Annotation of src/usr.bin/sudo/sample.sudoers, Revision 1.1
1.1 ! millert 1: #
! 2: # Sample /etc/sudoers file.
! 3: #
! 4: # This file MUST be edited with the 'visudo' command as root.
! 5: #
! 6: # See the sudoers man page for the details on how to write a sudoers file.
! 7: #
! 8:
! 9: ##
! 10: # User alias specification
! 11: ##
! 12: User_Alias FULLTIMERS = millert, mikef, dowdy
! 13: User_Alias PARTTIMERS = bostley, jwfox, crawl
! 14: User_Alias WEBMASTERS = will, wendy, wim
! 15:
! 16: ##
! 17: # Runas alias specification
! 18: ##
! 19: Runas_Alias OP = root, operator
! 20: Runas_Alias DB = oracle, sybase
! 21:
! 22: ##
! 23: # Host alias specification
! 24: ##
! 25: Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
! 26: SGI = grolsch, dandelion, black:\
! 27: ALPHA = widget, thalamus, foobar:\
! 28: HPPA = boa, nag, python
! 29: Host_Alias CUNETS = 128.138.0.0/255.255.0.0
! 30: Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
! 31: Host_Alias SERVERS = master, mail, www, ns
! 32: Host_Alias CDROM = orion, perseus, hercules
! 33:
! 34: ##
! 35: # Cmnd alias specification
! 36: ##
! 37: Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
! 38: /usr/sbin/rrestore, /usr/bin/mt
! 39: Cmnd_Alias KILL = /usr/bin/kill
! 40: Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
! 41: Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
! 42: Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
! 43: Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
! 44: Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
! 45: /usr/local/bin/tcsh, /usr/bin/rsh, \
! 46: /usr/local/bin/zsh
! 47: Cmnd_Alias SU = /usr/bin/su
! 48: Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
! 49: /usr/bin/chfn
! 50:
! 51: ##
! 52: # Override builtin defaults
! 53: ##
! 54: Defaults syslog=auth
! 55: Defaults:FULLTIMERS !lecture
! 56: Defaults:millert !authenticate
! 57: Defaults@SERVERS log_year, logfile=/var/log/sudo.log
! 58:
! 59: ##
! 60: # User specification
! 61: ##
! 62:
! 63: # root and users in group wheel can run anything on any machine as any user
! 64: root ALL = (ALL) ALL
! 65: %wheel ALL = (ALL) ALL
! 66:
! 67: # full time sysadmins can run anything on any machine without a password
! 68: FULLTIMERS ALL = NOPASSWD: ALL
! 69:
! 70: # part time sysadmins may run anything but need a password
! 71: PARTTIMERS ALL = ALL
! 72:
! 73: # jack may run anything on machines in CSNETS
! 74: jack CSNETS = ALL
! 75:
! 76: # lisa may run any command on any host in CUNETS (a class B network)
! 77: lisa CUNETS = ALL
! 78:
! 79: # operator may run maintenance commands and anything in /usr/oper/bin/
! 80: operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
! 81: /usr/oper/bin/
! 82:
! 83: # joe may su only to operator
! 84: joe ALL = /usr/bin/su operator
! 85:
! 86: # pete may change passwords for anyone but root on the hp snakes
! 87: pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
! 88:
! 89: # bob may run anything on the sparc and sgi machines as any user
! 90: # listed in the Runas_Alias "OP" (ie: root and operator)
! 91: bob SPARC = (OP) ALL : SGI = (OP) ALL
! 92:
! 93: # jim may run anything on machines in the biglab netgroup
! 94: jim +biglab = ALL
! 95:
! 96: # users in the secretaries netgroup need to help manage the printers
! 97: # as well as add and remove users
! 98: +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
! 99:
! 100: # fred can run commands as oracle or sybase without a password
! 101: fred ALL = (DB) NOPASSWD: ALL
! 102:
! 103: # on the alphas, john may su to anyone but root and flags are not allowed
! 104: john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
! 105:
! 106: # jen can run anything on all machines except the ones
! 107: # in the "SERVERS" Host_Alias
! 108: jen ALL, !SERVERS = ALL
! 109:
! 110: # jill can run any commands in the directory /usr/bin/, except for
! 111: # those in the SU and SHELLS aliases.
! 112: jill SERVERS = /usr/bin/, !SU, !SHELLS
! 113:
! 114: # steve can run any command in the directory /usr/local/op_commands/
! 115: # as user operator.
! 116: steve CSNETS = (operator) /usr/local/op_commands/
! 117:
! 118: # matt needs to be able to kill things on his workstation when
! 119: # they get hung.
! 120: matt valkyrie = KILL
! 121:
! 122: # users in the WEBMASTERS User_Alias (will, wendy, and wim)
! 123: # may run any command as user www (which owns the web pages)
! 124: # or simply su to www.
! 125: WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
! 126:
! 127: # anyone can mount/unmount a cd-rom on the machines in the CDROM alias
! 128: ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
! 129: /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM