Re: sudoers tty defaults (Re: Changing Users in a script)
On Mon, 15 Aug 2011 13:12:04 -0600, Bob Proulx wrote:
> Tom H wrote:
>> Both are set by default.
> Just tty_tickets is set by default. requiretty is off by default.
> $ man 5 sudoers
> tty_tickets If set, users must authenticate on a per-tty
> With this flag enabled, sudo will use a file
> named for the tty the user is logged in on in the
> user's time stamp directory. If disabled, the
> time stamp of the directory is used instead.
> This flag is on by default.
> requiretty If set, sudo will only run when the user is
> logged in
> to a real tty. When this flag is set, sudo can
> only be run from a login session and not via
> other means such as cron(8) or cgi-bin scripts.
> This flag is off by default.
> Best would be to run 'sudo -l' and see what flags are actually set at
> the time. And remember that /etc/sudoers.d/* is a directory of
> additional snippets that are also included into the configuration.
For what it is worth, I'm not sure that that man page is up to date.
Squeeze here (up to date), and I have done nothing directly with the
supplied /etc/sudoers; only used visudo to add myself.
It has neither tty-tickets nor requiretty. I note by the way, that this
differs from RHEL and derivatives, which include requiretty by default.