@@ -728,12 +728,12 @@ Defaults are listed in brackets after the description.
728728 By default, sudo requires the user to authenticate via a
729729 password or similar means. This options causes sudo to
730730 **not** require authentication. It is possible to turn
731- authentication back on in sudoers via the PASSWD attribute.
731+ authentication back on in sudoers via the PASSWD attribute.
732732 Sudoers option: !authenticate
733733
734734 --disable-env-reset
735735 Disable environment resetting. This sets the default value
736- of the "env_reset" Defaults option in sudoers to false.
736+ of the "env_reset" Defaults option in sudoers to false.
737737 Sudoers option: !env_reset
738738
739739 --disable-path-info
@@ -742,43 +742,43 @@ Defaults are listed in brackets after the description.
742742 be used to gather information on the location of executables that
743743 the normal user does not have access to. The disadvantage is that
744744 if the executable is simply not in the user's path, sudo will tell
745- the user that they are not allowed to run it, which can be confusing.
745+ the user that they are not allowed to run it, which can be confusing.
746746 Sudoers option: path_info
747747
748748 --disable-root-sudo
749749 Don't let root run sudo. This can be used to prevent people from
750750 "chaining" sudo commands to get a root shell by doing something
751- like `sudo sudo /bin/sh`.
751+ like `sudo sudo /bin/sh`.
752752 Sudoers option: !root_sudo
753753
754754 --disable-zlib
755755 Disable the use of the zlib compress library when storing
756- I/O log files.
756+ I/O log files.
757757 Sudoers option: !compress_io
758758
759759 --enable-log-host
760- Log the hostname in the log file.
760+ Log the hostname in the log file.
761761 Sudoers option: log_host
762762
763763 --enable-noargs-shell
764764 If sudo is invoked with no arguments it acts as if the "-s" flag had
765765 been given. That is, it runs a shell as root (the shell is determined
766766 by the SHELL environment variable, falling back on the shell listed
767- in the invoking user's `/etc/passwd` entry).
767+ in the invoking user's `/etc/passwd` entry).
768768 Sudoers option: shell_noargs
769769
770770 --enable-shell-sets-home
771771 If sudo is invoked with the "-s" flag the HOME environment variable
772772 will be set to the home directory of the target user (which is root
773773 unless the "-u" option is used). This option effectively makes the
774- "-s" flag imply "-H".
774+ "-s" flag imply "-H".
775775 Sudoers option: set_home
776776
777777 --enable-timestamp-type=TYPE
778778 Set the default time stamp record type. The TYPE may be "global"
779779 (a single record per user), "ppid" (a single record for process
780780 with the same parent process), or "tty" (a separate record for
781- each login session). The default is "tty".
781+ each login session). The default is "tty".
782782 Sudoers option: timestamp_type
783783
784784 --with-all-insults
@@ -796,13 +796,13 @@ Defaults are listed in brackets after the description.
796796
797797 --with-badpass-message="MESSAGE"
798798 Message that is displayed if a user enters an incorrect password.
799- The default is "Sorry, try again." unless insults are turned on.
799+ The default is "Sorry, try again." unless insults are turned on.
800800 Sudoers option: badpass_message
801801
802802 --with-badpri=PRIORITY
803803 Determines which syslog priority to log unauthenticated
804804 commands and errors. The following priorities are supported:
805- alert, crit, debug, emerg, err, info, notice, and warning.
805+ alert, crit, debug, emerg, err, info, notice, and warning.
806806 Sudoers option: syslog_badpri
807807
808808 --with-classic-insults
@@ -823,7 +823,7 @@ Defaults are listed in brackets after the description.
823823 single path name or a colon-separated list of editors. In the latter
824824 case, visudo will choose the editor that matches the user's SUDO_EDITOR,
825825 VISUAL or EDITOR environment variable, or the first editor in the list
826- that exists. The default is the path to vi on your system.
826+ that exists. The default is the path to vi on your system.
827827 Sudoers option: editor
828828
829829 --with-env-editor=no, --without-env-editor
@@ -834,14 +834,14 @@ Defaults are listed in brackets after the description.
834834 commands as root without logging. Some sites may with to disable this
835835 and use a colon-separated list of "safe" editors with the --with-editor
836836 option. visudo will then only use the SUDO_EDITOR, VISUAL, or EDITOR
837- variables if they match a value specified via --with-editor.
837+ variables if they match a value specified via --with-editor.
838838 Sudoers option: env_editor
839839
840840 --with-exempt=GROUP
841841 Users in the specified group don't need to enter a password when
842842 running sudo. This may be useful for sites that don't want their
843843 "core" sysadmins to have to enter a password but where Jr. sysadmins
844- need to. You should probably use NOPASSWD in sudoers instead.
