Layer: admin

Module: sudo

Tunables Interfaces Templates

Description:

Execute a command with a substitute user

Tunables:

sudo_all_tcp_connect_http_port

Default value

false

Description

Determine whether all sudo domains can connect to TCP HTTP ports. This is needed if an additional authentication mechanism via an HTTP server is required for users to use sudo.

sudo_allow_user_exec_domains

Default value

false

Description

Determine whether the user application exec domain attribute should be respected for sudo access. If not enabled, only user domains themselves may use sudo.

Return

Interfaces:

sudo_sigchld(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to the sudo domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

sudo_role_template(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

The role template for the sudo module.

Description

This template creates a derived domain which is allowed to change the linux user id, to run commands as a different user.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access

Return