Difference between revisions of "Sudoers"
(Started article) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
'''sudoers''' is a [[:Category:Linux Files|file]] (typically located at <code>/etc/sudoers</code>) containing a list of which users may execute what and various other rules. | '''sudoers''' is a [[:Category:Linux Files|file]] (typically located at <code>/etc/sudoers</code>) containing a list of which users may execute what and various other rules. | ||
| Line 42: | Line 40: | ||
</pre> | </pre> | ||
| − | == External links == | + | ==Miscellaneous== |
| − | * [http://www.courtesan.com/sudo/man/sudoers.html The Sudoers Manual] | + | Create your own custom prompt: |
| + | $ echo 'Defaults passprompt="MY LAUNCH CODE: "' > /etc/sudoers.d/custom_prompt | ||
| + | |||
| + | ==See also== | ||
| + | *[[sudo]] | ||
| + | *[[visudo]] | ||
| + | |||
| + | ==External links== | ||
| + | *[http://www.courtesan.com/sudo/man/sudoers.html The Sudoers Manual] | ||
[[Category:Linux Files]] | [[Category:Linux Files]] | ||
[[Category:Linux Command Line Tools]] | [[Category:Linux Command Line Tools]] | ||
Latest revision as of 11:29, 7 July 2014
sudoers is a file (typically located at /etc/sudoers) containing a list of which users may execute what and various other rules.
The sudoers file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what).
When multiple entries match for a user, they are applied in order. Where there are conflicting values, the last match is used (which is not necessarily the most specific match).
Example file
Since the sudoers file is parsed in a single pass, order is important. In general, you should structure sudoers such that the Host_Alias, User_Alias, and Cmnd_Alias specifications come first, followed by any Default_Entry lines, and finally the Runas_Alias and user specifications. The basic rule of thumb is you cannot reference an Alias that has not already been defined.
Below are example sudoers entries:
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Miscellaneous
Create your own custom prompt:
$ echo 'Defaults passprompt="MY LAUNCH CODE: "' > /etc/sudoers.d/custom_prompt
