as: %s" secure_path T_STR|T_BOOL "Value to override user's $PATH with: %s" editor T_STR|T_PATH "Path to the editor for use by visudo: %s" listpw T_TUPLE|T_BOOL "When to require a password for 'list' pseudocommand: %s" never any all always verifypw T_TUPLE|T_BOOL "When to require a password for 'verify' pseudocommand: %s" never all any always noexec T_FLAG "Preload the sudo_noexec library which replaces the exec functions" ignore_local_sudoers T_FLAG "If LDAP directory is up, do we ignore local sudoers file" closefrom T_INT "File descriptors >= %d will be closed before executing a command" closefrom_override T_FLAG "If set, users may override the value of "closefrom" with the -C option" setenv T_FLAG "Allow users to set arbitrary environment variables" env_reset T_FLAG "Reset the environment to a default set of variables" env_check T_LIST|T_BOOL "Environment variables to check for safety:" env_delete T_LIST|T_BOOL "Environment variables to remove:" env_keep T_LIST|T_BOOL "Environment variables to preserve:" role T_STR "SELinux role to use in the new security context: %s" type T_STR "SELinux type to use in the new security context: %s" env_file T_STR|T_PATH|T_BOOL "Path to the sudo-specific environment file: %s" restricted_env_file T_STR|T_PATH|T_BOOL "Path to the restricted sudo-specific environment file: %s" sudoers_locale T_STR "Locale to use while parsing sudoers: %s" visiblepw T_FLAG "Allow sudo to prompt for a password even if it would be visible" pwfeedback T_FLAG "Provide visual feedback at the password prompt when there is user input" fast_glob T_FLAG "Use faster globbing that is less accurate but does not access the filesystem" umask_override T_FLAG "The umask specified in sudoers will override the user's, even if it is more permissive" log_input T_FLAG "Log user's input for the command being run" log_stdin T_FLAG "Log the command's standard input if not connected to a terminal" log_ttyin T_FLAG "Log the user's terminal input for the command being run" log_output T_FLAG "Log the output of the command being run" log_stdout T_FLAG "Log the command's standard output if not connected to a terminal" log_stderr T_FLAG "Log the command's standard error if not connected to a terminal" log_ttyout T_FLAG "Log the terminal output of the command being run" compress_io T_FLAG "Compress I/O logs using zlib" use_pty T_FLAG "Always run commands in a pseudo-tty" group_plugin T_STR "Plugin for non-Unix group support: %s" iolog_dir T_STR|T_PATH "Directory in which to store input/output logs: %s" iolog_file T_STR "File in which to store the input/output log: %s" set_utmp T_FLAG "Add an entry to the utmp/utmpx file when allocating a pty" utmp_runas T_FLAG "Set the user in utmp to the runas user, not the invoking user" privs T_STR "Set of permitted privileges: %s" limitprivs T_STR "Set of limit privileges: %s" exec_background T_FLAG "Run commands on a pty in the background" pam_service T_STR "PAM service name to use: %s" pam_login_service T_STR "PAM service name to use for login shells: %s" pam_askpass_service T_STR "PAM service name to use when sudo is run with the -A option: %s" pam_setcred T_FLAG "Attempt to establish PAM credentials for the target user" pam_session T_FLAG "Create a new PAM session for the command to run in" pam_acct_mgmt T_FLAG "Perform PAM account validation management" maxseq T_STR "Maximum I/O log sequence number: %s" use_netgroups T_FLAG "Enable sudoers netgroup support" sudoedit_checkdir T_FLAG "Check parent directories for writability when editing files with sudoedit" sudoedit_follow T_FLAG "Follow symbolic links when editing files with sudoedit" always_query_group_plugin T_FLAG "Query the group plugin for unknown system groups" netgroup_tuple T_FLAG "Match netgroups based on the entire tuple: user, host and domain" ignore_audit_errors T_FLAG "Allow commands to be run even if sudo cannot write to the audit log" ignore_iolog_errors T_FLAG "Allow commands to be run even if sudo cannot write to the I/O log" ignore_logfile_errors T_FLAG "Allow commands to be run even if sudo cannot write to the log file" match_group_by_gid T_FLAG "Resolve groups in sudoers and match on the group ID, not the name" syslog_maxlen T_UINT "Log entries larger than this value will be split into multiple syslog messages: %u" iolog_user T_STR|T_BOOL "User that will own the I/O log files: %s" iolog_group T_STR|T_BOOL "Group that