cat sudoers

1. sudoers file.
2. This file MUST be edited with the 'visudo' command as root.
3. Failure to use 'visudo' may result in syntax or file permission errors
4. that prevent sudo from running.
5. See the sudoers man page for the details on how to write a sudoers file.
6. Host alias specification
7. Groups of machines. These may include host names (optionally with wildcards),
8. IP addresses, network numbers or netgroups.
9. Host_Alias WEBSERVERS = www1, www2, www3
10. User alias specification
11. Groups of users. These may consist of user names, uids, Unix groups,
12. or netgroups.
13. User_Alias ADMINS = millert, dowdy, mikef
14. Cmnd alias specification
15. Groups of commands. Often used to group related commands together.
16. Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
17. /usr/bin/pkill, /usr/bin/top
18. Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
19. Defaults specification
20. You may wish to keep some of the following environment variables
21. when running commands via sudo.
22. Locale settings
23. Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
24. Run X applications through sudo; HOME is used to find the
25. .Xauthority file. Note that other programs use HOME to find
26. configuration files and this may lead to privilege escalation!
27. Defaults env_keep += "HOME"
28. X11 resource path settings
29. Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
30. Desktop path settings
31. Defaults env_keep += "QTDIR KDEDIR"
32. Allow sudo-run commands to inherit the callers' ConsoleKit session
33. Defaults env_keep += "XDG_SESSION_COOKIE"
34. Uncomment to enable special input methods. Care should be taken as
35. this may allow users to subvert the command being run via sudo.
36. Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
37. Uncomment to use a hard-coded PATH instead of the user's to find commands
38. Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
39. Uncomment to restore the historic behavior where a command is run in
40. the user's own terminal.
41. Defaults !use_pty
42. Uncomment to send mail if the user does not enter the correct password.
43. Defaults mail_badpass
44. Uncomment to enable logging of a command's output, except for
45. sudoreplay and reboot. Use sudoreplay to play back logged sessions.
46. Sudo will create up to 2,176,782,336 I/O logs before recycling them.
47. Set maxseq to a smaller number if you don't have unlimited disk space.
48. Defaults log_output
49. Defaults!/usr/bin/sudoreplay !log_output
50. Defaults!/usr/local/bin/sudoreplay !log_output
51. Defaults!REBOOT !log_output
52. Defaults maxseq = 1000
53. Runas alias specification
54. User privilege specification
55. root ALL=(ALL:ALL) ALL
56.  
57. vincent ALL=(ALL:ALL) ALL
58. Uncomment to allow members of group wheel to execute any command
59.  
60. %wheel ALL=(ALL:ALL) ALL
61. Same thing without a password
62.  
63. %wheel ALL=(ALL:ALL) NOPASSWD: ALL
64. Uncomment to allow members of group sudo to execute any command
65.  
66. %sudo ALL=(ALL:ALL) ALL
67. Uncomment to allow any user to run sudo if they know the password
68. of the user they are running the command as (root by default).
69. Defaults targetpw # Ask for the password of the target user
70. ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
71. Read drop-in files from /etc/sudoers.d
72.  
73. @includedir /etc/sudoers.d