Skip to content

Commit 8e5a132

Browse files
author
Marc Haber
committed
harmless changes to sudoers.in
This takes come commments from the Debian default configuration file, and removes the DEBUGGERS Cmnd_Alias für brevity.
1 parent ff0b6be commit 8e5a132

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

plugins/sudoers/sudoers.in

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,13 @@
1+
##
12
## sudoers file.
23
##
34
## This file MUST be edited with the 'visudo' command as root.
45
## Failure to use 'visudo' may result in syntax or file permission errors
56
## that prevent sudo from running.
7+
8+
## Please consider adding local content in /etc/sudoers.d/ instead of
9+
## directly modifying this file.
10+
611
##
712
## See the sudoers man page for the details on how to write a sudoers file.
813
##
@@ -30,10 +35,6 @@
3035
#
3136
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
3237
#
33-
# Cmnd_Alias DEBUGGERS = /usr/bin/gdb, /usr/bin/lldb, /usr/bin/strace, \
34-
# /usr/bin/truss, /usr/bin/bpftrace, \
35-
# /usr/bin/dtrace, /usr/bin/dtruss
36-
#
3738
# Cmnd_Alias PKGMAN = /usr/bin/apt, /usr/bin/dpkg, /usr/bin/rpm, \
3839
# /usr/bin/yum, /usr/bin/dnf, /usr/bin/zypper, \
3940
# /usr/bin/pacman
@@ -45,6 +46,11 @@
4546
## To preserve these for all commands, remove the "!visudo" qualifier.
4647
Defaults!@visudo@ env_keep += "SUDO_EDITOR EDITOR VISUAL"
4748
##
49+
## Preserve EDITOR environment variables for all users in the sudo group.
50+
## This allows running arbitrary commands, but sudo members are root
51+
## equivalent anyway.
52+
#Defaults:%sudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
53+
##
4854
## Use a hard-coded PATH instead of the user's to find commands.
4955
## This also helps prevent poorly written scripts from running
5056
## arbitrary commands under sudo.
@@ -74,6 +80,10 @@ Defaults!@visudo@ env_keep += "SUDO_EDITOR EDITOR VISUAL"
7480
## this may allow users to subvert the command being run via sudo.
7581
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
7682
##
83+
## Uncomment to preserve proxy settings from user environments of root
84+
## equivalent users (group sudo)
85+
# Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"
86+
##
7787
## Uncomment to disable "use_pty" when running commands as root.
7888
## Commands run as non-root users will run in a pseudo-terminal,
7989
## not the user's own terminal, to prevent command injection.

0 commit comments

Comments
 (0)