Starting with version 1.8.0, sudo supports a modular framework
third-party policy and I/O logging plugins. In this framework,
when a user runs sudo
, the front-end queries a policy
plugin to determine whether or not the command is to be allowed.
If it is allowed, the policy plugin returns a description of how
to run the command along with the argument vector and environment
to pass to the execve()
system call. While the command
is being run, the I/O plugin, if any, is passed all input to and
output from the command.
This makes it possible for third parties to extend sudo without
replacing it. Extending sudo, rather than replacing it outright,
has the advantage of allowing users to maintain their existing work
flow while providing extra features that enterprise users want.
Below is a list of known third-party sudo plugins.
If you have developed a plugin and would like to be added to this
list, please send mail to email@example.com.
Quest One Privilege Manager for Sudo
The first available third party plugin is Dell
Privilege Manager for Sudo
, which brings advanced features
from the Privilege Manager for Unix
product to sudo. These features
include a central policy server, centralized management of sudo and
the sudoers policy file, centralized reporting on sudoers access
rights and activities, as well as keystroke logging of activities
performed through sudo. Quest One makes administering sudo across
the entire enterprise easy, intuitive and consistent--eliminating
the box-by-box management of sudo that is the source of so much
inefficiency and inconsistency.
One Privilege Manager for Sudo is available in freeware and