diff options
Diffstat (limited to 'sudoers/sudoers.rng')
| -rw-r--r-- | sudoers/sudoers.rng | 97 |
1 files changed, 30 insertions, 67 deletions
diff --git a/sudoers/sudoers.rng b/sudoers/sudoers.rng index e3330fb..e865118 100644 --- a/sudoers/sudoers.rng +++ b/sudoers/sudoers.rng @@ -1,44 +1,29 @@ <?xml version="1.0" encoding="utf-8"?> <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" -xmlns:a="http://freeipa.org/xml/rng/ns/annotations/1.0" +xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> - <a:doc>Sudo configuration (/etc/sudoers)</a:doc> + <a:documentation>Sudo configuration (/etc/sudoers)</a:documentation> - <a:doc>The following section can be used to register the RNG schema file for the UI</a:doc> + <a:documentation>The following section can be used to register the RNG schema file for the UI</a:documentation> <a:name>sudo</a:name> <a:description>Creates configuration items for sudo which will be written to /etc/sudoers</a:description> <a:author>sbose@redhat.com, based on the work of fcusack@redhat.com</a:author> + <a:xslt>sudoers.xsl</a:xslt> <a:version>0.5</a:version> <start ns="http://freeipa.org/xml/rng/sudo/sudoers/1.0"> <element name="ipa"> + <a:documentation>Doc test.</a:documentation> - <element name="metadata"> - </element> - - <a:doc>This section describes the associations of a policy, i.e. on which host for what users or groups it should apply. This means, that i a generic policy this section does not exists. It is filled when a client downloads his policies based on the association which are valid for this client.</a:doc> <zeroOrMore> - <element name="association" ui:noDisplay="on"> - <attribute name="name"> - <data type="string"> - <param name="pattern">[A-Za-z0-9_-]{1,16}</param> - </data> - </attribute> - <attribute name="type"> - <choice> - <value>user</value> - <value>posixGroup</value> - <value>netgroup</value> - <value>host</value> - <value>hostGroup</value> - </choice> - </attribute> - </element> + <externalRef href="policy_association.rng"/> </zeroOrMore> - <a:doc>Here the definition for the generic part of the policy starts.</a:doc> + <externalRef href="policy_metadata.rng"/> + + <a:documentation>Here the definition for the generic part of the policy starts.</a:documentation> <oneOrMore> <element name="sudoers"> <optional> @@ -46,8 +31,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <oneOrMore> <choice> <!-- flag options --> - <element name="always_set_home" - a:defaultValue="off"> + <element name="always_set_home" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -87,8 +71,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> </element> --> <!-- global option only --> - <element name="ignore_local_sudoers" - a:defaultValue="off"> + <element name="ignore_local_sudoers" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -112,8 +95,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>off</value> </choice> </element> - <element name="long_otp_prompt" - a:defaultValue="off"> + <element name="long_otp_prompt" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -164,15 +146,13 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>off</value> </choice> </element> - <element name="passprompt_override" - a:defaultValue="off"> + <element name="passprompt_override" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> </choice> </element> - <element name="preserve_groups" - a:defaultValue="off"> + <element name="preserve_groups" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -220,8 +200,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>off</value> </choice> </element> - <element name="shell_noargs" - a:defaultValue="off"> + <element name="shell_noargs" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -261,16 +240,14 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <!-- ??? --> </data> </element> - <element name="passwd_timeout" - a:defaultValue="0"> + <element name="passwd_timeout" a:defaultValue="0"> <data type="integer"> <param name="minInclusive">0</param> <param name="maxInclusive">65535</param> <!-- ??? --> </data> </element> - <element name="timestamp_timeout" - a:defaultValue="5"> + <element name="timestamp_timeout" a:defaultValue="5"> <data type="integer"> <param name="minInclusive">-1</param> <param name="maxInclusive">65535</param> @@ -283,42 +260,34 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> </data> </element> <!-- string options --> - <element name="badpass_message" - a:defaultValue="Sorry, try again."> + <element name="badpass_message" a:defaultValue="Sorry, try again."> <text /> </element> - <element name="editor" - a:defaultValue="/PATH/TO/VI"> + <element name="editor" a:defaultValue="/PATH/TO/VI"> <!-- NOTE: absolute path not required --> <text /> </element> - <element name="mailsub" - a:defaultValue="*** SECURITY information for %h ***"> - + <element name="mailsub" a:defaultValue="*** SECURITY information for %h ***"> <text /> </element> - <element name="noexec_file" - a:defaultValue="/PATH/TO/SUDO_NOEXEC.SO"> + <element name="noexec_file" a:defaultValue="/PATH/TO/SUDO_NOEXEC.SO"> <data type="string"> <param name="pattern">/.*</param> </data> </element> - <element name="passprompt" - a:defaultValue="Password:"> + <element name="passprompt" a:defaultValue="Password:"> <text /> </element> <element name="role" a:defaultValue=""> <text /> </element> - <element name="runas_default" - a:defaultValue="root"> + <element name="runas_default" a:defaultValue="root"> <data type="string"> <param name="pattern"> [A-Za-z0-9_-]{1,16}</param> </data> </element> - <element name="syslog_badpri" - a:defaultValue="alert"> + <element name="syslog_badpri" a:defaultValue="alert"> <choice> <value>emerg</value> <value>alert</value> @@ -330,8 +299,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>debug</value> </choice> </element> - <element name="syslog_goodpri" - a:defaultValue="notice"> + <element name="syslog_goodpri" a:defaultValue="notice"> <choice> <value>emerg</value> <value>alert</value> @@ -343,14 +311,12 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>debug</value> </choice> </element> - <element name="timestampdir" - a:defaultValue="/var/db/sudo"> + <element name="timestampdir" a:defaultValue="/var/db/sudo"> <data type="string"> <param name="pattern">/.*</param> </data> </element> - <element name="timestampowner" - a:defaultValue="root"> + <element name="timestampowner" a:defaultValue="root"> <data type="string"> <param name="pattern"> [A-Za-z0-9_-]{1,16}</param> @@ -361,8 +327,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> </element> <!-- string/boolean options --> <!-- possibly bad option for us --> - <element name="exempt_group" - a:defaultValue="off"> + <element name="exempt_group" a:defaultValue="off"> <text /> </element> <element name="lecture" a:defaultValue="once"> @@ -372,8 +337,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>once</value> </choice> </element> - <element name="lecture_file" - a:defaultValue="built-in"> + <element name="lecture_file" a:defaultValue="built-in"> <data type="string"> <param name="pattern">(/.*|built-in)</param> </data> @@ -395,8 +359,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <element name="mailerflags" a:defaultValue="-t"> <text /> </element> - <element name="mailerpath" - a:defaultValue="/PATH/TO/SENDMAIL"> + <element name="mailerpath" a:defaultValue="/PATH/TO/SENDMAIL"> <text /> </element> <element name="syslog" a:defaultValue="authpriv"> |