[BACK]Return to sample.sudoers CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc / sample.sudoers
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Mon Jul 22 10:46:11 2013 UTC (10 years, 11 months ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_8p0, v1_8_8, v1_8_7p0, v1_8_7, v1_8_10p3_0, v1_8_10p3, HEAD
1.8.7

    1: #
    2: # Sample /etc/sudoers file.
    3: #
    4: # This file MUST be edited with the 'visudo' command as root.
    5: #
    6: # See the sudoers man page for the details on how to write a sudoers file.
    7: 
    8: ##
    9: # Override built-in defaults
   10: ##
   11: Defaults		syslog=auth
   12: Defaults>root		!set_logname
   13: Defaults:FULLTIMERS	!lecture
   14: Defaults:millert	!authenticate
   15: Defaults@SERVERS	log_year, logfile=/var/log/sudo.log
   16: Defaults!PAGERS		noexec
   17: 
   18: ##
   19: # User alias specification
   20: ##
   21: User_Alias	FULLTIMERS = millert, mikef, dowdy
   22: User_Alias	PARTTIMERS = bostley, jwfox, crawl
   23: User_Alias	WEBMASTERS = will, wendy, wim
   24: 
   25: ##
   26: # Runas alias specification
   27: ##
   28: Runas_Alias	OP = root, operator
   29: Runas_Alias	DB = oracle, sybase
   30: 
   31: ##
   32: # Host alias specification
   33: ##
   34: Host_Alias	SPARC = bigtime, eclipse, moet, anchor:\
   35: 		SGI = grolsch, dandelion, black:\
   36: 		ALPHA = widget, thalamus, foobar:\
   37: 		HPPA = boa, nag, python
   38: Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
   39: Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
   40: Host_Alias	SERVERS = master, mail, www, ns
   41: Host_Alias	CDROM = orion, perseus, hercules
   42: 
   43: ##
   44: # Cmnd alias specification
   45: ##
   46: Cmnd_Alias	DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
   47: 			/usr/sbin/rrestore, /usr/bin/mt, \
   48: 			sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
   49: 			/home/operator/bin/start_backups
   50: Cmnd_Alias	KILL = /usr/bin/kill
   51: Cmnd_Alias	PRINTING = /usr/sbin/lpc, /usr/bin/lprm
   52: Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown
   53: Cmnd_Alias	HALT = /usr/sbin/halt
   54: Cmnd_Alias	REBOOT = /usr/sbin/reboot
   55: Cmnd_Alias	SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
   56: 			 /usr/local/bin/tcsh, /usr/bin/rsh, \
   57: 			 /usr/local/bin/zsh
   58: Cmnd_Alias	SU = /usr/bin/su
   59: Cmnd_Alias	VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
   60: 		       /usr/bin/chfn
   61: Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
   62: 
   63: ##
   64: # User specification
   65: ##
   66: 
   67: # root and users in group wheel can run anything on any machine as any user
   68: root		ALL = (ALL) ALL
   69: %wheel		ALL = (ALL) ALL
   70: 
   71: # full time sysadmins can run anything on any machine without a password
   72: FULLTIMERS	ALL = NOPASSWD: ALL
   73: 
   74: # part time sysadmins may run anything but need a password
   75: PARTTIMERS	ALL = ALL
   76: 
   77: # jack may run anything on machines in CSNETS
   78: jack		CSNETS = ALL
   79: 
   80: # lisa may run any command on any host in CUNETS (a class B network)
   81: lisa		CUNETS = ALL
   82: 
   83: # operator may run maintenance commands and anything in /usr/oper/bin/
   84: operator	ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
   85: 		sudoedit /etc/printcap, /usr/oper/bin/
   86: 
   87: # joe may su only to operator
   88: joe		ALL = /usr/bin/su operator
   89: 
   90: # pete may change passwords for anyone but root on the hp snakes
   91: pete		HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
   92: 
   93: # bob may run anything on the sparc and sgi machines as any user
   94: # listed in the Runas_Alias "OP" (ie: root and operator)
   95: bob		SPARC = (OP) ALL : SGI = (OP) ALL
   96: 
   97: # jim may run anything on machines in the biglab netgroup
   98: jim		+biglab = ALL
   99: 
  100: # users in the secretaries netgroup need to help manage the printers
  101: # as well as add and remove users
  102: +secretaries	ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
  103: 
  104: # fred can run commands as oracle or sybase without a password
  105: fred		ALL = (DB) NOPASSWD: ALL
  106: 
  107: # on the alphas, john may su to anyone but root and flags are not allowed
  108: john		ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
  109: 
  110: # jen can run anything on all machines except the ones
  111: # in the "SERVERS" Host_Alias
  112: jen		ALL, !SERVERS = ALL
  113: 
  114: # jill can run any commands in the directory /usr/bin/, except for
  115: # those in the SU and SHELLS aliases.
  116: jill		SERVERS = /usr/bin/, !SU, !SHELLS
  117: 
  118: # steve can run any command in the directory /usr/local/op_commands/
  119: # as user operator.
  120: steve		CSNETS = (operator) /usr/local/op_commands/
  121: 
  122: # matt needs to be able to kill things on his workstation when
  123: # they get hung.
  124: matt		valkyrie = KILL
  125: 
  126: # users in the WEBMASTERS User_Alias (will, wendy, and wim)
  127: # may run any command as user www (which owns the web pages)
  128: # or simply su to www.
  129: WEBMASTERS	www = (www) ALL, (root) /usr/bin/su www
  130: 
  131: # anyone can mount/unmount a cd-rom on the machines in the CDROM alias
  132: ALL		CDROM = NOPASSWD: /sbin/umount /CDROM,\
  133: 		/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>