-1.7.5b2 January 13, 2011 1
+1.7.5b2 January 28, 2011 1
-1.7.5b2 January 13, 2011 2
+1.7.5b2 January 28, 2011 2
-1.7.5b2 January 13, 2011 3
+1.7.5b2 January 28, 2011 3
-1.7.5b2 January 13, 2011 4
+1.7.5b2 January 28, 2011 4
-1.7.5b2 January 13, 2011 5
+1.7.5b2 January 28, 2011 5
-1.7.5b2 January 13, 2011 6
+1.7.5b2 January 28, 2011 6
-1.7.5b2 January 13, 2011 7
+1.7.5b2 January 28, 2011 7
-1.7.5b2 January 13, 2011 8
+1.7.5b2 January 28, 2011 8
-1.7.5b2 January 13, 2011 9
+1.7.5b2 January 28, 2011 9
-1.7.5b2 January 13, 2011 10
+1.7.5b2 January 28, 2011 10
-1.7.5b2 January 13, 2011 11
+1.7.5b2 January 28, 2011 11
-1.7.5b2 January 13, 2011 12
+1.7.5b2 January 28, 2011 12
-1.7.5b2 January 13, 2011 13
+1.7.5b2 January 28, 2011 13
-1.7.5b2 January 13, 2011 14
+1.7.5b2 January 28, 2011 14
-1.7.5b2 January 13, 2011 15
+1.7.5b2 January 28, 2011 15
-1.7.5b2 January 13, 2011 16
+1.7.5b2 January 28, 2011 16
-1.7.5b2 January 13, 2011 17
+1.7.5b2 January 28, 2011 17
syslog_goodpri Syslog priority to use when user authenticates
successfully. Defaults to notice.
- sudoers_locale Locale to use when parsing the sudoers file. Note that
- changing the locale may affect how sudoers is
- interpreted. Defaults to "C".
+ sudoers_locale Locale to use when parsing the sudoers file, logging
+ commands, and sending email. Note that changing the
+ locale may affect how sudoers is interpreted. Defaults
+ to "C".
timestampdir The directory in which s\bsu\bud\bdo\bo stores its timestamp files.
The default is _\b/_\bv_\ba_\br_\b/_\ba_\bd_\bm_\b/_\bs_\bu_\bd_\bo.
never Never lecture the user.
- once Only lecture the user the first time they run s\bsu\bud\bdo\bo.
-1.7.5b2 January 13, 2011 18
+1.7.5b2 January 28, 2011 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ once Only lecture the user the first time they run s\bsu\bud\bdo\bo.
+
If no value is specified, a value of _\bo_\bn_\bc_\be is implied.
Negating the option results in a value of _\bn_\be_\bv_\be_\br being used.
The default value is _\bo_\bn_\bc_\be.
secure_path Path used for every command run from s\bsu\bud\bdo\bo. If you don't
trust the people running s\bsu\bud\bdo\bo to have a sane PATH
environment variable you may want to use this. Another use
- is if you want to have the "root path" be separate from the
- "user path." Users in the group specified by the
-1.7.5b2 January 13, 2011 19
+1.7.5b2 January 28, 2011 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ is if you want to have the "root path" be separate from the
+ "user path." Users in the group specified by the
_\be_\bx_\be_\bm_\bp_\bt_\b__\bg_\br_\bo_\bu_\bp option are not affected by _\bs_\be_\bc_\bu_\br_\be_\b__\bp_\ba_\bt_\bh. This
option is not set by default.
can be replaced, added to, deleted from, or disabled by
using the =, +=, -=, and ! operators respectively. The
default list of environment variables to remove is
- displayed when s\bsu\bud\bdo\bo is run by root with the _\b-_\bV option.
- Note that many operating systems will remove
-1.7.5b2 January 13, 2011 20
+1.7.5b2 January 28, 2011 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ displayed when s\bsu\bud\bdo\bo is run by root with the _\b-_\bV option.
+ Note that many operating systems will remove
potentially dangerous variables from the environment of
any setuid process (such as s\bsu\bud\bdo\bo).
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
- SGI = grolsch, dandelion, black :\
- ALPHA = widget, thalamus, foobar :\
-1.7.5b2 January 13, 2011 21
+1.7.5b2 January 28, 2011 21
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ SGI = grolsch, dandelion, black :\
+ ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Full time sysadmins (m\bmi\bil\bll\ble\ber\brt\bt, m\bmi\bik\bke\bef\bf, and d\bdo\bow\bwd\bdy\by) may run any command on
any host without authenticating themselves.
- PARTTIMERS ALL = ALL
-
-1.7.5b2 January 13, 2011 22
+1.7.5b2 January 28, 2011 22
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ PARTTIMERS ALL = ALL
+
Part time sysadmins (b\bbo\bos\bst\btl\ble\bey\by, j\bjw\bwf\bfo\box\bx, and c\bcr\bra\baw\bwl\bl) may run any command on
any host but they must authenticate themselves first (since the entry
lacks the NOPASSWD tag).
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
- Users in the s\bse\bec\bcr\bre\bet\bta\bar\bri\bie\bes\bs netgroup need to help manage the printers as
- well as add and remove users, so they are allowed to run those commands
-1.7.5b2 January 13, 2011 23
+1.7.5b2 January 28, 2011 23
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ Users in the s\bse\bec\bcr\bre\bet\bta\bar\bri\bie\bes\bs netgroup need to help manage the printers as
+ well as add and remove users, so they are allowed to run those commands
on all machines.
fred ALL = (DB) NOPASSWD: ALL
desired command to a different name and then executing that. For
example:
- bill ALL = ALL, !SU, !SHELLS
-
-1.7.5b2 January 13, 2011 24
+1.7.5b2 January 28, 2011 24
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ bill ALL = ALL, !SU, !SHELLS
+
Doesn't really prevent b\bbi\bil\bll\bl from running the commands listed in _\bS_\bU or
_\bS_\bH_\bE_\bL_\bL_\bS since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these
sudo -V | grep "dummy exec"
- If the resulting output contains a line that begins with:
-
-1.7.5b2 January 13, 2011 25
+1.7.5b2 January 28, 2011 25
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ If the resulting output contains a line that begins with:
+
File containing dummy exec functions:
then s\bsu\bud\bdo\bo may be able to replace the exec family of functions
S\bSU\bUP\bPP\bPO\bOR\bRT\bT
Limited free support is available via the sudo-users mailing list, see
- http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
- the archives.
-1.7.5b2 January 13, 2011 26
+1.7.5b2 January 28, 2011 26
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+ the archives.
+
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
s\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of
-
-
-
-1.7.5b2 January 13, 2011 27
+1.7.5b2 January 28, 2011 27
projects / sudo / commitdiff