| 1 | ## Sudoers allows particular users to run various commands as |
|---|
| 2 | ## the root user, without needing the root password. |
|---|
| 3 | ## |
|---|
| 4 | ## Examples are provided at the bottom of the file for collections |
|---|
| 5 | ## of related commands, which can then be delegated out to particular |
|---|
| 6 | ## users or groups. |
|---|
| 7 | ## |
|---|
| 8 | ## This file must be edited with the 'visudo' command. |
|---|
| 9 | |
|---|
| 10 | ## Host Aliases |
|---|
| 11 | ## Groups of machines. You may prefer to use hostnames (perhaps using |
|---|
| 12 | ## wildcards for entire domains) or IP addresses instead. |
|---|
| 13 | # Host_Alias FILESERVERS = fs1, fs2 |
|---|
| 14 | # Host_Alias MAILSERVERS = smtp, smtp2 |
|---|
| 15 | |
|---|
| 16 | ## User Aliases |
|---|
| 17 | ## These aren't often necessary, as you can use regular groups |
|---|
| 18 | ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname |
|---|
| 19 | ## rather than USERALIAS |
|---|
| 20 | # User_Alias ADMINS = jsmith, mikem |
|---|
| 21 | |
|---|
| 22 | |
|---|
| 23 | ## Command Aliases |
|---|
| 24 | ## These are groups of related commands... |
|---|
| 25 | |
|---|
| 26 | ## Networking |
|---|
| 27 | Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool |
|---|
| 28 | |
|---|
| 29 | ## Installation and management of software |
|---|
| 30 | Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum |
|---|
| 31 | |
|---|
| 32 | ## Services |
|---|
| 33 | Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig |
|---|
| 34 | |
|---|
| 35 | ## Updating the locate database |
|---|
| 36 | Cmnd_Alias LOCATE = /usr/sbin/updatedb |
|---|
| 37 | |
|---|
| 38 | ## Storage |
|---|
| 39 | Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount |
|---|
| 40 | |
|---|
| 41 | ## Delegating permissions |
|---|
| 42 | Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp |
|---|
| 43 | |
|---|
| 44 | ## Processes |
|---|
| 45 | Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall |
|---|
| 46 | |
|---|
| 47 | ## Drivers |
|---|
| 48 | Cmnd_Alias DRIVERS = /sbin/modprobe |
|---|
| 49 | |
|---|
| 50 | #Defaults requiretty |
|---|
| 51 | |
|---|
| 52 | Defaults env_reset |
|---|
| 53 | Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" |
|---|
| 54 | Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" |
|---|
| 55 | Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" |
|---|
| 56 | Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" |
|---|
| 57 | Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" |
|---|
| 58 | |
|---|
| 59 | ## Next comes the main part: which users can run what software on |
|---|
| 60 | ## which machines (the sudoers file can be shared between multiple |
|---|
| 61 | ## systems). |
|---|
| 62 | ## Syntax: |
|---|
| 63 | ## |
|---|
| 64 | ## user MACHINE=COMMANDS |
|---|
| 65 | ## |
|---|
| 66 | ## The COMMANDS section may have other options added to it. |
|---|
| 67 | ## |
|---|
| 68 | ## Allow root to run any commands anywhere |
|---|
| 69 | root ALL=(ALL) ALL |
|---|
| 70 | |
|---|
| 71 | scripts ALL=(signup) NOPASSWD: /usr/local/bin/ldap-backup |
|---|
| 72 | rebecca ALL=(root) NOPASSWD: /sbin/service nscd restart |
|---|
| 73 | |
|---|
| 74 | munin ALL=(root) SETENV: NOPASSWD: /etc/munin/plugins/postfix_mailqueue , /etc/munin/plugins/postfix_mailvolume , /etc/munin/plugins/hddtemp_smartctl , /etc/munin/plugins/sendmail* , /etc/munin/plugins/if_* |
|---|
| 75 | munin ALL=(root) NOPASSWD: /etc/munin/plugins/smart_* |
|---|
