我如何找出sudo配置了哪些选项？

须藤须藤-V

您可以使用该命令sudo sudo -V获取所有选项。

例子

$ sudo sudo -V
Sudo version 1.8.6p7

与其一起构建的配置选项

配置选项：--build = x86_64-redhat-linux-gnu --host = x86_64-redhat-linux-gnu --program-prefix = --disable-dependency-tracking --prefix = / usr --exec-prefix = / usr --bindir = / usr / bin --sbindir = / usr / sbin --sysconfdir = / etc --datadir = / usr / share --includedir = / usr / include --libdir = / usr / lib64- libexecdir = / usr / libexec --localstatedir = / var --sharedstatedir = / var / lib --mandir = / usr / share / man --infodir = / usr / share / info --prefix = / usr --sbindir = / usr / sbin --libdir = / usr / lib64 --docdir = / usr / share / doc / sudo-1.8.6p7 --with-logging = syslog --with-logfac = authpriv --with-pam --with -pam-login --with-editor = / bin / vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-selinux --with-passprompt = [sudo]％p的密码：--with-linux-audit --with-sssd Sudoers策略插件版本1.8.6p7 Sudoers文件语法版本42

配置文件

Sudoers path: /etc/sudoers
nsswitch path: /etc/nsswitch.conf
ldap.conf path: /etc/ldap.conf
ldap.secret path: /etc/ldap.secret

选项

Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Only allow the user to run sudo if they have a tty
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5.0 minutes
Password prompt timeout: 5.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/db/sudo
Default password prompt: [sudo] password for %p: 
Default user to run commands as: root
Value to override user's $PATH with: /sbin:/bin:/usr/sbin:/usr/bin
Path to the editor for use by visudo: /bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables

环境变量

Environment variables to check for sanity:
    TERM
    LINGUAS
    LC_*
    LANGUAGE
    LANG
    COLORTERM
Environment variables to remove:
    TMPPREFIX
    ZDOTDIR
    READNULLCMD
    NULLCMD
    FPATH
    JAVA_TOOL_OPTIONS
    SHELLOPTS
    GLOBIGNORE
    PS4
    BASH_ENV
    ENV
    TERMCAP
    TERMPATH
    TERMINFO_DIRS
    TERMINFO
    _RLD*
    LD_*
    PATH_LOCALE
    NLSPATH
    HOSTALIASES
    RES_OPTIONS
    LOCALDOMAIN
    CDPATH
    IFS
Environment variables to preserve:
    XAUTHORITY
    _XKB_CHARSET
    LINGUAS
    LANGUAGE
    LC_ALL
    LC_TIME
    LC_TELEPHONE
    LC_PAPER
    LC_NUMERIC
    LC_NAME
    LC_MONETARY
    LC_MESSAGES
    LC_MEASUREMENT
    LC_IDENTIFICATION
    LC_COLLATE
    LC_CTYPE
    LC_ADDRESS
    LANG
    USERNAME
    QTDIR
    PS2
    PS1
    MAIL
    LS_COLORS
    KDEDIR
    INPUTRC
    HISTSIZE
    HOSTNAME
    DISPLAY
    COLORS

杂项

Locale to use while parsing sudoers: C
Compress I/O logs using zlib
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty

Local IP address and netmask pairs:
    192.168.1.20/255.255.255.0
    192.168.122.1/255.255.255.0
    fe80::226:c7ff:fe85:a720/ffff:ffff:ffff:ffff::

Sudoers I/O plugin version 1.8.6p7

须藤-l

查找sudo配置的另一种方法是使用sudo -l。

例子

$ sudo -l
Matching Defaults entries for saml on this host:
    requiretty, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG
    LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
    LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User saml may run the following commands on this host:
    (ALL) ALL