User_Alias ::= a keyword.
USERALIAS ::= an upper\-case alias name.
- user\-list ::= a comma separated list of users and netgroups.
+ user\-list ::= a comma separated list of users, groups and netgroups.
command alias section format:
Cmnd_Alias CMNDALIAS = cmnd\-list
arg[1..n] ::= optional command line arguments.
Text after a pound sign ('#') is considered a comment.
+ Words that begin with a percent sign ('%') are assumed to
+ be UN*X groups (%staff refers to users in the group "staff").
Words that begin with a plus sign ('+') are assumed to
be netgroups (+cshosts refers to the netgroup "cshosts").
Long lines can be newline escaped with the backslash '\\' character.
# User specification
FULLTIME ALL=ALL
+ %wheel ALL=ALL
PARTTIME ALL=ALL,!SHELLS,!SU
+interns +openlabs=ALL,!SHELLS,!SU
britt REMOTE=SHUTDOWN:ALL=LPCS
.I sudoers
file specification is composed of 4 host alias specifications, 2 user alias
specifications, 4 command alias specifications and 8 user specifications. Full
-time staff (those in the FULLTIME alias) are allowed to execute any command on
-any host. Part time staff (those in the PARTTIME alias) are allowed to execute
-any command except for the group of SHELL and SU commands on any machine.
-Britt is permitted to execute /etc/halt, /etc/shutdown, /usr/etc/lpc and
-/usr/ucb/lprm on the REMOTE machines (merlin, kodiakthorn, and spirit).
-Nieusma is allowed to run /etc/halt, /etc/shutdown, and /etc/halt on all
-machines and all commands except for the group of SHELL commands on the HUB
-machines. Jill is permitted to execute /etc/shutdown with the "\-r now"
-flags, /bin/rm, and /bin/cat
-on houdini. Davehieb can execute any command on machines merlin and kodiakthorn
-and can halt the SERVERS. Any user in the netgroup "interns" may run any
-command on the machines in the netgroup "openlabs" except for those commands
-in the groups SHELL and SU. Steve can run any command located in the
-directory /usr/op_commands on all machines on the subnets listed in CSNETS
-(note that the 128.138.192 net has a netmask of 255.255.255.192 which is
-why its network number is 128.138.192.192). He may also su to operator
-but to no one else.
+time staff (those in the FULLTIME alias) and anyone in group "wheel" are
+allowed to execute any command on any host. Part time staff (those in the
+PARTTIME alias) are allowed to execute any command except for the group of
+SHELL and SU commands on any machine. Britt is permitted to execute /etc/halt,
+/etc/shutdown, /usr/etc/lpc and /usr/ucb/lprm on the REMOTE machines (merlin,
+kodiakthorn, and spirit). Nieusma is allowed to run /etc/halt, /etc/shutdown,
+and /etc/halt on all machines and all commands except for the group of SHELL
+commands on the HUB machines. Jill is permitted to execute /etc/shutdown with
+the "\-r now" flags, /bin/rm, and /bin/cat on houdini. Davehieb can execute
+any command on machines merlin and kodiakthorn and can halt the SERVERS. Any
+user in the netgroup "interns" may run any command on the machines in the
+netgroup "openlabs" except for those commands in the groups SHELL and SU.
+Steve can run any command located in the directory /usr/op_commands on all
+machines on the subnets listed in CSNETS (note that the 128.138.192 net has
+a netmask of 255.255.255.192 which is why its network number is
+128.138.192.192). He may also su to operator but to no one else.
.sp
.B sudo
projects / sudo / commitdiff