1 /* generated file, do not edit */ 2 3 static struct def_values def_data_lecture[] = { 4 { "never", never }, 5 { "once", once }, 6 { "always", always }, 7 { NULL, 0 }, 8 }; 9 10 static struct def_values def_data_listpw[] = { 11 { "never", never }, 12 { "any", any }, 13 { "all", all }, 14 { "always", always }, 15 { NULL, 0 }, 16 }; 17 18 static struct def_values def_data_verifypw[] = { 19 { "never", never }, 20 { "all", all }, 21 { "any", any }, 22 { "always", always }, 23 { NULL, 0 }, 24 }; 25 26 static struct def_values def_data_fdexec[] = { 27 { "never", never }, 28 { "digest_only", digest_only }, 29 { "always", always }, 30 { NULL, 0 }, 31 }; 32 33 static struct def_values def_data_timestamp_type[] = { 34 { "global", global }, 35 { "ppid", ppid }, 36 { "tty", tty }, 37 { "kernel", kernel }, 38 { NULL, 0 }, 39 }; 40 41 static struct def_values def_data_log_format[] = { 42 { "sudo", sudo }, 43 { "json", json }, 44 { NULL, 0 }, 45 }; 46 47 struct sudo_defs_types sudo_defs_table[] = { 48 { 49 "syslog", T_LOGFAC|T_BOOL, 50 N_("Syslog facility if syslog is being used for logging: %s"), 51 NULL, 52 }, { 53 "syslog_goodpri", T_LOGPRI|T_BOOL, 54 N_("Syslog priority to use when user authenticates successfully: %s"), 55 NULL, 56 }, { 57 "syslog_badpri", T_LOGPRI|T_BOOL, 58 N_("Syslog priority to use when user authenticates unsuccessfully: %s"), 59 NULL, 60 }, { 61 "long_otp_prompt", T_FLAG, 62 N_("Put OTP prompt on its own line"), 63 NULL, 64 }, { 65 "ignore_dot", T_FLAG, 66 N_("Ignore '.' in $PATH"), 67 NULL, 68 }, { 69 "mail_always", T_FLAG, 70 N_("Always send mail when sudo is run"), 71 NULL, 72 }, { 73 "mail_badpass", T_FLAG, 74 N_("Send mail if user authentication fails"), 75 NULL, 76 }, { 77 "mail_no_user", T_FLAG, 78 N_("Send mail if the user is not in sudoers"), 79 NULL, 80 }, { 81 "mail_no_host", T_FLAG, 82 N_("Send mail if the user is not in sudoers for this host"), 83 NULL, 84 }, { 85 "mail_no_perms", T_FLAG, 86 N_("Send mail if the user is not allowed to run a command"), 87 NULL, 88 }, { 89 "mail_all_cmnds", T_FLAG, 90 N_("Send mail if the user tries to run a command"), 91 NULL, 92 }, { 93 "tty_tickets", T_FLAG, 94 N_("Use a separate timestamp for each user/tty combo"), 95 NULL, 96 }, { 97 "lecture", T_TUPLE|T_BOOL, 98 N_("Lecture user the first time they run sudo"), 99 def_data_lecture, 100 }, { 101 "lecture_file", T_STR|T_PATH|T_BOOL, 102 N_("File containing the sudo lecture: %s"), 103 NULL, 104 }, { 105 "authenticate", T_FLAG, 106 N_("Require users to authenticate by default"), 107 NULL, 108 }, { 109 "root_sudo", T_FLAG, 110 N_("Root may run sudo"), 111 NULL, 112 }, { 113 "log_host", T_FLAG, 114 N_("Log the hostname in the (non-syslog) log file"), 115 NULL, 116 }, { 117 "log_year", T_FLAG, 118 N_("Log the year in the (non-syslog) log file"), 119 NULL, 120 }, { 121 "shell_noargs", T_FLAG, 122 N_("If sudo is invoked with no arguments, start a shell"), 123 NULL, 124 }, { 125 "set_home", T_FLAG, 126 N_("Set $HOME to the target user when starting a shell with -s"), 127 NULL, 128 }, { 129 "always_set_home", T_FLAG, 130 N_("Always set $HOME to the target user's home directory"), 131 NULL, 132 }, { 133 "path_info", T_FLAG, 134 N_("Allow some information gathering to give useful