For full details of all changes, see the ChangeLog file or view the commit history via mercurial or GitHub
To support this, there is a new intercept Defaults setting and an INTERCEPT command tag that can be used in sudoers. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh Defaults!SHELLS interceptwould cause sudo to run the listed shells in intercept mode. This can also be set on a per-rule basis. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh chuck ALL = INTERCEPT: SHELLS
would only apply intercept mode to user chuck when running one of the listed shells.
In intercept mode, sudo will not prompt for a password before running
a sub-command and will not allow a set-user-ID or set-group-ID program
to be run by default. The new intercept_authenticate and
sudoers
settings can be used to change this behavior.
The --disable-log-server and --disable-log-client configure options can be used to disable building the I/O log server and/or remote I/O log support in the sudoers plugin.
Sudo 1.9.0 comes with several Python example plugins that get installed sudo's examples directory.
The sudo blog article What's new in sudo 1.9: Python includes a simple tutorial on writing python plugins.