Difference between revisions of "Sudoers"

From Christoph's Personal Wiki
Jump to: navigation, search
 
Line 39: Line 39:
 
  Cmnd_Alias    SU = /usr/bin/su
 
  Cmnd_Alias    SU = /usr/bin/su
 
</pre>
 
</pre>
 +
 +
==Miscellaneous==
 +
Create your own custom prompt:
 +
$ echo 'Defaults passprompt="MY LAUNCH CODE: "' > /etc/sudoers.d/custom_prompt
  
 
==See also==
 
==See also==

Latest revision as of 11:29, 7 July 2014

sudoers is a file (typically located at /etc/sudoers) containing a list of which users may execute what and various other rules.

The sudoers file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what).

When multiple entries match for a user, they are applied in order. Where there are conflicting values, the last match is used (which is not necessarily the most specific match).

Example file

Since the sudoers file is parsed in a single pass, order is important. In general, you should structure sudoers such that the Host_Alias, User_Alias, and Cmnd_Alias specifications come first, followed by any Default_Entry lines, and finally the Runas_Alias and user specifications. The basic rule of thumb is you cannot reference an Alias that has not already been defined.

Below are example sudoers entries: 

 User_Alias     FULLTIMERS = millert, mikef, dowdy
 User_Alias     PARTTIMERS = bostley, jwfox, crawl
 User_Alias     WEBMASTERS = will, wendy, wim

 Runas_Alias    OP = root, operator
 Runas_Alias    DB = oracle, sybase

 Host_Alias     SPARC = bigtime, eclipse, moet, anchor :\
                SGI = grolsch, dandelion, black :\
                ALPHA = widget, thalamus, foobar :\
                HPPA = boa, nag, python
 Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
 Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
 Host_Alias     SERVERS = master, mail, www, ns
 Host_Alias     CDROM = orion, perseus, hercules

 Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
                        /usr/sbin/restore, /usr/sbin/rrestore
 Cmnd_Alias     KILL = /usr/bin/kill
 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
 Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
 Cmnd_Alias     HALT = /usr/sbin/halt
 Cmnd_Alias     REBOOT = /usr/sbin/reboot
 Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
                         /usr/local/bin/tcsh, /usr/bin/rsh, \
                         /usr/local/bin/zsh
 Cmnd_Alias     SU = /usr/bin/su

Miscellaneous

Create your own custom prompt: 

$ echo 'Defaults passprompt="MY LAUNCH CODE: "' > /etc/sudoers.d/custom_prompt

See also

External links

Retrieved from "http://wiki.christophchamp.com/index.php?title=Sudoers&oldid=6071"