Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

Unsupported Sudo Options

Unsupported Sudo Options

Sudo Plugin supports all sudo command options except those listed in the following tables.

NOTE: This appendix contains details and instructions for the Privilege Manager for Sudo product, and may not be relevant for Privilege Manager for Unix

Unsupported Command Line Sudo Options

Unsupported Sudo Options > Unsupported Command Line Sudo Options
Table 101: Unsupported command line Sudo options
Sudo Option Description
-a type Uses the specified authentication type.
-c class Runs the specified command with resources limited by the specified login class.
-ll Lists allowed commands in long format.
-r role Causes security context to have specified role – SELinux RBAC not supported
-t type Causes security context to have specified type.

Behavioral Change

Unsupported Sudo Options > Behavioral Change

Table 102: Behavioral change
Sudo Option Description
-k and -K These flags only remove the user’s credentials within the cache.
env_file When in "offline policy evaluation" mode, this option only works if the file is present on the off-line host.
fqdn Normally, when a policy has this flag enabled, sudo resolves host names on the policy server. However, when in off-line mode, sudo resolves host names from the policy cache server, which may produce different results.
group_plugin When in "off-line policy evaluation" mode, this option only works if the off-line host has group_plugin in the same path as the primary/secondary server.
lecture_file When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host.
logfile When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host.
mailerpath When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host.

Unsupported Sudoers Policy Options

Unsupported Sudo Options > Unsupported Sudoers Policy Options
Table 103: Unsupported Sudoers policy options
Sudoers Option Explanation
compress_io Compresses I/O logs using zlib.
fast_glob fast_glob is always enabled; disabling fast_glob has no effect.
ignore_local_sudoers Sudoers in LDAP is not supported.
iolog_dir (‘%’) escape sequences %{seq} The %{seq} escape sequence is not supported.
passprompt_override Forces sudo to always use passprompt.
pwfeedback When set, sudo provides visual feedback when you press a key.
role SELinux RBAC not supported.
stay_setuid Forces sudo to act as a setuid wrapper.
timestampdir The directory in which sudo stores its timestamp files.
timestampowner The owner of the timestamp directory and the timestamps stored therein.
type SELinux RBAC not supported.
use_pty Not relevant; pty is always used.
Related Documents