844+ need to. You should probably use NOPASSWD in sudoers instead.
845845 Sudoers option: exempt_group
846846
847847 --with-fqdn
@@ -852,13 +852,13 @@ Defaults are listed in brackets after the description.
852852 sudo unusable if your DNS is totally hosed. You must use the host's
853853 official name as DNS knows it. That is, you may not use a host alias
854854 (CNAME entry) due to performance issues and the fact that there is no
855- way to get all aliases from DNS.
855+ way to get all aliases from DNS.
856856 Sudoers option: fqdn
857857
858858 --with-goodpri=PRIORITY
859859 Determines which syslog priority to log successfully authenticated
860860 commands. The following priorities are supported: alert, crit, debug,
861- emerg, err, info, notice, and warning.
861+ emerg, err, info, notice, and warning.
862862 Sudoers option: syslog_goodpri
863863
864864 --with-python-insults
@@ -878,7 +878,7 @@ Defaults are listed in brackets after the description.
878878
879879 --with-ignore-dot
880880 If set, sudo will ignore "." or "" (current dir) in $PATH.
881- The $PATH itself is not modified.
881+ The $PATH itself is not modified.
882882 Sudoers option: ignore_dot
883883
884884 --with-insults
@@ -900,11 +900,11 @@ Defaults are listed in brackets after the description.
900900 --with-iologdir[=DIR]
901901 By default, sudo stores I/O log files in either /var/log/sudo-io,
902902 /var/adm/sudo-io, or /usr/log/sudo-io. If this option is specified,
903- I/O logs will be stored in the indicated directory instead.
903+ I/O logs will be stored in the indicated directory instead.
904904 Sudoers option: iolog_dir
905905
906906 --with-lecture=no, --without-lecture
907- Don't print the lecture the first time a user runs sudo.
907+ Don't print the lecture the first time a user runs sudo.
908908 Sudoers option: !lecture
909909
910910 --with-logfac=FACILITY
@@ -913,83 +913,83 @@ Defaults are listed in brackets after the description.
913913 this for ancient syslogs but it will have no effect. The
914914 following facilities are supported: authpriv (if your OS
915915 supports it), auth, daemon, user, local0, local1, local2,
916- local3, local4, local5, local6, and local7.
916+ local3, local4, local5, local6, and local7.
917917 Sudoers option: syslog
918918
919919 --with-logging=TYPE
920920 How you want to do your logging. You may choose "syslog",
921921 "file", or "both". Setting this to "syslog" is nice because
922922 you can keep all of your sudo logs in one place (see the
923- example syslog.conf file). The default is "syslog".
923+ example syslog.conf file). The default is "syslog".
924924 Sudoers options: syslog and logfile
925925
926926 --with-loglen=NUMBER
927927 Number of characters per line for the file log. This is only used if
928928 you are to "file" or "both". This value is used to decide when to wrap
929929 lines for nicer log files. The default is 80. Setting this to 0
930- will disable the wrapping.
930+ will disable the wrapping.
931931 Sudoers options: loglinelen
932932
933933 --with-logpath=PATH
934934 Override the default location of the sudo log file and use
935935 "path" instead. By default will use /var/log/sudo.log if
936936 there is a /var/log dir, falling back to /var/adm/sudo.log
937- or /usr/adm/sudo.log if not.
937+ or /usr/adm/sudo.log if not.
938938 Sudoers option: logfile
939939
940940 --with-long-otp-prompt
941941 When validating with a One Time Password scheme (S/Key or
942942 OPIE), a two-line prompt is used to make it easier to cut
943943 and paste the challenge to a local window. It's not as
944- pretty as the default but some people find it more convenient.
944+ pretty as the default but some people find it more convenient.
945945 Sudoers option: long_otp_prompt
946946
947947 --with-mail-if-no-user=no, --without-mail-if-no-user
948948 Normally, sudo will mail to the "alertmail" user if the user invoking
949- sudo is not in the sudoers file. This option disables that behavior.
949+ sudo is not in the sudoers file. This option disables that behavior.
950950 Sudoers option: mail_no_user
951951
952952 --with-mail-if-no-host
953953 Send mail to the "alermail" user if the user exists in the sudoers
954- file, but is not allowed to run commands on the current host.
954+ file, but is not allowed to run commands on the current host.
955955 Sudoers option: mail_no_host
956956
957957 --with-mail-if-noperms
958958 Send mail to the "alermail" user if the user is allowed to use sudo but
959- the command they are trying is not listed in their sudoers file entry.
