Provided by:
manpages-ja_0.5.0.0.20110915-1_all 
SUDOERS
sudo Default_Entry Defaults
:
always_set_home sudo HOME (-u root ) sudo -H off
authenticate () PASSWD NOPASSWD on
closefrom_override
sudo -C -C sudo off
env_editor visudo EDITOR VISUAL root env_editor sudoers editor
visudo EDITOR VISUAL editor off
env_reset sudo LOGNAME, SHELL, USER, USERNAME SUDO_* sudo
env_keep env_check env_keep env_check root sudo -V
sudoers secure_path PATH on
fqdn sudoers myhost myhost.mydomain.edu () fqdn sudo DNS
DNS sudo () DNS (CNAME ) DNS (hostname ) fqdn off
ignore_dot PATH '.' '' () sudo PATH off
ignore_local_sudoers
LDAP /etc/sudoers sudoers LDAP /etc/sudoers
/etc/sudoers LDAP sudo sudoOption cn=defaults off
insults sudo off
log_host (syslog ) sudo off
log_year (syslog ) sudo off
long_otp_prompt S/Key OPIE One Time Password (OTP) off
mail_always sudo mailto off
mail_badpass sudo mailto off
mail_no_host sudo sudoers mailto off
mail_no_perms sudo sudo sudoers mailto off
mail_no_user sudo sudoers mailto on
noexec sudo EXEC NOEXEC NOEXEC EXEC off
path_info sudo PATH PATH sudo on
passprompt_override
passprompt PAM "Password:" passprompt_override
passprompt off
preserve_groups sudo preserve_groups sudo ID ID off
pwfeedback Unix sudo Return ( Enter) off sudo pwfeedback sudo
off
requiretty sudo tty sudo cron(8) cgi-bin off
root_sudo root sudo "sudo sudo /bin/sh" sudo root_sudo off
root sudoedit root_sudo on
rootpw sudo root off
runaspw sudo sudoers runas_default ( root ) off
set_home sudo -s HOME (-u root ) -s -H off
set_logname sudo LOGNAME, USER, USERNAME (-u root) ( RCS )
LOGNAME set_logname '!' env_reset env_keep
set_logname on
setenv env_reset env_check, env_delete, env_keep off
shell_noargs sudo sudo -s root ( SHELL sudo /etc/passwd ) off
fast_glob sudo glob(3) (glob) glob(3) () fast_glob sudo
fnmatch(3) fast_glob ./ls ../bin/ls off
stay_setuid sudo UID UID ( root) sudo UID UID sudo setuid
setuid setreuid() setresuid() off
targetpw sudo -u ( root) -u passwd uid off
tty_tickets tty sudo ( /var/run/sudo) sudo tty off
umask_override sudo umask sudoers umask umask umask sudoers sudo
umask_override sudo umask umask sudoers umask off
visiblepw sudo visiblepw sudo rsh(1) tty "rsh somehost sudo ls"
off
:
closefrom sudo ( 0-2 ) closefrom 0-2 3
passwd_tries sudo 3
:
loglinelen sudo syslog 80 ( 0 '!' )
passwd_timeout sudo 5 0
timestamp_timeout
sudo 5 0 0 sudo -v sudo -k
umask umask umask '!' 0777 0777 umask umask umask umask
sudo umask umask umask 0022 PAM PAM umask sudoers
:
badpass_message insults Sorry, try again.
editor visudo (':') visudo EDITOR vi
mailsub mailto %h *** SECURITY information for %h ***
noexec_file execv(), execve(), fexecve() () LD_PRELOAD noexec
/usr/local/libexec/sudo_noexec.so
passprompt -p SUDO_PROMPT (`%')
%H ( fqdn )
%h
%p (sudoers rootpw, targetpw, runaspw )
%U ( root)
%u sudo
%% % %
Password:
runas_default -u root runas_default Runas_Alias
syslog_badpri syslog (priority) alert
syslog_goodpri syslog (priority) notice
sudoers_locale sudoers sudoers "C"
timestampdir sudo /var/run/sudo
timestampowner root
:
askpass askpass sudo () askpass askpass SUDO_ASKPASS
env_file env_file VARIABLE=value export VARIABLE=value env_keep
env_check sudo
exempt_group
secure_path PATH
lecture sudo
always
never
once sudo
once '!' never once
lecture_file
sudo lecture_file sudo
listpw sudo -l
all sudoers NOPASSWD
always -l
any sudoers NOPASSWD
never -l
any '!' never any
logfile sudo (syslog ) on '!' off sudo syslog
mailerflags -t
mailerpath configure sendmail
mailfrom sudo @ (") sudo
mailto sudo @ (") root
secure_path sudo sudo PATH root exempt_group secure_path
syslog syslog syslog (syslog '!' ) local2
verifypw sudo -v
all sudoers NOPASSWD
always -v
any sudoers NOPASSWD
never -v
all '!' never all
:
env_check % / printf =, +=, -=, ! env_check env_reset root
sudo -V
env_delete env_reset =, +=, -=, ! root sudo -V setuid (sudo )
env_keep env_reset sudo =, +=, -=, ! root sudo -V
syslog(3) sudo syslog (facility: syslog ) authpriv (OS ) auth,
daemon, user, local0, local1, local2, local3, local4, local5, local6,
local7syslog (priority) alert, crit, debug, emerg, err, info, notice,
warning
/etc/sudoers
/etc/group
/etc/netgroup
sudoers
# User alias
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
# Runas alias
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
Runas_Alias ADMINGRP = adm, oper
# Host alias
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
ALPHA = widget, thalamus, foobar :\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
sudo syslog(3) auth sudo millert root LOGNAME, USER, USERNAME
SERVERS Host_Alias PAGERS Cmnd_Alias (/usr/bin/more, /usr/bin/pg,
/usr/bin/less)
# built-in defaults
Defaults syslog=auth
Defaults>root !set_logname
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
Defaults!PAGERS noexec
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
root wheel
FULLTIMERS ALL = NOPASSWD: ALL
(millert, mikef, dowdy)
PARTTIMERS ALL = ALL
((bostley, jwfox, crawl) ( NOPASSWD )
jack CSNETS = ALL
jack CSNETS ( 128.138.243.0, 128.138.204.0, 128.138.242.0 )
128.138.204.0 class C (CIDR ) netmask CSNETS netmask
lisa CUNETS = ALL
lisa CUNETS ( 128.138.0.0 class B )
operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
sudoedit /etc/printcap, /usr/oper/bin/
operator kill /usr/oper/bin/
joe ALL = /usr/bin/su operator
joe su(1) operator
%opers ALL = (: ADMINGRP) /usr/sbin/
opers /usr/sbin/ Runas_Alias ADMINGRP (adm oper ) (: sudo-1.7.2p1
/etc/sudoers Runas_Alias ADMINGRP adm oper )
pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
pete HPPA root passwd(1)
bob SPARC = (OP) ALL : SGI = (OP) ALL
bob SPARC SGI Runas_Alias OP (root operator )
jim +biglab = ALL
jim biglab sudo "biglab" '+'
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
secretaries
fred ALL = (DB) NOPASSWD: ALL
fred Runas_Alias DB (oracle sybase )
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
john ALPHA su(1) root su
jen ALL, !SERVERS = ALL
jen Host_Alias SERVERS (master, mail, www, ns)
jill SERVERS = /usr/bin/, !SU, !SHELLS
jill Host_Alias SERVERS /usr/bin/ SU SHELLS Cmnd_Aliases
steve CSNETS = (operator) /usr/local/op_commands/
steve /usr/local/op_commands/ operator
matt valkyrie = KILL
matt valkyrie kill
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
www User_Alias WEBMASTERS (will, wendy, wim ) www (web ) su(1) www
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
Host_Alias CDROM (orion, perseus, hercules) CD-ROM
[]: sudo /etc/sudoers AAA aaa AAA /etc/sudoers BBB aaa sudo
/bin/ls aaa AAA telnet ssh BBB sudo ls BBB /etc/sudoers
BBB aaa sudo /bin/ls BBB sudo BBB sudo BBB sudo BBB
/etc/sudoers
sudoers sudoers (sudo )LDAP
'!' ALL
bill ALL = ALL, !SU, !SHELLS
SU SHELLS bill bill ( )
sudo sudo ()
sudo sudoedit
noexec ( LD_PRELOAD) sudo noexec sudo OS
sudo noexec root
sudo -V | grep "dummy exec"
File containing dummy exec functions:
sudo exec noexec noexec SunOS, Solaris, *BSD, Linux, IRIX,
Tru64 UNIX, MacOS X, HP-UX 11.x AIX UnixWare LD_PRELOAD OS
noexec ( ld.so, ld.so.1, dyld, dld.sl, rld, loader )
LD_PRELOAD
noexec NOEXEC
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
aaron noexec /usr/bin/more /usr/bin/vi () noexec noexec
( ) sudoedit
rsh(1), su(1), fnmatch(3), glob(3), sudo(8), visudo(8)
sudoers visudo visudo sudoers sudo sudoers
() netgroup ( ) hostname sudoers fqdn
sudo
http://www.sudo.ws/sudo/bugs/
sudo-users URL
http://www.sudo.ws/mailman/listinfo/sudo-users
sudo sudo LICENSE Web
http://www.sudo.ws/sudo/license.html