#
# This file MUST be edited with the 'visudo' command as root.
#
-# See the man page for the details on how to write a sudoers file.
+# See the sudoers man page for the details on how to write a sudoers file.
#
##
# User alias specification
##
-User_Alias FULLTIMERS=millert,mikef,dowdy
-User_Alias PARTTIMERS=bostley,jwfox,mccreary
+User_Alias FULLTIMERS = millert, mikef, dowdy
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+User_Alias WEBMASTERS = will, wendy, wim
##
# Runas alias specification
##
-Runas_Alias OP=root,operator
+Runas_Alias OP = root, operator
+Runas_Alias DB = oracle, sybase
##
-# Cmnd alias specification
+# Host alias specification
##
-Cmnd_Alias DUMPS=/usr.sbin/dump,/usr.sbin/rdump,/usr.sbin/restore,\
- /usr.sbin/rrestore,/usr/bin/mt
-Cmnd_Alias KILL=/usr/bin/kill
-Cmnd_Alias PRINTING=/usr.sbin/lpc,/usr.bin/lprm
-Cmnd_Alias SHUTDOWN=/usr.sbin/shutdown
-Cmnd_Alias HALT=/usr.sbin/halt,/usr.sbin/fasthalt
-Cmnd_Alias REBOOT=/usr.sbin/reboot,/usr.sbin/fastboot
-Cmnd_Alias SHELLS=/usr/bin/sh,/usr/bin/csh,/usr/bin/ksh,\
- /usr/local/bin/tcsh,/usr.bin/rsh,\
- /usr/local/bin/zsh
-Cmnd_Alias SU=/usr/bin/su
-Cmnd_Alias VIPW=/usr.sbin/vipw,/usr/sbin/vipw,/usr/bin/passwd
+Host_Alias SPARC = bigtime, eclipse, moet, anchor
+Host_Alias SGI = grolsch, dandelion, black
+Host_Alias ALPHA = widget, thalamus, foobar
+Host_Alias HPPA = boa, nag, python
+Host_Alias CUNETS = 128.138.0.0/255.255.0.0
+Host_Alias CSNETS = 128.138.243.0, 128.138.204.0, 128.138.242.0
+Host_Alias SERVERS = master, mail, www, ns
+Host_Alias CDROM = orion, perseus, hercules
##
-# Host alias specification
+# Cmnd alias specification
##
-Host_Alias SUN4=bruno,eclipse,moet,anchor
-Host_Alias SUN3=brazil,columbine
-Host_Alias DECSTATION=wilkinson,soma,dendrite,thang
-Host_Alias DECALPHA=widget,thalamus,foobar
-Host_Alias HPSNAKE=boa,nag,python
-Host_Alias CUNETS=128.138.0.0/255.255.0.0
-Host_Alias CSNETS=128.138.243.0,128.138.204.0,128.138.242.0
-Host_Alias SEVERS=master,mail,www,ns
+Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+ /usr/sbin/rrestore, /usr/bin/mt
+Cmnd_Alias KILL = /usr/bin/kill
+Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
+Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
+Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+ /usr/local/bin/tcsh, /usr/bin/rsh, \
+ /usr/local/bin/zsh
+Cmnd_Alias SU = /usr/bin/su
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+ /usr/bin/chfn
##
# User specification
##
# root and users in group wheel can run anything on any machine as any user
-root ALL=(ALL) ALL
-%wheel ALL=(ALL) ALL
+root ALL = (ALL) ALL
+%wheel ALL = (ALL) ALL
# full time sysadmins can run anything on any machine without a password
-FULLTIMERS ALL=NOPASSWD:ALL
-# part time sysadmins may run anything except root shells or su
-PARTTIMERS ALL=ALL,!SU,!SHELLS
+FULLTIMERS ALL = NOPASSWD: ALL
+
+# part time sysadmins may run anything but need a password
+PARTTIMERS ALL = ALL
-# rodney may run anything except root shells or su on machines in CSNETS
-rodney CSNETS=ALL,!SU,!SHELLS
+# jack may run anything on machines in CSNETS
+jack CSNETS = ALL
-# smartguy may run any command on any host in CUNETS (call B address)
-smartguy CUNETS=ALL
+# lisa may run any command on any host in CUNETS (a class B network)
+lisa CUNETS = ALL
# operator may run maintenance commands and anything in /usr/oper/bin/
-operator ALL=DUMPS,KILL,PRINTING,SHUTDOWN,HALT,REBOOT,/usr/oper/bin/
+operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
+ /usr/oper/bin/
# joe may su only to operator
-joe ALL=SU operator
+joe ALL = /usr/bin/su operator
-# pete may change passwords for anyone but root
-pete ALL=/usr/bin/passwd [A-z]*,!/usr/bin/passwd root
+# pete may change passwords for anyone but root on the hp snakes
+pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
-# bob may run anything except root shells or su on the sun3 and sun4 machines
-# as any user in the Runas_Alias "OP" (contains root and operator)
-bob SUN4=(OP) ALL, !SU, !SHELLS:\
- SUN3=(OP) ALL, !SU, !SHELLS
+# bob may run anything on the sparc and sgi machines as any user
+# listed in the Runas_Alias "OP" (ie: root and operator)
+bob SPARC = (OP) ALL : SGI = (OP) ALL
# jim may run anything on machines in the biglab netgroup
-jim +biglab=ALL
+jim +biglab = ALL
# users in the secretaries netgroup need to help manage the printers
-+secretaries ALL=PRINTING
+# as well as add and remove users
++secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
-# fred can run commands as oracle by specifying -u oracle on command line
-# without a password but cannot run su or any shells
-fred ALL=(oracle) NOPASSWD:ALL, !SU, !SHELLS
+# fred can run commands as oracle or sybase without a password
+fred ALL = (DB) NOPASSWD: ALL
-# john may su to anyone but root and flags are not allowed
-john ALL=SU [!-]*, !SU *root*
+# on the alphas, john may su to anyone but root and flags are not allowed
+john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
-# killroy can run all but shells and su on all machines but those
+# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
-killroy ALL,!SERVERS=ALL, !SU, !SHELLS
+jen ALL, !SERVERS = ALL
+
+# jill can run any commands in the directory /usr/bin/, except for
+# those in the SU and SHELLS aliases.
+jill SERVERS = /usr/bin/, !SU, !SHELLS
+
+# steve can run any command in the directory /usr/local/op_commands/
+# as user operator.
+steve CSNETS = (operator) /usr/local/op_commands/
+
+# matt needs to be able to kill things on his workstation when
+# they get hung.
+matt valkyrie = KILL
+
+# users in the WEBMASTERS User_Alias (will, wendy, and wim)
+# may run any command as use www (which owns the web pages)
+# or simply su to www.
+WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+
+# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
+ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
+ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
projects / sudo / commitdiff