| 1 | ## sudoers file.
|
---|
| 2 | ##
|
---|
| 3 | ## This file MUST be edited with the 'visudo' command as root.
|
---|
| 4 | ## Failure to use 'visudo' may result in syntax or file permission errors
|
---|
| 5 | ## that prevent sudo from running.
|
---|
| 6 | ##
|
---|
| 7 | ## See the sudoers man page for the details on how to write a sudoers file.
|
---|
| 8 | ##
|
---|
| 9 |
|
---|
| 10 | ##
|
---|
| 11 | ## Host alias specification
|
---|
| 12 | ##
|
---|
| 13 | ## Groups of machines. These may include host names (optionally with wildcards),
|
---|
| 14 | ## IP addresses, network numbers or netgroups.
|
---|
| 15 | # Host_Alias WEBSERVERS = www1, www2, www3
|
---|
| 16 |
|
---|
| 17 | ##
|
---|
| 18 | ## User alias specification
|
---|
| 19 | ##
|
---|
| 20 | ## Groups of users. These may consist of user names, uids, Unix groups,
|
---|
| 21 | ## or netgroups.
|
---|
| 22 | # User_Alias ADMINS = millert, dowdy, mikef
|
---|
| 23 |
|
---|
| 24 | ##
|
---|
| 25 | ## Cmnd alias specification
|
---|
| 26 | ##
|
---|
| 27 | ## Groups of commands. Often used to group related commands together.
|
---|
| 28 | # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
|
---|
| 29 | # /usr/bin/pkill, /usr/bin/top
|
---|
| 30 |
|
---|
| 31 | ##
|
---|
| 32 | ## Defaults specification
|
---|
| 33 | ##
|
---|
| 34 | ## Uncomment if needed to preserve environmental variables related to the
|
---|
| 35 | ## FreeBSD pkg_* utilities and fetch.
|
---|
| 36 | # Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE"
|
---|
| 37 | ##
|
---|
| 38 | ## Additionally uncomment if needed to preserve environmental variables
|
---|
| 39 | ## related to portupgrade
|
---|
| 40 | # Defaults env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF"
|
---|
| 41 | ##
|
---|
| 42 | ## You may wish to keep some of the following environment variables
|
---|
| 43 | ## when running commands via sudo.
|
---|
| 44 | ##
|
---|
| 45 | ## Locale settings
|
---|
| 46 | # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
|
---|
| 47 | ##
|
---|
| 48 | ## Run X applications through sudo; HOME is used to find the
|
---|
| 49 | ## .Xauthority file. Note that other programs use HOME to find
|
---|
| 50 | ## configuration files and this may lead to privilege escalation!
|
---|
| 51 | # Defaults env_keep += "HOME"
|
---|
| 52 | ##
|
---|
| 53 | ## X11 resource path settings
|
---|
| 54 | # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
|
---|
| 55 | ##
|
---|
| 56 | ## Desktop path settings
|
---|
| 57 | # Defaults env_keep += "QTDIR KDEDIR"
|
---|
| 58 | ##
|
---|
| 59 | ## Allow sudo-run commands to inherit the callers' ConsoleKit session
|
---|
| 60 | # Defaults env_keep += "XDG_SESSION_COOKIE"
|
---|
| 61 | ##
|
---|
| 62 | ## Uncomment to enable special input methods. Care should be taken as
|
---|
| 63 | ## this may allow users to subvert the command being run via sudo.
|
---|
| 64 | # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
|
---|
| 65 | ##
|
---|
| 66 | ## Uncomment to enable logging of a command's output, except for
|
---|
| 67 | ## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
|
---|
| 68 | # Defaults log_output
|
---|
| 69 | # Defaults!/usr/bin/sudoreplay !log_output
|
---|
| 70 | # Defaults!/usr/local/bin/sudoreplay !log_output
|
---|
| 71 | # Defaults!/sbin/reboot !log_output
|
---|
| 72 |
|
---|
| 73 | ##
|
---|
| 74 | ## Runas alias specification
|
---|
| 75 | ##
|
---|
| 76 |
|
---|
| 77 | ##
|
---|
| 78 | ## User privilege specification
|
---|
| 79 | ##
|
---|
| 80 | root ALL=(ALL) ALL
|
---|
| 81 |
|
---|
| 82 | ## Uncomment to allow members of group wheel to execute any command
|
---|
| 83 | %wheel ALL=(ALL) ALL
|
---|
| 84 |
|
---|
| 85 | ## Same thing without a password
|
---|
| 86 | # %wheel ALL=(ALL) NOPASSWD: ALL
|
---|
| 87 |
|
---|
| 88 | ## Uncomment to allow members of group sudo to execute any command
|
---|
| 89 | # %sudo ALL=(ALL) ALL
|
---|
| 90 |
|
---|
| 91 | ## Uncomment to allow any user to run sudo if they know the password
|
---|
| 92 | ## of the user they are running the command as (root by default).
|
---|
| 93 | # Defaults targetpw # Ask for the password of the target user
|
---|
| 94 | # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
|
---|
| 95 |
|
---|
| 96 | ## Read drop-in files from /usr/local/etc/sudoers.d
|
---|
| 97 | ## (the '#' here does not indicate a comment)
|
---|
| 98 | #includedir /usr/local/etc/sudoers.d
|
---|