| # |
| # Format: |
| # |
| # var_name |
| # TYPE |
| # description (or NULL) |
| # array of struct def_values if TYPE == T_TUPLE |
| # |
| # NOTE: for tuples that can be used in a boolean context the first |
| # value corresponds to boolean FALSE and the second to TRUE. |
| # |
| |
| syslog |
| T_LOGFAC|T_BOOL |
| "Syslog facility if syslog is being used for logging: %s" |
| syslog_goodpri |
| T_LOGPRI |
| "Syslog priority to use when user authenticates successfully: %s" |
| syslog_badpri |
| T_LOGPRI |
| "Syslog priority to use when user authenticates unsuccessfully: %s" |
| long_otp_prompt |
| T_FLAG |
| "Put OTP prompt on its own line" |
| ignore_dot |
| T_FLAG |
| "Ignore '.' in $PATH" |
| mail_always |
| T_FLAG |
| "Always send mail when sudo is run" |
| mail_badpass |
| T_FLAG |
| "Send mail if user authentication fails" |
| mail_no_user |
| T_FLAG |
| "Send mail if the user is not in sudoers" |
| mail_no_host |
| T_FLAG |
| "Send mail if the user is not in sudoers for this host" |
| mail_no_perms |
| T_FLAG |
| "Send mail if the user is not allowed to run a command" |
| tty_tickets |
| T_FLAG |
| "Use a separate timestamp for each user/tty combo" |
| lecture |
| T_TUPLE|T_BOOL |
| "Lecture user the first time they run sudo" |
| never once always |
| lecture_file |
| T_STR|T_PATH|T_BOOL |
| "File containing the sudo lecture: %s" |
| authenticate |
| T_FLAG |
| "Require users to authenticate by default" |
| root_sudo |
| T_FLAG |
| "Root may run sudo" |
| log_host |
| T_FLAG |
| "Log the hostname in the (non-syslog) log file" |
| log_year |
| T_FLAG |
| "Log the year in the (non-syslog) log file" |
| shell_noargs |
| T_FLAG |
| "If sudo is invoked with no arguments, start a shell" |
| set_home |
| T_FLAG |
| "Set $HOME to the target user when starting a shell with -s" |
| always_set_home |
| T_FLAG |
| "Always set $HOME to the target user's home directory" |
| path_info |
| T_FLAG |
| "Allow some information gathering to give useful error messages" |
| fqdn |
| T_FLAG |
| "Require fully-qualified hostnames in the sudoers file" |
| insults |
| T_FLAG |
| "Insult the user when they enter an incorrect password" |
| requiretty |
| T_FLAG |
| "Only allow the user to run sudo if they have a tty" |
| env_editor |
| T_FLAG |
| "Visudo will honor the EDITOR environment variable" |
| rootpw |
| T_FLAG |
| "Prompt for root's password, not the users's" |
| runaspw |
| T_FLAG |
| "Prompt for the runas_default user's password, not the users's" |
| targetpw |
| T_FLAG |
| "Prompt for the target user's password, not the users's" |
| use_loginclass |
| T_FLAG |
| "Apply defaults in the target user's login class if there is one" |
| set_logname |
| T_FLAG |
| "Set the LOGNAME and USER environment variables" |
| stay_setuid |
| T_FLAG |
| "Only set the effective uid to the target user, not the real uid" |
| preserve_groups |
| T_FLAG |
| "Don't initialize the group vector to that of the target user" |
| loglinelen |
| T_UINT|T_BOOL |
| "Length at which to wrap log file lines (0 for no wrap): %d" |
| timestamp_timeout |
| T_FLOAT|T_BOOL |
| "Authentication timestamp timeout: %.1f minutes" |
| passwd_timeout |
| T_FLOAT|T_BOOL |
| "Password prompt timeout: %.1f minutes" |
| passwd_tries |
| T_UINT |
| "Number of tries to enter a password: %d" |
| umask |
| T_MODE|T_BOOL |