959+ the command they are trying is not listed in their sudoers file entry.
960960 Sudoers option: mail_no_perms
961961
962962 --with-mailsubject="SUBJECT"
963963 Subject of the mail sent to the "mailto" user. The token "%h"
964964 will expand to the hostname of the machine.
965- The default value is "*** SECURITY information for %h ***".
965+ The default value is "*** SECURITY information for %h ***".
966966 Sudoers option: mailsub
967967
968968 --with-mailto=USER|MAIL_ALIAS
969969 User (or mail alias) that mail from sudo is sent to.
970- This should go to a sysadmin at your site. The default value is "root".
970+ This should go to a sysadmin at your site. The default value is "root".
971971 Sudoers option: mailto
972972
973973 --with-passprompt="PROMPT"
974974 Default prompt to use when asking for a password; can be overridden
975975 via the -p option and the SUDO_PROMPT environment variable. Supports
976976 the "%H", "%h", "%U", and "%u" escapes as documented in the sudo
977- manual page. The default value is "Password:".
977+ manual page. The default value is "Password:".
978978 Sudoers option: passprompt
979979
980980 --with-password-timeout=NUMBER
981981 Number of minutes before the sudo password prompt times out.
982- The default is 5, set this to 0 for no password timeout.
982+ The default is 5, set this to 0 for no password timeout.
983983 Sudoers option: passwd_timeout
984984
985985 --with-passwd-tries=NUMBER
986986 Number of tries a user gets to enter his/her password before sudo logs
987- the failure and exits. The default is 3.
987+ the failure and exits. The default is 3.
988988 Sudoers option: passwd_tries
989989
990990 --with-runas-default=USER
991991 The default user to run commands as if the -u flag is not specified
992- on the command line. This defaults to "root".
992+ on the command line. This defaults to "root".
993993 Sudoers option: runas_default
994994
995995 --with-secure-path[=PATH]
@@ -1000,23 +1000,25 @@ Defaults are listed in brackets after the description.
10001000 path for your site. This is not applied to users in the group
10011001 specified by --with-exemptgroup. If you do not specify a path,
10021002 "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
1003- is used.
1003+ is used.
10041004 Sudoers option: secure_path
10051005
10061006 --with-secure-path-value[=PATH]
10071007 Sets the value of "secure_path" that is substituted into
1008- the default sudoers file. This option is intended to be
1009- used by package maintainers who wish to set "secure_path"
1010- to a system-specific value in the default sudoers file.
1011- It does not actually enable "secure-path".
1008+ the default sudoers file. A value of "no" will cause the
1009+ "secure_path" line in the default sudoers file to be commented
1010+ out. This option is intended to be used by package maintainers
1011+ who wish to set "secure_path" to a system-specific value
1012+ in the default sudoers file. It does not actually enable
1013+ "secure-path" in the sudoers plugin itself.
10121014
10131015 --with-sendmail=PATH
1014- Override configure's guess as to the location of sendmail.
1016+ Override configure's guess as to the location of sendmail.
10151017 Sudoers option: mailerpath
10161018
10171019 --with-sendmail=no, --without-sendmail
10181020 Do not use sendmail to mail messages to the "mailto" user.
1019- Use only if you don't run sendmail or the equivalent.
1021+ Use only if you don't run sendmail or the equivalent.
10201022 Sudoers options: !mailerpath or !mailto
10211023
10221024 --with-sudoers-mode=MODE
@@ -1037,21 +1039,21 @@ Defaults are listed in brackets after the description.
10371039
10381040 --with-timeout=NUMBER
10391041 Number of minutes that can elapse before sudo will ask for a passwd
1040- again. The default is 5, set it to 0 to always prompt for a password.
1042+ again. The default is 5, set it to 0 to always prompt for a password.
10411043 Sudoers option: timestamp_timeout
10421044
10431045 --with-umask=MASK
1044- Umask to use when running the root command. The default is 0022.
1046+ Umask to use when running the root command. The default is 0022.
10451047 Sudoers option: umask
10461048
10471049 --with-umask=no, --without-umask
1048- Preserves the umask of the user invoking sudo.
1050+ Preserves the umask of the user invoking sudo.
10491051 Sudoers option: !umask
10501052
10511053 --with-umask-override
10521054 Use the umask specified in sudoers even if it is less restrictive
10531055 than the user's. The default is to use the intersection of the
1054- user's umask and the umask specified in sudoers.
1056+ user's umask and the umask specified in sudoers.
10551057 Sudoers option: umask_override
10561058
10571059## OS dependent notes
0 commit comments