error messages"), 135 NULL, 136 }, { 137 "fqdn", T_FLAG, 138 N_("Require fully-qualified hostnames in the sudoers file"), 139 NULL, 140 }, { 141 "insults", T_FLAG, 142 N_("Insult the user when they enter an incorrect password"), 143 NULL, 144 }, { 145 "requiretty", T_FLAG, 146 N_("Only allow the user to run sudo if they have a tty"), 147 NULL, 148 }, { 149 "env_editor", T_FLAG, 150 N_("Visudo will honor the EDITOR environment variable"), 151 NULL, 152 }, { 153 "rootpw", T_FLAG, 154 N_("Prompt for root's password, not the users's"), 155 NULL, 156 }, { 157 "runaspw", T_FLAG, 158 N_("Prompt for the runas_default user's password, not the users's"), 159 NULL, 160 }, { 161 "targetpw", T_FLAG, 162 N_("Prompt for the target user's password, not the users's"), 163 NULL, 164 }, { 165 "use_loginclass", T_FLAG, 166 N_("Apply defaults in the target user's login class if there is one"), 167 NULL, 168 }, { 169 "set_logname", T_FLAG, 170 N_("Set the LOGNAME and USER environment variables"), 171 NULL, 172 }, { 173 "stay_setuid", T_FLAG, 174 N_("Only set the effective uid to the target user, not the real uid"), 175 NULL, 176 }, { 177 "preserve_groups", T_FLAG, 178 N_("Don't initialize the group vector to that of the target user"), 179 NULL, 180 }, { 181 "loglinelen", T_UINT|T_BOOL, 182 N_("Length at which to wrap log file lines (0 for no wrap): %u"), 183 NULL, 184 }, { 185 "timestamp_timeout", T_TIMESPEC|T_BOOL, 186 N_("Authentication timestamp timeout: %.1f minutes"), 187 NULL, 188 }, { 189 "passwd_timeout", T_TIMESPEC|T_BOOL, 190 N_("Password prompt timeout: %.1f minutes"), 191 NULL, 192 }, { 193 "passwd_tries", T_UINT, 194 N_("Number of tries to enter a password: %u"), 195 NULL, 196 }, { 197 "umask", T_MODE|T_BOOL, 198 N_("Umask to use or 0777 to use user's: 0%o"), 199 NULL, 200 }, { 201 "logfile", T_STR|T_BOOL|T_PATH, 202 N_("Path to log file: %s"), 203 NULL, 204 }, { 205 "mailerpath", T_STR|T_BOOL|T_PATH, 206 N_("Path to mail program: %s"), 207 NULL, 208 }, { 209 "mailerflags", T_STR|T_BOOL, 210 N_("Flags for mail program: %s"), 211 NULL, 212 }, { 213 "mailto", T_STR|T_BOOL, 214 N_("Address to send mail to: %s"), 215 NULL, 216 }, { 217 "mailfrom", T_STR|T_BOOL, 218 N_("Address to send mail from: %s"), 219 NULL, 220 }, { 221 "mailsub", T_STR, 222 N_("Subject line for mail messages: %s"), 223 NULL, 224 }, { 225 "badpass_message", T_STR, 226 N_("Incorrect password message: %s"), 227 NULL, 228 }, { 229 "lecture_status_dir", T_STR|T_PATH, 230 N_("Path to lecture status dir: %s"), 231 NULL, 232 }, { 233 "timestampdir", T_STR|T_PATH, 234 N_("Path to authentication timestamp dir: %s"), 235 NULL, 236 }, { 237 "timestampowner", T_STR, 238 N_("Owner of the authentication timestamp dir: %s"), 239 NULL, 240 }, { 241 "exempt_group", T_STR|T_BOOL, 242 N_("Users in this group are exempt from password and PATH requirements: %s"), 243 NULL, 244 }, { 245 "passprompt", T_STR, 246 N_("Default password prompt: %s"), 247 NULL, 248 }, { 249 "passprompt_override", T_FLAG, 250 N_("If set, passprompt will override system prompt in all cases."), 251 NULL, 252 }, { 253 "runas_default", T_STR, 254 N_("Default user to run commands as: %s"), 255 NULL, 256 }, { 257 "secure_path", T_STR|T_BOOL, 258 N_("Value to override