############################################################# # /opt/sudo/conf/sudoers: sudo permissions file # # Change Log: # Who When What # ---- ---------- ---------------------------------------------- # # ############################## ## User alias specification ## ############################## # Defines shorthand names for users and groups using names # from /etc/passwd and /etc/group # Format: User_Alias = # | # [, ] | # [, ] # # Outside of scope of this paper: It is also possible to use NIS/LDAP # users and groups. ## # Create the single user "notroot" as User_Alias "APPOWNER" User_Alias APPOWNER = notroot # Use the Group "staff" to define User_Alias "ADMINS" User_Alias ADMINS = %staff # Alternatively, define User_Alias "ADMINS" with individual user IDs # User_Alias ADMINS = bob,chuck,steve # Here is an example mixing users and groups (suppose that # "bob" was not a member of %staff) # User_Alias ADMINS = bob,%staff ############################### ## Runas alias specification ## ############################### # Defines shorthand names for IDs under which sudo'd programs # will run; uses names from /etc/passwd, and default is "root" # Can optionally include Group IDs from /etc/group to provide a Group context # You can specify multiple Runas aliases and then use them # to give different user and/or group contexts to commands # executed via sudo # Format: Runas_Alias = [,[,]] ## # This Runas alias, "OVERLORD", is redundant, but is shown for # the sake of explicitness Runas_Alias OVERLORD = root # This Runas alias would cause commands run under its auspices # to execute with the same permissions as an unprivileged # sendmail instance Runas_Alias MAILSYS = smmsp,smmsp ############################## ## Host alias specification ## ############################## # Defines a shorthand for the hosts on which commands can be # run. Running commands on other hosts would required rsh # or other remote execution functionality # Format: Host_Alias = ## Host_Alias HOST = host.domain.tld ############################## ## Cmnd alias specification ## ############################## # Defines shorthand specs for various commands # Commands may contain parameters (it is necessary to escape some # characters in parameter) # Multiple commands may be specified per Cmnd_Alias, separated by # commas; a \ is the line-continuation character # Format: Cmnd_Alias = # Command necessary to make/restore backups and operate tape drive Cmnd_Alias TAPE = /usr/sbin/ufsdump, /usr/sbin/ufsrestore, \ /usr/bin/mt # System shutdown command Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown # Process kill command Cmnd_Alias KILL = /usr/bin/kill # Super-user command Cmnd_Alias SU = /usr/bin/su # Editor for this file Cmnd_Alias SUEDIT = /sbin/visudo # syslogd management Cmnd_Alias SYSLOG = /etc/init.d/syslog, /usr/sbin/syslogd # Sendmail in test mode Cmnd_Alias TESTSEND = /usr/lib/sendmail -bt ############################### ## Override builtin defaults ## ############################### ## Formats: # Defaults<:optional list of users> [whitespace]