| 3 |
- |
1 |
#
|
|
|
2 |
# Default /etc/sudo.conf file
|
|
|
3 |
#
|
|
|
4 |
# Format:
|
|
|
5 |
# Plugin plugin_name plugin_path plugin_options ...
|
|
|
6 |
# Path askpass /path/to/askpass
|
|
|
7 |
# Path noexec /path/to/sudo_noexec.so
|
|
|
8 |
# Debug sudo /var/log/sudo_debug all@warn
|
|
|
9 |
# Set disable_coredump true
|
|
|
10 |
#
|
|
|
11 |
# Sudo plugins:
|
|
|
12 |
#
|
|
|
13 |
# The plugin_path is relative to ${prefix}/libexec unless fully qualified.
|
|
|
14 |
# The plugin_name corresponds to a global symbol in the plugin
|
|
|
15 |
# that contains the plugin interface structure.
|
|
|
16 |
# The plugin_options are optional.
|
|
|
17 |
#
|
|
|
18 |
# The sudoers plugin is used by default if no Plugin lines are present.
|
|
|
19 |
Plugin sudoers_policy sudoers.so
|
|
|
20 |
Plugin sudoers_io sudoers.so
|
|
|
21 |
|
|
|
22 |
#
|
|
|
23 |
# Sudo askpass:
|
|
|
24 |
#
|
|
|
25 |
# An askpass helper program may be specified to provide a graphical
|
|
|
26 |
# password prompt for "sudo -A" support. Sudo does not ship with its
|
|
|
27 |
# own passpass program but can use the OpenSSH askpass.
|
|
|
28 |
#
|
|
|
29 |
# Use the OpenSSH askpass
|
|
|
30 |
#Path askpass /usr/X11R6/bin/ssh-askpass
|
|
|
31 |
#
|
|
|
32 |
# Use the Gnome OpenSSH askpass
|
|
|
33 |
#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
|
|
|
34 |
|
|
|
35 |
#
|
|
|
36 |
# Sudo noexec:
|
|
|
37 |
#
|
|
|
38 |
# Path to a shared library containing dummy versions of the execv(),
|
|
|
39 |
# execve() and fexecve() library functions that just return an error.
|
|
|
40 |
# This is used to implement the "noexec" functionality on systems that
|
|
|
41 |
# support C<LD_PRELOAD> or its equivalent.
|
|
|
42 |
# The compiled-in value is usually sufficient and should only be changed
|
|
|
43 |
# if you rename or move the sudo_noexec.so file.
|
|
|
44 |
#
|
|
|
45 |
#Path noexec /usr/libexec/sudo_noexec.so
|
|
|
46 |
|
|
|
47 |
#
|
|
|
48 |
# Core dumps:
|
|
|
49 |
#
|
|
|
50 |
# By default, sudo disables core dumps while it is executing (they
|
|
|
51 |
# are re-enabled for the command that is run).
|
|
|
52 |
# To aid in debugging sudo problems, you may wish to enable core
|
|
|
53 |
# dumps by setting "disable_coredump" to false.
|
|
|
54 |
#
|
|
|
55 |
# Set to false here so as not to interfere with /proc/sys/fs/suid_dumpable
|
|
|
56 |
#
|
|
|
57 |
Set disable_coredump false
|