| version 1.8, 2008/01/07 14:10:08 |
version 1.9, 2008/07/31 16:44:03 |
|
|
| =cut |
|
| Copyright (c) 1994-1996, 1998-2005, 2007 |
Copyright (c) 1994-1996, 1998-2005, 2007 |
| Todd C. Miller <Todd.Miller@courtesan.com> |
Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
|
|
| Agency (DARPA) and Air Force Research Laboratory, Air Force |
Agency (DARPA) and Air Force Research Laboratory, Air Force |
| Materiel Command, USAF, under agreement number F39502-99-1-0512. |
Materiel Command, USAF, under agreement number F39502-99-1-0512. |
| |
|
| $Sudo: sudoers.pod,v 1.95.2.23 2008/01/05 23:59:42 millert Exp $ |
$Sudo: sudoers.pod,v 1.95.2.27 2008/07/12 12:49:04 millert Exp $ |
| =pod |
=pod |
| |
|
| =head1 NAME |
=head1 NAME |
|
|
| ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm |
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm |
| |
|
| would allow the user B<ray> to run F</bin/kill>, F</bin/ls>, and |
would allow the user B<ray> to run F</bin/kill>, F</bin/ls>, and |
| F</usr/bin/lprm> as root on the machine rushmore as B<root> without |
F</usr/bin/lprm> as B<root> on the machine rushmore without |
| authenticating himself. If we only want B<ray> to be able to |
authenticating himself. If we only want B<ray> to be able to |
| run F</bin/kill> without a password the entry would be: |
run F</bin/kill> without a password the entry would be: |
| |
|
|
|
| |
|
| =item ignore_local_sudoers |
=item ignore_local_sudoers |
| |
|
| If set via LDAP, parsing of @sysconfdir@/sudoers will be skipped. |
If set via LDAP, parsing of F<@sysconfdir@/sudoers> will be skipped. |
| This is intended for Enterprises that wish to prevent the usage of local |
This is intended for Enterprises that wish to prevent the usage of local |
| sudoers files so that only LDAP is used. This thwarts the efforts of |
sudoers files so that only LDAP is used. This thwarts the efforts of |
| rogue operators who would attempt to add roles to @sysconfdir@/sudoers. |
rogue operators who would attempt to add roles to F<@sysconfdir@/sudoers>. |
| When this option is present, @sysconfdir@/sudoers does not even need to exist. |
When this option is present, F<@sysconfdir@/sudoers> does not even need to |
| Since this option tells B<sudo> how to behave when no specific LDAP entries |
exist. Since this option tells B<sudo> how to behave when no specific LDAP |
| have been matched, this sudoOption is only meaningful for the cn=defaults |
entries have been matched, this sudoOption is only meaningful for the |
| section. This flag is I<off> by default. |
C<cn=defaults> section. This flag is I<off> by default. |
| |
|
| =item insults |
=item insults |
| |
|
|
|
| |
|
| =head1 FILES |
=head1 FILES |
| |
|
| =over 4 |
=over 24 |
| |
|
| =item F<@sysconfdir@/sudoers>C< > |
=item F<@sysconfdir@/sudoers> |
| |
|
| List of who can run what |
List of who can run what |
| |
|
| =item F</etc/group>C< > |
=item F</etc/group> |
| |
|
| Local groups file |
Local groups file |
| |
|
| =item F</etc/netgroup>C< > |
=item F</etc/netgroup> |
| |
|
| List of network groups |
List of network groups |
| |
|
| =back |
=back |
![[BACK]](/icons/back.gif){kind=icon}
Return to sudoers.pod CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo