First pass fix the sudo files for EL
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
This commit is contained in:
@@ -2,6 +2,4 @@
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session include system-auth
|
||||
|
||||
@@ -11,9 +11,9 @@
|
||||
# The plugin_options are optional.
|
||||
#
|
||||
# The sudoers plugin is used by default if no Plugin lines are present.
|
||||
#Plugin sudoers_policy sudoers.so
|
||||
#Plugin sudoers_io sudoers.so
|
||||
#Plugin sudoers_audit sudoers.so
|
||||
Plugin sudoers_policy sudoers.so
|
||||
Plugin sudoers_io sudoers.so
|
||||
Plugin sudoers_audit sudoers.so
|
||||
|
||||
#
|
||||
# Sudo askpass:
|
||||
@@ -38,21 +38,6 @@
|
||||
#
|
||||
#Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
|
||||
|
||||
#
|
||||
# Sudo command interception:
|
||||
# Path intercept /path/to/sudo_intercept.so
|
||||
#
|
||||
# Path to a shared library containing replacements for the execv(),
|
||||
# execve() and fexecve() library functions that perform a policy check
|
||||
# to verify the command is allowed and simply return an error if not.
|
||||
# This is used to implement the "intercept" functionality on systems that
|
||||
# support LD_PRELOAD or its equivalent.
|
||||
#
|
||||
# The compiled-in value is usually sufficient and should only be changed
|
||||
# if you rename or move the sudo_intercept.so file.
|
||||
#
|
||||
#Path intercept disabled
|
||||
|
||||
#
|
||||
# Sudo noexec:
|
||||
# Path noexec /path/to/sudo_noexec.so
|
||||
@@ -76,6 +61,14 @@
|
||||
#
|
||||
#Path plugin_dir /usr/libexec/sudo
|
||||
|
||||
#
|
||||
# Sudo developer mode:
|
||||
# Set developer_mode true|false
|
||||
#
|
||||
# Allow loading of plugins that are owned by non-root or are writable
|
||||
# by "group" or "other". Should only be used during plugin development.
|
||||
#Set developer_mode true
|
||||
|
||||
#
|
||||
# Core dumps:
|
||||
# Set disable_coredump true|false
|
||||
@@ -85,7 +78,7 @@
|
||||
# To aid in debugging sudo problems, you may wish to enable core
|
||||
# dumps by setting "disable_coredump" to false.
|
||||
#
|
||||
#Set disable_coredump false
|
||||
Set disable_coredump false
|
||||
|
||||
#
|
||||
# User groups:
|
||||
@@ -121,10 +114,10 @@
|
||||
# Debug program /path/to/debug_log subsystem@priority[,subsyste@priority]
|
||||
#
|
||||
# Sudo and related programs support logging debug information to a file.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay, or visudo.
|
||||
# The program is typically sudo, sudoers.so, sudoreplay or visudo.
|
||||
#
|
||||
# Subsystems vary based on the program; "all" matches all subsystems.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace, or debug.
|
||||
# Priority may be crit, err, warn, notice, diag, info, trace or debug.
|
||||
# Multiple subsystem@priority may be specified, separated by a comma.
|
||||
#
|
||||
#Debug sudo /var/log/sudo_debug all@debug
|
||||
|
||||
@@ -74,7 +74,7 @@ Defaults always_query_group_plugin
|
||||
|
||||
Defaults env_reset
|
||||
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
|
||||
Defaults env_keep += "MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
|
||||
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
|
||||
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
|
||||
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
|
||||
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
|
||||
@@ -85,7 +85,7 @@ Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY
|
||||
#
|
||||
# Defaults env_keep += "HOME"
|
||||
|
||||
Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
|
||||
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
## Next comes the main part: which users can run what software on
|
||||
## which machines (the sudoers file can be shared between multiple
|
||||
|
||||
Reference in New Issue
Block a user