From db160844252285b5b739ccc0ef423aaaa88583c3 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 18 Dec 1995 02:59:40 +0000 Subject: [PATCH] documented group support --- sudoers.man | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/sudoers.man b/sudoers.man index 88b1e45d7..2827b5406 100644 --- a/sudoers.man +++ b/sudoers.man @@ -35,7 +35,7 @@ user alias section format: User_Alias ::= a keyword. USERALIAS ::= an upper\-case alias name. - user\-list ::= a comma separated list of users and netgroups. + user\-list ::= a comma separated list of users, groups and netgroups. command alias section format: Cmnd_Alias CMNDALIAS = cmnd\-list @@ -51,6 +51,8 @@ command specification: arg[1..n] ::= optional command line arguments. Text after a pound sign ('#') is considered a comment. + Words that begin with a percent sign ('%') are assumed to + be UN*X groups (%staff refers to users in the group "staff"). Words that begin with a plus sign ('+') are assumed to be netgroups (+cshosts refers to the netgroup "cshosts"). Long lines can be newline escaped with the backslash '\\' character. @@ -93,6 +95,7 @@ command specification: # User specification FULLTIME ALL=ALL + %wheel ALL=ALL PARTTIME ALL=ALL,!SHELLS,!SU +interns +openlabs=ALL,!SHELLS,!SU britt REMOTE=SHUTDOWN:ALL=LPCS @@ -109,23 +112,22 @@ The above .I sudoers file specification is composed of 4 host alias specifications, 2 user alias specifications, 4 command alias specifications and 8 user specifications. Full -time staff (those in the FULLTIME alias) are allowed to execute any command on -any host. Part time staff (those in the PARTTIME alias) are allowed to execute -any command except for the group of SHELL and SU commands on any machine. -Britt is permitted to execute /etc/halt, /etc/shutdown, /usr/etc/lpc and -/usr/ucb/lprm on the REMOTE machines (merlin, kodiakthorn, and spirit). -Nieusma is allowed to run /etc/halt, /etc/shutdown, and /etc/halt on all -machines and all commands except for the group of SHELL commands on the HUB -machines. Jill is permitted to execute /etc/shutdown with the "\-r now" -flags, /bin/rm, and /bin/cat -on houdini. Davehieb can execute any command on machines merlin and kodiakthorn -and can halt the SERVERS. Any user in the netgroup "interns" may run any -command on the machines in the netgroup "openlabs" except for those commands -in the groups SHELL and SU. Steve can run any command located in the -directory /usr/op_commands on all machines on the subnets listed in CSNETS -(note that the 128.138.192 net has a netmask of 255.255.255.192 which is -why its network number is 128.138.192.192). He may also su to operator -but to no one else. +time staff (those in the FULLTIME alias) and anyone in group "wheel" are +allowed to execute any command on any host. Part time staff (those in the +PARTTIME alias) are allowed to execute any command except for the group of +SHELL and SU commands on any machine. Britt is permitted to execute /etc/halt, +/etc/shutdown, /usr/etc/lpc and /usr/ucb/lprm on the REMOTE machines (merlin, +kodiakthorn, and spirit). Nieusma is allowed to run /etc/halt, /etc/shutdown, +and /etc/halt on all machines and all commands except for the group of SHELL +commands on the HUB machines. Jill is permitted to execute /etc/shutdown with +the "\-r now" flags, /bin/rm, and /bin/cat on houdini. Davehieb can execute +any command on machines merlin and kodiakthorn and can halt the SERVERS. Any +user in the netgroup "interns" may run any command on the machines in the +netgroup "openlabs" except for those commands in the groups SHELL and SU. +Steve can run any command located in the directory /usr/op_commands on all +machines on the subnets listed in CSNETS (note that the 128.138.192 net has +a netmask of 255.255.255.192 which is why its network number is +128.138.192.192). He may also su to operator but to no one else. .sp .B sudo -- 2.40.0