From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 22 Aug 1999 11:26:23 +0000 (+0000)
Subject: better examples
X-Git-Tag: SUDO_1_6_0~117
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c58303644fbc20f3f2875936db4bb197352342d5;p=sudo

better examples
---

diff --git a/sample.sudoers b/sample.sudoers
index 67611d507..8c5879bfe 100644
--- a/sample.sudoers
+++ b/sample.sudoers
@@ -3,94 +3,119 @@
 #
 # This file MUST be edited with the 'visudo' command as root.
 #
-# See the man page for the details on how to write a sudoers file.
+# See the sudoers man page for the details on how to write a sudoers file.
 #
 
 ##
 # User alias specification
 ##
-User_Alias	FULLTIMERS=millert,mikef,dowdy
-User_Alias	PARTTIMERS=bostley,jwfox,mccreary
+User_Alias	FULLTIMERS = millert, mikef, dowdy
+User_Alias	PARTTIMERS = bostley, jwfox, crawl
+User_Alias	WEBMASTERS = will, wendy, wim
 
 ##
 # Runas alias specification
 ##
-Runas_Alias	OP=root,operator
+Runas_Alias	OP = root, operator
+Runas_Alias	DB = oracle, sybase
 
 ##
-# Cmnd alias specification
+# Host alias specification
 ##
-Cmnd_Alias      DUMPS=/usr.sbin/dump,/usr.sbin/rdump,/usr.sbin/restore,\
-		      /usr.sbin/rrestore,/usr/bin/mt
-Cmnd_Alias	KILL=/usr/bin/kill
-Cmnd_Alias	PRINTING=/usr.sbin/lpc,/usr.bin/lprm
-Cmnd_Alias	SHUTDOWN=/usr.sbin/shutdown
-Cmnd_Alias	HALT=/usr.sbin/halt,/usr.sbin/fasthalt
-Cmnd_Alias	REBOOT=/usr.sbin/reboot,/usr.sbin/fastboot
-Cmnd_Alias	SHELLS=/usr/bin/sh,/usr/bin/csh,/usr/bin/ksh,\
-                       /usr/local/bin/tcsh,/usr.bin/rsh,\
-                       /usr/local/bin/zsh
-Cmnd_Alias	SU=/usr/bin/su
-Cmnd_Alias	VIPW=/usr.sbin/vipw,/usr/sbin/vipw,/usr/bin/passwd
+Host_Alias	SPARC = bigtime, eclipse, moet, anchor
+Host_Alias	SGI = grolsch, dandelion, black
+Host_Alias 	ALPHA = widget, thalamus, foobar
+Host_Alias	HPPA = boa, nag, python
+Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
+Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0, 128.138.242.0
+Host_Alias	SERVERS = master, mail, www, ns
+Host_Alias	CDROM = orion, perseus, hercules
 
 ##
-# Host alias specification
+# Cmnd alias specification
 ##
-Host_Alias	SUN4=bruno,eclipse,moet,anchor
-Host_Alias	SUN3=brazil,columbine
-Host_Alias	DECSTATION=wilkinson,soma,dendrite,thang
-Host_Alias 	DECALPHA=widget,thalamus,foobar
-Host_Alias	HPSNAKE=boa,nag,python
-Host_Alias	CUNETS=128.138.0.0/255.255.0.0
-Host_Alias	CSNETS=128.138.243.0,128.138.204.0,128.138.242.0
-Host_Alias	SEVERS=master,mail,www,ns
+Cmnd_Alias	DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+			/usr/sbin/rrestore, /usr/bin/mt
+Cmnd_Alias	KILL = /usr/bin/kill
+Cmnd_Alias	PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias	HALT = /usr/sbin/halt, /usr/sbin/fasthalt
+Cmnd_Alias	REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
+Cmnd_Alias	SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+			 /usr/local/bin/tcsh, /usr/bin/rsh, \
+			 /usr/local/bin/zsh
+Cmnd_Alias	SU = /usr/bin/su
+Cmnd_Alias	VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+		       /usr/bin/chfn
 
 ##
 # User specification
 ##
 
 # root and users in group wheel can run anything on any machine as any user
-root		ALL=(ALL) ALL
-%wheel		ALL=(ALL) ALL
+root		ALL = (ALL) ALL
+%wheel		ALL = (ALL) ALL
 
 # full time sysadmins can run anything on any machine without a password
-FULLTIMERS	ALL=NOPASSWD:ALL
-# part time sysadmins may run anything except root shells or su
-PARTTIMERS	ALL=ALL,!SU,!SHELLS
+FULLTIMERS	ALL = NOPASSWD: ALL
+
+# part time sysadmins may run anything but need a password
+PARTTIMERS	ALL = ALL
 
-# rodney may run anything except root shells or su on machines in CSNETS
-rodney		CSNETS=ALL,!SU,!SHELLS
+# jack may run anything on machines in CSNETS
+jack		CSNETS = ALL
 
-# smartguy may run any command on any host in CUNETS (call B address)
-smartguy	CUNETS=ALL
+# lisa may run any command on any host in CUNETS (a class B network)
+lisa		CUNETS = ALL
 
 # operator may run maintenance commands and anything in /usr/oper/bin/
-operator	ALL=DUMPS,KILL,PRINTING,SHUTDOWN,HALT,REBOOT,/usr/oper/bin/
+operator	ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
+		/usr/oper/bin/
 
 # joe may su only to operator
-joe		ALL=SU operator
+joe		ALL = /usr/bin/su operator
 
-# pete may change passwords for anyone but root
-pete		ALL=/usr/bin/passwd [A-z]*,!/usr/bin/passwd root
+# pete may change passwords for anyone but root on the hp snakes
+pete		HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
 
-# bob may run anything except root shells or su on the sun3 and sun4 machines
-# as any user in the Runas_Alias "OP" (contains root and operator)
-bob		SUN4=(OP) ALL, !SU, !SHELLS:\
-		SUN3=(OP) ALL, !SU, !SHELLS
+# bob may run anything on the sparc and sgi machines as any user
+# listed in the Runas_Alias "OP" (ie: root and operator)
+bob		SPARC = (OP) ALL : SGI = (OP) ALL
 
 # jim may run anything on machines in the biglab netgroup
-jim		+biglab=ALL
+jim		+biglab = ALL
 
 # users in the secretaries netgroup need to help manage the printers
-+secretaries	ALL=PRINTING
+# as well as add and remove users
++secretaries	ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
 
-# fred can run commands as oracle by specifying -u oracle on command line
-# without a password but cannot run su or any shells
-fred		ALL=(oracle) NOPASSWD:ALL, !SU, !SHELLS
+# fred can run commands as oracle or sybase without a password
+fred		ALL = (DB) NOPASSWD: ALL
 
-# john may su to anyone but root and flags are not allowed
-john		ALL=SU [!-]*, !SU *root*
+# on the alphas, john may su to anyone but root and flags are not allowed
+john		ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
 
-# killroy can run all but shells and su on all machines but those
+# jen can run anything on all machines except the ones
 # in the "SERVERS" Host_Alias
-killroy		ALL,!SERVERS=ALL, !SU, !SHELLS
+jen		ALL, !SERVERS = ALL
+
+# jill can run any commands in the directory /usr/bin/, except for
+# those in the SU and SHELLS aliases.
+jill		SERVERS = /usr/bin/, !SU, !SHELLS
+
+# steve can run any command in the directory /usr/local/op_commands/
+# as user operator.
+steve		CSNETS = (operator) /usr/local/op_commands/
+
+# matt needs to be able to kill things on his workstation when
+# they get hung.
+matt		valkyrie = KILL
+
+# users in the WEBMASTERS User_Alias (will, wendy, and wim)
+# may run any command as use www (which owns the web pages)
+# or simply su to www.
+WEBMASTERS	www = (www) ALL, (root) /usr/bin/su www
+
+# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
+ALL		CDROM = NOPASSWD: /sbin/umount /CDROM,\
+		/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
diff --git a/sudoers b/sudoers
index ca2aed24d..f49eb49dd 100644
--- a/sudoers
+++ b/sudoers
@@ -2,7 +2,7 @@
 #
 # This file MUST be edited with the 'visudo' command as root.
 #
-# See the man page for the details on how to write a sudoers file.
+# See the sudoers man page for the details on how to write a sudoers file.
 #
 
 # Host alias specification