Dirk Mueller
313affb53e
* remove CVE-2013-1776 * The non-Unix group plugin is now supported when sudoers data is stored in LDAP. * User messages are now always displayed in the user's locale, even when the same message is being logged or mailed in a different locale. * Log files created by sudo now explicitly have the group set to group ID 0 rather than relying on BSD group semantics (which may not be the default). * A new exec_background sudoers option can be used to initially run the command without read access to the terminal when running a command in a pseudo-tty. * Sudo now produces better error messages when there is an error in the sudo.conf file. * Two new settings have been added to sudo.conf to give the admin better control of how group database queries are performed. * There is now a standalone sudo.conf manual page. * New support for specifying a SHA-2 digest along with the command in sudoers. Supported hash types are sha224, sha256, sha384 and sha512. See the description of Digest_Spec in the sudoers manual or the description of sudoCommand in the sudoers.ldap manual for details. * Fixed potential false positives in visudo's alias cycle detection. * Sudo now only builds Position Independent Executables (PIE) by default on Linux systems and verifies that a trivial test program builds and runs. OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=56
In the default (ie unconfigured) configuration sudo asks for root password. This allows to use an ordinary user account for administration of a freshly installed system. When configuring sudo, please make sure to delete the two following lines: Defaults targetpw # ask for the password of the target user i.e. root %users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!