| "Umask to use or 0777 to use user's: 0%o" |
| logfile |
| T_STR|T_BOOL|T_PATH |
| "Path to log file: %s" |
| mailerpath |
| T_STR|T_BOOL|T_PATH |
| "Path to mail program: %s" |
| mailerflags |
| T_STR|T_BOOL |
| "Flags for mail program: %s" |
| mailto |
| T_STR|T_BOOL |
| "Address to send mail to: %s" |
| mailfrom |
| T_STR|T_BOOL |
| "Address to send mail from: %s" |
| mailsub |
| T_STR |
| "Subject line for mail messages: %s" |
| badpass_message |
| T_STR |
| "Incorrect password message: %s" |
| timestampdir |
| T_STR|T_PATH |
| "Path to authentication timestamp dir: %s" |
| timestampowner |
| T_STR |
| "Owner of the authentication timestamp dir: %s" |
| exempt_group |
| T_STR|T_BOOL |
| "Users in this group are exempt from password and PATH requirements: %s" |
| passprompt |
| T_STR |
| "Default password prompt: %s" |
| passprompt_override |
| T_FLAG |
| "If set, passprompt will override system prompt in all cases." |
| runas_default |
| T_STR |
| "Default user to run commands as: %s" |
| secure_path |
| T_STR|T_BOOL |
| "Value to override user's $PATH with: %s" |
| editor |
| T_STR|T_PATH |
| "Path to the editor for use by visudo: %s" |
| listpw |
| T_TUPLE|T_BOOL |
| "When to require a password for 'list' pseudocommand: %s" |
| never any all always |
| verifypw |
| T_TUPLE|T_BOOL |
| "When to require a password for 'verify' pseudocommand: %s" |
| never all any always |
| noexec |
| T_FLAG |
| "Preload the dummy exec functions contained in 'noexec_file'" |
| noexec_file |
| T_STR|T_PATH |
| "File containing dummy exec functions: %s" |
| ignore_local_sudoers |
| T_FLAG |
| "If LDAP directory is up, do we ignore local sudoers file" |
| closefrom |
| T_INT |
| "File descriptors >= %d will be closed before executing a command" |
| closefrom_override |
| T_FLAG |
| "If set, users may override the value of `closefrom' with the -C option" |
| setenv |
| T_FLAG |
| "Allow users to set arbitrary environment variables" |
| env_reset |
| T_FLAG |
| "Reset the environment to a default set of variables" |
| env_check |
| T_LIST|T_BOOL |
| "Environment variables to check for sanity:" |
| env_delete |
| T_LIST|T_BOOL |
| "Environment variables to remove:" |
| env_keep |
| T_LIST|T_BOOL |
| "Environment variables to preserve:" |
| role |
| T_STR |
| "SELinux role to use in the new security context: %s" |
| type |
| T_STR |
| "SELinux type to use in the new security context: %s" |
| askpass |
| T_STR|T_PATH|T_BOOL |
| "Path to the askpass helper program: %s" |
| env_file |
| T_STR|T_PATH|T_BOOL |
| "Path to the sudo-specific environment file: %s" |
| sudoers_locale |
| T_STR |
| "Locale to use while parsing sudoers: %s" |
| visiblepw |
| T_FLAG |
| "Allow sudo to prompt for a password even if it would be visisble" |
| pwfeedback |
| T_FLAG |
| "Provide visual feedback at the password prompt when there is user input" |
| fast_glob |
| T_FLAG |
| "Use faster globbing that is less accurate but does not access the filesystem" |
| umask_override |
| T_FLAG |
| "The umask specified in sudoers will override the user's, even if it is more permissive" |
| log_input |
| T_FLAG |
| "Log user's input for the command being run" |
| log_output |
| T_FLAG |
| "Log the output of the command being run" |
| compress_io |
| T_FLAG |
| "Compress I/O logs using zlib" |
| use_pty |
| T_FLAG |
| "Always run commands in a pseudo-tty" |