Created
October 8, 2008 22:50
-
-
Save ezmobius/15641 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sudoers file. | |
| # Reset environment by default | |
| # This file MUST be edited with the 'visudo' command as root. | |
| # | |
| # See the sudoers man page for the details on how to write a sudoers file. | |
| # Defaults:%wheel !env_reset | |
| # Host alias specificationrs to export specific variables | |
| # Defaults:%users env_keep=TZ | |
| # User alias specification | |
| # Allow specific user to bypass env_delete for TERMCAP | |
| # Cmnd alias specificationlete-=TERMCAP | |
| # Defaults specificationvi, and do not allow visudo to use EDITOR/VISUAL. | |
| # Defaults editor=/usr/bin/vim, !env_editor | |
| # Reset environment by default | |
| Defaultsalias spenv_reseton | |
| # Uncomment to allow users in group wheel to export variables***** | |
| # Defaults:%wheelCCESS T!env_resetLOWS THEM TO RUN THE SPECIFIED * | |
| # * COMMANDS WITH ELEVATED PRIVILEGES. * | |
| # Allow users in group users to export specific variables * | |
| # Defaults:%usersUNTRUSTenv_keep=TZ ACCESS SUDO. * | |
| # **************************************************************** | |
| # Allow specific user to bypass env_delete for TERMCAP | |
| # Defaults:user env_delete-=TERMCAP | |
| root ALL=(ALL) ALL | |
| # Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL. | |
| # Defaultst to aeditor=/usr/bin/vim, !env_editorn all commands | |
| # %wheel ALL=(ALL) ALL | |
| # Runas alias specification | |
| # Same thing without a password | |
| # *** REMEMBER *************************************************** | |
| # * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED * | |
| # * COMMANDS WITH ELEVATED PRIVILEGES. *, or | |
| # * * | |
| # * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO. * | |
| # **************************************************************** | |
| # Samples | |
| # User privilege specificationm,/bin/umount /cdrom | |
| rootsersALL=(ALL) ALLsbin/shutdown -h now | |
| ez ALL=(ALL) ALL | |
| # Uncomment to allow people in group wheel to run all commands | |
| # %wheelALL) ALLALL=(ALL) ALL | |
| ez ALL=(ALL) NOPASSWD: /usr/bin/monit | |
| # Same thing without a password | |
| # %wheelALL) NOPALL=(ALL)sr/bin/NOPASSWD: ALL | |
| ez ALL=(ALL) ALL | |
| # Users in group www are allowed to edit httpd.conf using sudoedit, or | |
| # sudo -e, without a password. # | |
| # %www ALL=(ALL) NOPASSWD: sudoedit /etc/httpd.conf | |
| # Samples | |
| # %users ALL=/bin/mount /cdrom,/bin/umount /cdrom | |
| # %users localhost=/sbin/shutdown -h now | |
| ez ALL=(ALL) ALL | |
| ez ALL=(ALL) NOPASSWD: /usr/bin/monit | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment