Update "!use_pty" example to only disable it for non-root users.

Also add a commented out entry for "exec_background" which can also be used to prevent sudo from consuming tty input. Related to GitHub issue #338
sudo-project · Jan 8, 2024 · ff3dbe6 · ff3dbe6
1 parent 0045247
commit ff3dbe6
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/plugins/sudoers/sudoers.in b/plugins/sudoers/sudoers.in
@@ -68,9 +68,16 @@
 ## Uncomment to use a hard-coded PATH instead of the user's to find commands
 # Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 ##
-## Uncomment to restore the historic behavior where a command is run in
-## the user's own terminal.
-# Defaults !use_pty
+## Uncomment to disable "use_pty" when running commands as root.
+## Commands run as non-root users will run in a pseudo-terminal,
+## not the user's own terminal, to prevent command injection.
+# Defaults>root !use_pty
+##
+## Uncomment to run commands in the background by default.
+## This can be used to prevent sudo from consuming user input while
+## a non-interactive command runs if "use_pty" or I/O logging are
+## enabled.  Some commands may not run properly in the background.
+# Defaults exec_background
 ##
 ## Uncomment to send mail if the user does not enter the correct password.
 # Defaults mail_badpass