Difference between revisions of "Sudoers"
(+"See also") |
|||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
'''sudoers''' is a [[:Category:Linux Files|file]] (typically located at <code>/etc/sudoers</code>) containing a list of which users may execute what and various other rules. | '''sudoers''' is a [[:Category:Linux Files|file]] (typically located at <code>/etc/sudoers</code>) containing a list of which users may execute what and various other rules. | ||
| Line 42: | Line 40: | ||
</pre> | </pre> | ||
| − | == See also == | + | ==See also== |
| − | * [[ | + | *[[sudo]] |
| − | * [[ | + | *[[visudo]] |
| − | == External links == | + | ==External links== |
| − | * [http://www.courtesan.com/sudo/man/sudoers.html The Sudoers Manual] | + | *[http://www.courtesan.com/sudo/man/sudoers.html The Sudoers Manual] |
[[Category:Linux Files]] | [[Category:Linux Files]] | ||
[[Category:Linux Command Line Tools]] | [[Category:Linux Command Line Tools]] | ||
Revision as of 02:02, 26 April 2007
sudoers is a file (typically located at /etc/sudoers) containing a list of which users may execute what and various other rules.
The sudoers file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what).
When multiple entries match for a user, they are applied in order. Where there are conflicting values, the last match is used (which is not necessarily the most specific match).
Example file
Since the sudoers file is parsed in a single pass, order is important. In general, you should structure sudoers such that the Host_Alias, User_Alias, and Cmnd_Alias specifications come first, followed by any Default_Entry lines, and finally the Runas_Alias and user specifications. The basic rule of thumb is you cannot reference an Alias that has not already been defined.
Below are example sudoers entries:
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