user's $PATH with: %s"), 259 NULL, 260 }, { 261 "editor", T_STR|T_PATH, 262 N_("Path to the editor for use by visudo: %s"), 263 NULL, 264 }, { 265 "listpw", T_TUPLE|T_BOOL, 266 N_("When to require a password for 'list' pseudocommand: %s"), 267 def_data_listpw, 268 }, { 269 "verifypw", T_TUPLE|T_BOOL, 270 N_("When to require a password for 'verify' pseudocommand: %s"), 271 def_data_verifypw, 272 }, { 273 "noexec", T_FLAG, 274 N_("Preload the sudo_noexec library which replaces the exec functions"), 275 NULL, 276 }, { 277 "ignore_local_sudoers", T_FLAG, 278 N_("If LDAP directory is up, do we ignore local sudoers file"), 279 NULL, 280 }, { 281 "closefrom", T_INT, 282 N_("File descriptors >= %d will be closed before executing a command"), 283 NULL, 284 }, { 285 "closefrom_override", T_FLAG, 286 N_("If set, users may override the value of \"closefrom\" with the -C option"), 287 NULL, 288 }, { 289 "setenv", T_FLAG, 290 N_("Allow users to set arbitrary environment variables"), 291 NULL, 292 }, { 293 "env_reset", T_FLAG, 294 N_("Reset the environment to a default set of variables"), 295 NULL, 296 }, { 297 "env_check", T_LIST|T_BOOL, 298 N_("Environment variables to check for safety:"), 299 NULL, 300 }, { 301 "env_delete", T_LIST|T_BOOL, 302 N_("Environment variables to remove:"), 303 NULL, 304 }, { 305 "env_keep", T_LIST|T_BOOL, 306 N_("Environment variables to preserve:"), 307 NULL, 308 }, { 309 "role", T_STR, 310 N_("SELinux role to use in the new security context: %s"), 311 NULL, 312 }, { 313 "type", T_STR, 314 N_("SELinux type to use in the new security context: %s"), 315 NULL, 316 }, { 317 "env_file", T_STR|T_PATH|T_BOOL, 318 N_("Path to the sudo-specific environment file: %s"), 319 NULL, 320 }, { 321 "restricted_env_file", T_STR|T_PATH|T_BOOL, 322 N_("Path to the restricted sudo-specific environment file: %s"), 323 NULL, 324 }, { 325 "sudoers_locale", T_STR, 326 N_("Locale to use while parsing sudoers: %s"), 327 NULL, 328 }, { 329 "visiblepw", T_FLAG, 330 N_("Allow sudo to prompt for a password even if it would be visible"), 331 NULL, 332 }, { 333 "pwfeedback", T_FLAG, 334 N_("Provide visual feedback at the password prompt when there is user input"), 335 NULL, 336 }, { 337 "fast_glob", T_FLAG, 338 N_("Use faster globbing that is less accurate but does not access the filesystem"), 339 NULL, 340 }, { 341 "umask_override", T_FLAG, 342 N_("The umask specified in sudoers will override the user's, even if it is more permissive"), 343 NULL, 344 }, { 345 "log_input", T_FLAG, 346 N_("Log user's input for the command being run"), 347 NULL, 348 }, { 349 "log_output", T_FLAG, 350 N_("Log the output of the command being run"), 351 NULL, 352 }, { 353 "compress_io", T_FLAG, 354 N_("Compress I/O logs using zlib"), 355 NULL, 356 }, { 357 "use_pty", T_FLAG, 358 N_("Always run commands in a pseudo-tty"), 359 NULL, 360 }, { 361 "group_plugin", T_STR, 362 N_("Plugin for non-Unix group support: %s"), 363 NULL, 364 }, { 365 "iolog_dir", T_STR|T_PATH, 366 N_("Directory in which to store input/output logs: %s"), 367 NULL, 368 }, { 369 "iolog_file", T_STR, 370 N_("File in which to store the input/output log: %s"), 371 NULL, 372 }, { 373 "set_utmp", T_FLAG, 374 N_("Add an entry to the utmp/utmpx file when allocating a pty"), 375 NULL, 376 }, { 377 "utmp_runas", T_FLAG, 378 N_("Set the user in utmp to the runas user, not the invoking user"), 379 NULL, 380 }, { 381 "privs", T_STR, 382 N_("Set of permitted privileges: %s"), 383 NULL, 384 }, { 385 "limitprivs", T_STR, 386 N_("Set of limit privileges: %s"), 387 NULL, 388 }, { 389 "exec_background", T_FLAG, 390 N_("Run commands on a pty in the background"), 391 NULL, 392 }, { 393 "pam_service", T_STR, 394 N_("PAM service name to use: %s"), 395 NULL, 396 }, { 397 "pam_login_service", T_STR, 398 N_("PAM service name to use for login shells: %s"), 399 NULL, 400 }, { 401 "pam_setcred", T_FLAG, 402 N_("Attempt to establish PAM credentials for the target user"), 403 NULL, 404 }, { 405 "pam_session", T_FLAG, 406 N_("Create a new PAM session for the command to run in"), 407 NULL, 408 }, { 409 "pam_acct_mgmt", T_FLAG, 410 N_("Perform PAM account validation management"), 411 NULL, 412 }, { 413 "maxseq", T_STR, 414 N_("Maximum I/O log sequence number: %s"), 415 NULL, 416 }, { 417 "use_netgroups", T_FLAG, 418 N_("Enable sudoers netgroup support"), 419 NULL, 420 }, { 421 "sudoedit_checkdir", T_FLAG, 422 N_("Check parent directories for writability when editing files with sudoedit"), 423 NULL, 424 }, { 425 "sudoedit_follow", T_FLAG, 426 N_("Follow symbolic links when editing files with sudoedit"), 427 NULL, 428 }, { 429 "always_query_group_plugin", T_FLAG, 430 N_("Query the group plugin for unknown system groups"), 431 NULL, 432 }, { 433 "netgroup_tuple", T_FLAG, 434 N_("Match netgroups based on the entire tuple: user, host and domain"), 435 NULL, 436 }, { 437 "ignore_audit_errors", T_FLAG, 438 N_("Allow commands to be run even if sudo cannot write to the audit log"), 439 NULL, 440 }, { 441 "ignore_iolog_errors", T_FLAG, 442 N_("Allow commands to be run even if sudo cannot write to the I/O log"), 443 NULL, 444 }, { 445 "ignore_logfile_errors", T_FLAG, 446 N_("Allow commands to be run even if sudo cannot write to the log file"), 447 NULL, 448 }, { 449 "match_group_by_gid", T_FLAG, 450 N_("Resolve groups in sudoers and match on the group ID, not the name"), 451 NULL, 452 }, { 453 "syslog_maxlen", T_UINT, 454 N_("Log entries larger than this value will be split into multiple syslog messages: %u"), 455 NULL, 456 }, { 457 "iolog_user", T_STR|T_BOOL, 458 N_("User that will own the I/O log files: %s"), 459 NULL, 460 }, { 461 "iolog_group", T_STR|T_BOOL, 462 N_("Group that will own the I/O log files: %s"), 463 NULL, 464 }, { 465 "iolog_mode", T_MODE, 466 N_("File mode to use for the I/O log files: 0%o"), 467 NULL, 468 }, { 469 "fdexec", T_TUPLE|T_BOOL, 470 N_("Execute commands by file descriptor instead of by path: %s"), 471 def_data_fdexec, 472 }, { 473 "ignore_unknown_defaults", T_FLAG, 474 N_("Ignore unknown Defaults entries in sudoers instead of producing a warning"), 475 NULL, 476 }, { 477 "command_timeout", T_TIMEOUT|T_BOOL, 478 N_("Time in seconds after which the command will be terminated: %u"), 479 NULL, 480 }, { 481 "user_command_timeouts", T_FLAG, 482 N_("Allow the user to specify a timeout on the command line"), 483 NULL, 484 }, { 485 "iolog_flush", T_FLAG, 486 N_("Flush I/O log data to disk immediately instead of buffering it"), 487 NULL, 