will own the I/O log files: %s" iolog_mode T_MODE "File mode to use for the I/O log files: 0%o" fdexec T_TUPLE|T_BOOL "Execute commands by file descriptor instead of by path: %s" never digest_only always ignore_unknown_defaults T_FLAG "Ignore unknown Defaults entries in sudoers instead of producing a warning" command_timeout T_TIMEOUT|T_BOOL "Time in seconds after which the command will be terminated: %u" user_command_timeouts T_FLAG "Allow the user to specify a timeout on the command line" iolog_flush T_FLAG "Flush I/O log data to disk immediately instead of buffering it" syslog_pid T_FLAG "Include the process ID when logging via syslog" timestamp_type T_TUPLE "Type of authentication timestamp record: %s" global ppid tty kernel authfail_message T_STR "Authentication failure message: %s" case_insensitive_user T_FLAG "Ignore case when matching user names" case_insensitive_group T_FLAG "Ignore case when matching group names" log_allowed T_FLAG "Log when a command is allowed by sudoers" log_denied T_FLAG "Log when a command is denied by sudoers" log_servers T_LIST|T_BOOL "Sudo log server(s) to connect to with optional port" log_server_timeout T_TIMEOUT|T_BOOL "Sudo log server timeout in seconds: %u" log_server_keepalive T_FLAG "Enable SO_KEEPALIVE socket option on the socket connected to the logserver" log_server_cabundle T_STR|T_BOOL|T_PATH "Path to the audit server's CA bundle file: %s" log_server_peer_cert T_STR|T_BOOL|T_PATH "Path to the sudoers certificate file: %s" log_server_peer_key T_STR|T_BOOL|T_PATH "Path to the sudoers private key file: %s" log_server_verify T_FLAG "Verify that the log server's certificate is valid" runas_allow_unknown_id T_FLAG "Allow the use of unknown runas user and/or group ID" runas_check_shell T_FLAG "Only permit running commands as a user with a valid shell" pam_ruser T_FLAG "Set the pam remote user to the user running sudo" pam_rhost T_FLAG "Set the pam remote host to the local host name" runcwd T_STR|T_BOOL|T_CHPATH "Working directory to change to before executing the command: %s" runchroot T_STR|T_BOOL|T_CHPATH "Root directory to change to before executing the command: %s" log_format T_TUPLE "The format of logs to produce: %s" sudo json selinux T_FLAG "Enable SELinux RBAC support" admin_flag T_STR|T_BOOL|T_CHPATH "Path to the file that is created the first time sudo is run: %s" intercept T_FLAG "Intercept further commands and apply sudoers restrictions to them" log_subcmds T_FLAG "Log sub-commands run by the original command" log_exit_status T_FLAG "Log the exit status of commands" intercept_authenticate T_FLAG "Subsequent commands in an intercepted session must be authenticated" intercept_allow_setid T_FLAG "Allow an intercepted command to run set setuid or setgid programs" rlimit_as T_RLIMIT|T_BOOL "The maximum size to which the process's address space may grow (in bytes): %s" rlimit_core T_RLIMIT|T_BOOL "The largest size core dump file that may be created (in bytes): %s" rlimit_cpu T_RLIMIT|T_BOOL "The maximum amount of CPU time that the process may use (in seconds): %s" rlimit_data T_RLIMIT|T_BOOL "The maximum size of the data segment for the process (in bytes): %s" rlimit_fsize T_RLIMIT|T_BOOL "The largest size file that the process may create (in bytes): %s" rlimit_locks T_RLIMIT|T_BOOL "The maximum number of locks that the process may establish: %s" rlimit_memlock T_RLIMIT|T_BOOL "The maximum size that the process may lock in memory (in bytes): %s" rlimit_nofile T_RLIMIT|T_BOOL "The maximum number of files that the process may have open: %s" rlimit_nproc T_RLIMIT|T_BOOL "The maximum number of processes that the user may run simultaneously: %s" rlimit_rss T_RLIMIT|T_BOOL "The maximum size to which the process's resident set size may grow (in bytes): %s" rlimit_stack T_RLIMIT|T_BOOL "The maximum size to which the process's stack may grow (in bytes): %s" noninteractive_auth T_FLAG "Attempt authentication even when in non-interactive mode" log_passwords T_FLAG "Store plaintext passwords in I/O log input" passprompt_regex T_LIST|T_SPACE|T_BOOL "List of regular expressions to use when matching a password prompt" intercept_type T_TUPLE "The mechanism used by the intercept and log_subcmds options: %s" dso trace intercept_verify T_FLAG "Attempt to verify the command and arguments after execution" apparmor_profile T_STR "AppArmor profile to use in the new security context: %s"