115ee49851
- update to 1.8.10p1
* Fixed a bug with netgated commands in "sudo -l command" that
could cause the command to be listed even when it was explicitly
denied. This only affected list mode when a command was specified.
Bug #636.
* It is now possible to disable network interface probing in sudo.conf
by changing the value of the probe_interfaces setting.
* When listing a user's privileges (sudo -l), the sudoers plugin
will now prompt for the user's password even if the targetpw,
rootpw or runaspw options are set.
* The sudoers plugin uses a new format for its time stamp files.
Bug #616.
* sudo's -K option will now remove all of the user's time stamps,
not just the time stamp for the current terminal.
The -k option can be used to only disable time stamps for
the current terminal.
* If sudo was started in the background and needed to prompt for a
password, it was not possible to suspend it at the password prompt
* LDAP-based sudoers now uses a default search filter of
(objectClass=sudoRole) for more efficient queries.
The netgroup query has been modified to avoid falling below the
minimum length for OpenLDAP substring indices.
* The new use_netgroups sudoers option can be used to explicitly
enable or disable netgroups support. For LDAP-based sudoers,
netgroup support requires an expensive substring match on the server.
If netgroups are not needed, this option can be disabled to
reduce the load on the LDAP server.
* Sudo is once again able to open the sudoers file when the group
on sudoers doesn't match the expected value, so long as the
file is not group writable. (forwarded request 225988 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/226049
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=64
In the default (ie unconfigured) configuration sudo asks for root password. This allows to use an ordinary user account for administration of a freshly installed system. When configuring sudo, please make sure to delete the two following lines: Defaults targetpw # ask for the password of the target user i.e. root %users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!