488 }, { 489 "syslog_pid", T_FLAG, 490 N_("Include the process ID when logging via syslog"), 491 NULL, 492 }, { 493 "timestamp_type", T_TUPLE, 494 N_("Type of authentication timestamp record: %s"), 495 def_data_timestamp_type, 496 }, { 497 "authfail_message", T_STR, 498 N_("Authentication failure message: %s"), 499 NULL, 500 }, { 501 "case_insensitive_user", T_FLAG, 502 N_("Ignore case when matching user names"), 503 NULL, 504 }, { 505 "case_insensitive_group", T_FLAG, 506 N_("Ignore case when matching group names"), 507 NULL, 508 }, { 509 "log_allowed", T_FLAG, 510 N_("Log when a command is allowed by sudoers"), 511 NULL, 512 }, { 513 "log_denied", T_FLAG, 514 N_("Log when a command is denied by sudoers"), 515 NULL, 516 }, { 517 "log_servers", T_LIST|T_BOOL, 518 N_("Sudo log server(s) to connect to with optional port"), 519 NULL, 520 }, { 521 "log_server_timeout", T_TIMEOUT|T_BOOL, 522 N_("Sudo log server timeout in seconds: %u"), 523 NULL, 524 }, { 525 "log_server_keepalive", T_FLAG, 526 N_("Enable SO_KEEPALIVE socket option on the socket connected to the logserver"), 527 NULL, 528 }, { 529 "log_server_cabundle", T_STR|T_BOOL|T_PATH, 530 N_("Path to the audit server's CA bundle file: %s"), 531 NULL, 532 }, { 533 "log_server_peer_cert", T_STR|T_BOOL|T_PATH, 534 N_("Path to the sudoers certificate file: %s"), 535 NULL, 536 }, { 537 "log_server_peer_key", T_STR|T_BOOL|T_PATH, 538 N_("Path to the sudoers private key file: %s"), 539 NULL, 540 }, { 541 "log_server_verify", T_FLAG, 542 N_("Verify that the log server's certificate is valid"), 543 NULL, 544 }, { 545 "runas_allow_unknown_id", T_FLAG, 546 N_("Allow the use of unknown runas user and/or group ID"), 547 NULL, 548 }, { 549 "runas_check_shell", T_FLAG, 550 N_("Only permit running commands as a user with a valid shell"), 551 NULL, 552 }, { 553 "pam_ruser", T_FLAG, 554 N_("Set the pam remote user to the user running sudo"), 555 NULL, 556 }, { 557 "pam_rhost", T_FLAG, 558 N_("Set the pam remote host to the local host name"), 559 NULL, 560 }, { 561 "runcwd", T_STR|T_BOOL|T_CHPATH, 562 N_("Working directory to change to before executing the command: %s"), 563 NULL, 564 }, { 565 "runchroot", T_STR|T_BOOL|T_CHPATH, 566 N_("Root directory to change to before executing the command: %s"), 567 NULL, 568 }, { 569 "log_format", T_TUPLE, 570 N_("The format of logs to produce: %s"), 571 def_data_log_format, 572 }, { 573 "selinux", T_FLAG, 574 N_("Enable SELinux RBAC support"), 575 NULL, 576 }, { 577 "admin_flag", T_STR|T_BOOL|T_CHPATH, 578 N_("Path to the file that is created the first time sudo is run: %s"), 579 NULL, 580 }, { 581 "intercept", T_FLAG, 582 N_("Intercept further commands and apply sudoers restrictions to them"), 583 NULL, 584 }, { 585 "log_subcmds", T_FLAG, 586 N_("Log sub-commands run by the original command"), 587 NULL, 588 }, { 589 "log_exit_status", T_FLAG, 590 N_("Log the exit status of commands"), 591 NULL, 592 }, { 593 "intercept_authenticate", T_FLAG, 594 N_("Subsequent commands in an intercepted session must be authenticated"), 595 NULL, 596 }, { 597 "intercept_allow_setid", T_FLAG, 598 N_("Allow an intercepted command to run set setuid or setgid programs"), 599 NULL, 600 }, { 601 NULL, 0, NULL 602 } 603 }; 604