pkgsrc/security/sudo/PLIST

@comment $NetBSD: PLIST,v 1.3 2009/02/05 13:48:12 taca Exp $
bin/sudo
bin/sudoedit
libexec/sudo_noexec.so
man/man5/sudoers.5
${PLIST.ldap}man/man5/sudoers.ldap.5
man/man8/sudo.8
man/man8/sudoedit.8
man/man8/visudo.8
sbin/visudo
share/doc/sudo/README
share/doc/sudo/README.LDAP
share/doc/sudo/UPGRADE
share/examples/sudo/sudoers
@dirrm share/examples/sudo
@dirrm share/doc/sudo
Update security/sudo package to 1.7.0. * pkgsrc change: relax restriction to kerberos package. What's new in Sudo 1.7.0? * Rewritten parser that converts sudoers into a set of data structures. This eliminates a number of ordering issues and makes it possible to apply sudoers Defaults entries before searching for the command. It also adds support for per-command Defaults specifications. * Sudoers now supports a #include facility to allow the inclusion of other sudoers-format files. * Sudo's -l (list) flag has been enhanced: o applicable Defaults options are now listed o a command argument can be specified for testing whether a user may run a specific command. o a new -U flag can be used in conjunction with "sudo -l" to allow root (or a user with "sudo ALL") list another user's privileges. * A new -g flag has been added to allow the user to specify a primary group to run the command as. The sudoers syntax has been extended to include a group section in the Runas specification. * A uid may now be used anywhere a username is valid. * The "secure_path" run-time Defaults option has been restored. * Password and group data is now cached for fast lookups. * The file descriptor at which sudo starts closing all open files is now configurable via sudoers and, optionally, the command line. * Visudo will now warn about aliases that are defined but not used. * The -i and -s command line flags now take an optional command to be run via the shell. Previously, the argument was passed to the shell as a script to run. * Improved LDAP support. SASL authentication may now be used in conjunction when connecting to an LDAP server. The krb5_ccname parameter in ldap.conf may be used to enable Kerberos. * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf to specify the sudoers order. E.g.: sudoers: ldap files to check LDAP, then /etc/sudoers. The default is "files", even when LDAP support is compiled in. This differs from sudo 1.6 where LDAP was always consulted first. * Support for /etc/environment on AIX and Linux. If sudo is run with the -i flag, the contents of /etc/environment are used to populate the new environment that is passed to the command being run. * If no terminal is available or if the new -A flag is specified, sudo will use a helper program to read the password if one is configured. Typically, this is a graphical password prompter such as ssh-askpass. * A new Defaults option, "mailfrom" that sets the value of the "From:" field in the warning/error mail. If unspecified, the login name of the invoking user is used. * A new Defaults option, "env_file" that refers to a file containing environment variables to be set in the command being run. * A new flag, -n, may be used to indicate that sudo should not prompt the user for a password and, instead, exit with an error if authentication is required. * If sudo needs to prompt for a password and it is unable to disable echo (and no askpass program is defined), it will refuse to run unless the "visiblepw" Defaults option has been specified. * Prior to version 1.7.0, hitting enter/return at the Password: prompt would exit sudo. In sudo 1.7.0 and beyond, this is treated as an empty password. To exit sudo, the user must press ^C or ^D at the prompt. * visudo will now check the sudoers file owner and mode in -c (check) mode when the -s (strict) flag is specified. 2009-02-05 14:48:12 +01:00			`@comment $NetBSD: PLIST,v 1.3 2009/02/05 13:48:12 taca Exp $`
Import vanialla FreeBSD sudo. 1997-12-15 00:27:00 +01:00			`bin/sudo`
Add missing files. 2004-08-24 11:19:16 +02:00			`bin/sudoedit`
Update sudo package to 1.6.9p15. 653) Fixed installation of sudo_noexec.so on AIX. 654) Updated libtool to version 1.5.26. 655) Fixed printing of default SELinux role and type in -V mode. 656) The HOME environment variable is once again preserved by default, as per the documentation. 2008-03-29 15:16:58 +01:00			`libexec/sudo_noexec.so`
pkgsrc basically follows the BSD man page hierarchy. Install the su and visudo manpages in man/man1, and the sudoers manpage in man/man5. Remove the platform-specific PLISTs that only differed in the location of the man pages. Bump the PKGREVISION to 5. 2007-07-04 22:37:50 +02:00			`man/man5/sudoers.5`
Update security/sudo package to 1.7.0. * pkgsrc change: relax restriction to kerberos package. What's new in Sudo 1.7.0? * Rewritten parser that converts sudoers into a set of data structures. This eliminates a number of ordering issues and makes it possible to apply sudoers Defaults entries before searching for the command. It also adds support for per-command Defaults specifications. * Sudoers now supports a #include facility to allow the inclusion of other sudoers-format files. * Sudo's -l (list) flag has been enhanced: o applicable Defaults options are now listed o a command argument can be specified for testing whether a user may run a specific command. o a new -U flag can be used in conjunction with "sudo -l" to allow root (or a user with "sudo ALL") list another user's privileges. * A new -g flag has been added to allow the user to specify a primary group to run the command as. The sudoers syntax has been extended to include a group section in the Runas specification. * A uid may now be used anywhere a username is valid. * The "secure_path" run-time Defaults option has been restored. * Password and group data is now cached for fast lookups. * The file descriptor at which sudo starts closing all open files is now configurable via sudoers and, optionally, the command line. * Visudo will now warn about aliases that are defined but not used. * The -i and -s command line flags now take an optional command to be run via the shell. Previously, the argument was passed to the shell as a script to run. * Improved LDAP support. SASL authentication may now be used in conjunction when connecting to an LDAP server. The krb5_ccname parameter in ldap.conf may be used to enable Kerberos. * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf to specify the sudoers order. E.g.: sudoers: ldap files to check LDAP, then /etc/sudoers. The default is "files", even when LDAP support is compiled in. This differs from sudo 1.6 where LDAP was always consulted first. * Support for /etc/environment on AIX and Linux. If sudo is run with the -i flag, the contents of /etc/environment are used to populate the new environment that is passed to the command being run. * If no terminal is available or if the new -A flag is specified, sudo will use a helper program to read the password if one is configured. Typically, this is a graphical password prompter such as ssh-askpass. * A new Defaults option, "mailfrom" that sets the value of the "From:" field in the warning/error mail. If unspecified, the login name of the invoking user is used. * A new Defaults option, "env_file" that refers to a file containing environment variables to be set in the command being run. * A new flag, -n, may be used to indicate that sudo should not prompt the user for a password and, instead, exit with an error if authentication is required. * If sudo needs to prompt for a password and it is unable to disable echo (and no askpass program is defined), it will refuse to run unless the "visiblepw" Defaults option has been specified. * Prior to version 1.7.0, hitting enter/return at the Password: prompt would exit sudo. In sudo 1.7.0 and beyond, this is treated as an empty password. To exit sudo, the user must press ^C or ^D at the prompt. * visudo will now check the sudoers file owner and mode in -c (check) mode when the -s (strict) flag is specified. 2009-02-05 14:48:12 +01:00			`${PLIST.ldap}man/man5/sudoers.ldap.5`
pkgsrc basically follows the BSD man page hierarchy. Install the su and visudo manpages in man/man1, and the sudoers manpage in man/man5. Remove the platform-specific PLISTs that only differed in the location of the man pages. Bump the PKGREVISION to 5. 2007-07-04 22:37:50 +02:00			`man/man8/sudo.8`
			`man/man8/sudoedit.8`
			`man/man8/visudo.8`
Sort. 2005-12-27 19:29:18 +01:00			`sbin/visudo`
Update security/sudo to 1.6.8 and convert to use bsd.options.mk, which adds two new options, ldap and pam. Changes: * Sudo now supports storing sudoers info in LDAP (optionally using TLS). * There is a new -e option to edit files the with uid of the invoking user. This makes it possible to give users to ability to safely edit files without the possibility of editing other files or running commands as the target user. If sudo is run as "sudoedit" the -e flag is implied. * A new tag, NOEXEC, will prevent a dynamically-linked program being run by sudo from executing another program (think shell escapes). Because this uses LD_PRELOAD it has no effect on static binaries. * A uid specified in sudoers now matches the user specified by the -u flag even if the -u flag specified a name, not a uid. * Added a -i option to simulate an initial login similar to "su -". * If sudo is used to run as root shell, further sudo commands will be logged as run by the user specified by the SUDO_USER environment variable. In -e mode (sudoedit), SUDO_USER is used to determine what user to run the editor when the real uid is 0. * The sudoers file is now parsed as the runas user in all cases instead of root. This fixes some issues with running NFS-mounted commands. * If the target user == invoking user a password is no longer required. * Sudo now produces a sensible error message when the targetpw Defaults option is set and a non-existent uid is specified via the -u option. * A negated user/uid in a runas list is now treated the same as a negated command and overrides a previously allowed entry. * PAM support now uses Use pam_acct_mgmt() to check for disabled accounts. * Added a check in visudo for runas_default being used before it was set. * Fixed several issues when closing all open descriptors. Sudo now uses closefrom() if it exists, otherwise it uses /proc/$$/fd if that exists with a fallback of closing all possible descriptors. * Quoting globbing characters with a backslash now works as documented. * Fixed a problem on FreeBSD (and perhaps others) when the user is only listed in NIS (not master.passwd) and netgroups are used in the master.passwd file. * The username in a log entry is no longer truncated at 8 characters. * Added a "sudo_lecture" option that can point to a file containing a custom lecture. * The timeout for password reading is now done via alarm(), not select(). * /tmp/.odus is no longer used for timestamps by default. * Sudo now works on the nsr-tandem-nsk platform. * Fixed the --with-stow configure option. * TIS fwtk authentication now supports fwtk 2.0 and higher. * Added Stan Lee / Uncle Ben quote to the lecture from RedHat. * Added the --with-pc-insults configure to replace politically incorrect insults with other ones. 2004-08-23 23:15:17 +02:00			`share/doc/sudo/README`
			`share/doc/sudo/README.LDAP`
* Cosmetic changes to Makefile. * Use DEINSTALL/INSTALL scripts to handle config files. * Install the UPGRADE file and add a MESSAGE file to refer to it, instead of spewing a big file every time sudo is installed. 2000-12-06 07:33:39 +01:00			`share/doc/sudo/UPGRADE`
Update sudo to 1.5.9p4. It's the latest stable security release. 1999-08-31 21:26:40 +02:00			`share/examples/sudo/sudoers`
			`@dirrm share/examples/sudo`
* Cosmetic changes to Makefile. * Use DEINSTALL/INSTALL scripts to handle config files. * Install the UPGRADE file and add a MESSAGE file to refer to it, instead of spewing a big file every time sudo is installed. 2000-12-06 07:33:39 +01:00			`@dirrm share/doc/sudo`