Annotation of embedaddon/sudo/doc/sample.sudoers, revision 1.1
1.1 ! misho 1: #
! 2: # Sample /etc/sudoers file.
! 3: #
! 4: # This file MUST be edited with the 'visudo' command as root.
! 5: #
! 6: # See the sudoers man page for the details on how to write a sudoers file.
! 7:
! 8: ##
! 9: # Override built-in defaults
! 10: ##
! 11: Defaults syslog=auth
! 12: Defaults>root !set_logname
! 13: Defaults:FULLTIMERS !lecture
! 14: Defaults:millert !authenticate
! 15: Defaults@SERVERS log_year, logfile=/var/log/sudo.log
! 16: Defaults!PAGERS noexec
! 17:
! 18: ##
! 19: # User alias specification
! 20: ##
! 21: User_Alias FULLTIMERS = millert, mikef, dowdy
! 22: User_Alias PARTTIMERS = bostley, jwfox, crawl
! 23: User_Alias WEBMASTERS = will, wendy, wim
! 24:
! 25: ##
! 26: # Runas alias specification
! 27: ##
! 28: Runas_Alias OP = root, operator
! 29: Runas_Alias DB = oracle, sybase
! 30:
! 31: ##
! 32: # Host alias specification
! 33: ##
! 34: Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
! 35: SGI = grolsch, dandelion, black:\
! 36: ALPHA = widget, thalamus, foobar:\
! 37: HPPA = boa, nag, python
! 38: Host_Alias CUNETS = 128.138.0.0/255.255.0.0
! 39: Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
! 40: Host_Alias SERVERS = master, mail, www, ns
! 41: Host_Alias CDROM = orion, perseus, hercules
! 42:
! 43: ##
! 44: # Cmnd alias specification
! 45: ##
! 46: Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
! 47: /usr/sbin/rrestore, /usr/bin/mt
! 48: Cmnd_Alias KILL = /usr/bin/kill
! 49: Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
! 50: Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
! 51: Cmnd_Alias HALT = /usr/sbin/halt
! 52: Cmnd_Alias REBOOT = /usr/sbin/reboot
! 53: Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
! 54: /usr/local/bin/tcsh, /usr/bin/rsh, \
! 55: /usr/local/bin/zsh
! 56: Cmnd_Alias SU = /usr/bin/su
! 57: Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
! 58: /usr/bin/chfn
! 59: Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
! 60:
! 61: ##
! 62: # User specification
! 63: ##
! 64:
! 65: # root and users in group wheel can run anything on any machine as any user
! 66: root ALL = (ALL) ALL
! 67: %wheel ALL = (ALL) ALL
! 68:
! 69: # full time sysadmins can run anything on any machine without a password
! 70: FULLTIMERS ALL = NOPASSWD: ALL
! 71:
! 72: # part time sysadmins may run anything but need a password
! 73: PARTTIMERS ALL = ALL
! 74:
! 75: # jack may run anything on machines in CSNETS
! 76: jack CSNETS = ALL
! 77:
! 78: # lisa may run any command on any host in CUNETS (a class B network)
! 79: lisa CUNETS = ALL
! 80:
! 81: # operator may run maintenance commands and anything in /usr/oper/bin/
! 82: operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
! 83: sudoedit /etc/printcap, /usr/oper/bin/
! 84:
! 85: # joe may su only to operator
! 86: joe ALL = /usr/bin/su operator
! 87:
! 88: # pete may change passwords for anyone but root on the hp snakes
! 89: pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
! 90:
! 91: # bob may run anything on the sparc and sgi machines as any user
! 92: # listed in the Runas_Alias "OP" (ie: root and operator)
! 93: bob SPARC = (OP) ALL : SGI = (OP) ALL
! 94:
! 95: # jim may run anything on machines in the biglab netgroup
! 96: jim +biglab = ALL
! 97:
! 98: # users in the secretaries netgroup need to help manage the printers
! 99: # as well as add and remove users
! 100: +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
! 101:
! 102: # fred can run commands as oracle or sybase without a password
! 103: fred ALL = (DB) NOPASSWD: ALL
! 104:
! 105: # on the alphas, john may su to anyone but root and flags are not allowed
! 106: john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
! 107:
! 108: # jen can run anything on all machines except the ones
! 109: # in the "SERVERS" Host_Alias
! 110: jen ALL, !SERVERS = ALL
! 111:
! 112: # jill can run any commands in the directory /usr/bin/, except for
! 113: # those in the SU and SHELLS aliases.
! 114: jill SERVERS = /usr/bin/, !SU, !SHELLS
! 115:
! 116: # steve can run any command in the directory /usr/local/op_commands/
! 117: # as user operator.
! 118: steve CSNETS = (operator) /usr/local/op_commands/
! 119:
! 120: # matt needs to be able to kill things on his workstation when
! 121: # they get hung.
! 122: matt valkyrie = KILL
! 123:
! 124: # users in the WEBMASTERS User_Alias (will, wendy, and wim)
! 125: # may run any command as user www (which owns the web pages)
! 126: # or simply su to www.
! 127: WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
! 128:
! 129: # anyone can mount/unmount a cd-rom on the machines in the CDROM alias
! 130: ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
! 131: /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sample.sudoers CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc