Sudo Plugin supports all sudo command options except those listed in the following tables.
|
NOTE: This appendix contains details and instructions for the Privilege Manager for Sudo product, and may not be relevant for Privilege Manager for Unix |
Sudo Option | Description |
---|---|
-a type | Uses the specified authentication type. |
-c class | Runs the specified command with resources limited by the specified login class. |
-ll | Lists allowed commands in long format. |
-r role | Causes security context to have specified role – SELinux RBAC not supported |
-t type | Causes security context to have specified type. |
Sudo Option | Description |
---|---|
-k and -K | These flags only remove the user’s credentials within the cache. |
env_file | When in "offline policy evaluation" mode, this option only works if the file is present on the off-line host. |
fqdn | Normally, when a policy has this flag enabled, sudo resolves host names on the policy server. However, when in off-line mode, sudo resolves host names from the policy cache server, which may produce different results. |
group_plugin | When in "off-line policy evaluation" mode, this option only works if the off-line host has group_plugin in the same path as the primary/secondary server. |
lecture_file | When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host. |
logfile | When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host. |
mailerpath | When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host. |
Sudoers Option | Explanation |
---|---|
compress_io | Compresses I/O logs using zlib. |
fast_glob | fast_glob is always enabled; disabling fast_glob has no effect. |
ignore_local_sudoers | Sudoers in LDAP is not supported. |
iolog_dir (‘%’) escape sequences %{seq} | The %{seq} escape sequence is not supported. |
passprompt_override | Forces sudo to always use passprompt. |
pwfeedback | When set, sudo provides visual feedback when you press a key. |
role | SELinux RBAC not supported. |
stay_setuid | Forces sudo to act as a setuid wrapper. |
timestampdir | The directory in which sudo stores its timestamp files. |
timestampowner | The owner of the timestamp directory and the timestamps stored therein. |
type | SELinux RBAC not supported. |
use_pty | Not relevant; pty is always used. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy