sudoers

1. ## sudoers file.
2. ##
3. ## This file MUST be edited with the 'visudo' command as root.
4. ## Failure to use 'visudo' may result in syntax or file permission errors
5. ## that prevent sudo from running.
6. ##
7. ## See the sudoers man page for the details on how to write a sudoers file.
8. ##
9.  
10. ##
11. ## Host alias specification
12. ##
13. ## Groups of machines. These may include host names (optionally with wildcards),
14. ## IP addresses, network numbers or netgroups.
15. # Host_Alias WEBSERVERS = www1, www2, www3
16.  
17. ##
18. ## User alias specification
19. ##
20. ## Groups of users. These may consist of user names, uids, Unix groups,
21. ## or netgroups.
22. # User_Alias ADMINS = millert, dowdy, mikef
23.  
24. ##
25. ## Cmnd alias specification
26. ##
27. ## Groups of commands. Often used to group related commands together.
28. # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
29. # /usr/bin/pkill, /usr/bin/top
30. #
31. # Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
32. #
33. # Cmnd_Alias DEBUGGERS = /usr/bin/gdb, /usr/bin/lldb, /usr/bin/strace, \
34. # /usr/bin/truss, /usr/bin/bpftrace, \
35. # /usr/bin/dtrace, /usr/bin/dtruss
36. #
37. # Cmnd_Alias PKGMAN = /usr/bin/apt, /usr/bin/dpkg, /usr/bin/rpm, \
38. # /usr/bin/yum, /usr/bin/dnf, /usr/bin/zypper, \
39. # /usr/bin/pacman
40.  
41. ##
42. ## Defaults specification
43. ##
44. ## You may wish to keep some of the following environment variables
45. ## when running commands via sudo.
46. ##
47. ## Locale settings
48. # Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
49. ##
50. ## Run X applications through sudo; HOME is used to find the
51. ## .Xauthority file. Note that other programs use HOME to find
52. ## configuration files and this may lead to privilege escalation!
53. # Defaults env_keep += "HOME"
54. ##
55. ## X11 resource path settings
56. # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
57. ##
58. ## Desktop path settings
59. # Defaults env_keep += "QTDIR KDEDIR"
60. ##
61. ## Allow sudo-run commands to inherit the callers' ConsoleKit session
62. # Defaults env_keep += "XDG_SESSION_COOKIE"
63. ##
64. ## Uncomment to enable special input methods. Care should be taken as
65. ## this may allow users to subvert the command being run via sudo.
66. # Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
67. ##
68. ## Uncomment to use a hard-coded PATH instead of the user's to find commands
69. # Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
70. ##
71. ## Uncomment to restore the historic behavior where a command is run in
72. ## the user's own terminal.
73. # Defaults !use_pty
74. ##
75. ## Uncomment to send mail if the user does not enter the correct password.
76. # Defaults mail_badpass
77. ##
78. ## Uncomment to enable logging of a command's output, except for
79. ## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
80. ## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
81. ## Set maxseq to a smaller number if you don't have unlimited disk space.
82. # Defaults log_output
83. # Defaults!/usr/bin/sudoreplay !log_output
84. # Defaults!/usr/local/bin/sudoreplay !log_output
85. # Defaults!REBOOT !log_output
86. # Defaults maxseq = 1000
87. ##
88. ## Uncomment to disable intercept and log_subcmds for debuggers and
89. ## tracers. Otherwise, anything that uses ptrace(2) will be unable
90. ## to run under sudo if intercept_type is set to "trace".
91. # Defaults!DEBUGGERS !intercept, !log_subcmds
92. ##
93. ## Uncomment to disable intercept and log_subcmds for package managers.
94. ## Some package scripts run a huge number of commands, which is made
95. ## slower by these options and also can clutter up the logs.
96. # Defaults!PKGMAN !intercept, !log_subcmds
97.  
98. ##
99. ## Runas alias specification
100. ##
101.  
102. ##
103. ## User privilege specification
104. ##
105. root ALL=(ALL:ALL) ALL
106.  
107. ## Uncomment to allow members of group wheel to execute any command
108. # %wheel ALL=(ALL:ALL) ALL
109.  
110. ## Same thing without a password
111. # %wheel ALL=(ALL:ALL) NOPASSWD: ALL
112.  
113. ## Uncomment to allow members of group sudo to execute any command
114. # %sudo ALL=(ALL:ALL) ALL
115.  
116. ## Uncomment to allow any user to run sudo if they know the password
117. ## of the user they are running the command as (root by default).
118. # Defaults targetpw # Ask for the password of the target user
119. # ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
120.  
121. ## Read drop-in files from /etc/sudoers.d
122. @includedir /etc/sudoers.d