Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Next comes the main part: which users can run what software on
- ## which machines (the sudoers file can be shared between multiple
- ## systems).
- ## Syntax:
- ##
- ## user MACHINE=COMMANDS
- ##
- ## The COMMANDS section may have other options added to it.
- ##
- ## Allow root to run any commands anywhere
- root ALL=(ALL) ALL
- test ALL=(ALL) ALL
- [root@ark-centos-smb4 ~]# groups test
- test : bin wheel arkgrp
- [root@ark-centos-smb4 ~]# su - test
- Last login: Tue Aug 8 01:03:48 PDT 2017 on pts/0
- [test@ark-centos-smb4 ~]$ sudo ls /root/
- [sudo] password for test:
- test is not in the sudoers file. This incident will be reported.
- [root@ark-centos-smb4 ~]# sudo ls
- root is not allowed to run sudo on ark-centos-smb4. This incident will be reported.
- [root@ark-centos-smb4 ~]# visudo -c
- /etc/sudoers: parsed OK
- /etc/sudoers.d/arkgrp-users: parsed OK
- [root@ark-centos-smb4 ~]# sudo -V
- Sudo version 1.8.6p7
- Configure options: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo-1.8.6p7 --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf --with-selinux --with-passprompt=[sudo] password for %p: --with-linux-audit --with-sssd --with-gcrypt
- Sudoers policy plugin version 1.8.6p7
- Sudoers file grammar version 42
- Sudoers path: /etc/sudoers
- nsswitch path: /etc/nsswitch.conf
- ldap.conf path: /etc/sudo-ldap.conf
- ldap.secret path: /etc/ldap.secret
- Authentication methods: 'pam'
- Syslog facility if syslog is being used for logging: authpriv
- Syslog priority to use when user authenticates successfully: notice
- Syslog priority to use when user authenticates unsuccessfully: alert
- Ignore '.' in $PATH
- Send mail if the user is not in sudoers
- Use a separate timestamp for each user/tty combo
- Lecture user the first time they run sudo
- Require users to authenticate by default
- Root may run sudo
- Allow some information gathering to give useful error messages
- Visudo will honor the EDITOR environment variable
- Set the LOGNAME and USER environment variables
- Length at which to wrap log file lines (0 for no wrap): 80
- Authentication timestamp timeout: 5.0 minutes
- Password prompt timeout: 5.0 minutes
- Number of tries to enter a password: 3
- Umask to use or 0777 to use user's: 022
- Path to mail program: /usr/sbin/sendmail
- Flags for mail program: -t
- Address to send mail to: root
- Subject line for mail messages: *** SECURITY information for %h ***
- Incorrect password message: Sorry, try again.
- Path to authentication timestamp dir: /var/db/sudo
- Default password prompt: [sudo] password for %p:
- Default user to run commands as: root
- Path to the editor for use by visudo: /bin/vi
- When to require a password for 'list' pseudocommand: any
- When to require a password for 'verify' pseudocommand: all
- File descriptors >= 3 will be closed before executing a command
- Reset the environment to a default set of variables
- Environment variables to check for sanity:
- TZ
- TERM
- LINGUAS
- LC_*
- LANGUAGE
- LANG
- COLORTERM
- Environment variables to remove:
- RUBYOPT
- RUBYLIB
- PYTHONUSERBASE
- PYTHONINSPECT
- PYTHONPATH
- PYTHONHOME
- TMPPREFIX
- ZDOTDIR
- READNULLCMD
- NULLCMD
- FPATH
- PERL5DB
- PERL5OPT
- PERL5LIB
- PERLLIB
- PERLIO_DEBUG
- JAVA_TOOL_OPTIONS
- SHELLOPTS
- GLOBIGNORE
- PS4
- BASH_ENV
- ENV
- TERMCAP
- TERMPATH
- TERMINFO_DIRS
- TERMINFO
- _RLD*
- LD_*
- PATH_LOCALE
- NLSPATH
- HOSTALIASES
- RES_OPTIONS
- LOCALDOMAIN
- CDPATH
- IFS
- Environment variables to preserve:
- XAUTHORIZATION
- XAUTHORITY
- PS2
- PS1
- PATH
- LS_COLORS
- KRB5CCNAME
- HOSTNAME
- DISPLAY
- COLORS
- Locale to use while parsing sudoers: C
- Compress I/O logs using zlib
- Directory in which to store input/output logs: /var/log/sudo-io
- File in which to store the input/output log: %{seq}
- Add an entry to the utmp/utmpx file when allocating a pty
- Don't pre-resolve all group names
- PAM service name to use
- PAM service name to use for login shells
- Local IP address and netmask pairs:
- 192.168.32.26/255.255.252.0
- 2001:21:21:32:250:56ff:feb4:720d/ffff:ffff:ffff:ffff::
- fe80::250:56ff:feb4:720d/ffff:ffff:ffff:ffff::
- Sudoers I/O plugin version 1.8.6p7
- Defaults !visiblepw
- Defaults always_set_home
- Defaults env_reset
- Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
- Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
- Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
- Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
- Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
- Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
- root ALL=(ALL:ALL) ALL
- test ALL=(ALL:ALL) ALL
- usera ALL=(ALL:ALL) ALL
- %wheel ALL=(ALL) ALL
- ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
- #includedir /etc/sudoers.d
- %arkgrp ALL=(ALL) ALL
- # User privilege specification
- root ALL=(ALL:ALL) ALL
- test ALL=(ALL:ALL) ALL
- # Allow members of group sudo to execute any command
- %sudo ALL=(ALL:ALL) ALL
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement