[sudo-users] Understanding on configuration
Binkley, Robert
Robert.Binkley at fnis.com
Wed Oct 15 10:34:13 EDT 2008
Can some help me understand the below configuration if
gadm ALL=(ALL) NOPASSWD: ALL
%unixsa ALL=(ALL) ALL
%isadm ALL=(ALL) ALL
keith ALL=(ALL) NOPASSWD: ALL
1. The NOPASSWD keyword provides access without prompting for your
password
2. You can have multiple usernames per line separated by commas
3. Multiple commands also can be separated by commas.
4. Spaces are considered part of the command.
5. Before moving sudousers file into production sanity check the
resulting data with visudo -f tempsudoers -c
6. The "!" mark is denotes as password required if used in an odd
number The ! is used to negate the value of the item, if an odd number
of ! are used in sudo file are preferred, even number just cancel each
other out
7. The "" indicates that a command can be ran without command line
arguments.
8. Last entry wins
User alias specification
User_Alias OWNER = keith, nick, daniel, lloyd
: This below example will allow user Keith, nick, Daniel or Lloyd and
root user.
User root may run the following commands on this host:
(ALL) ALL
If root is allowed to run sudo, one can inspect what commands another
user may run
Command to use to check what any uses can execute
sudo sudo -u someotheruser sudo -l
User keith may run the following commands on this host:
(root) NOPASSWD: ALL
(root) NOPASSWD: !SUROOT
(root) NOPASSWD: !VISUDO
(root) NOPASSWD: !SHELLS
(ALL) NOPASSWD: ALL
(ALL) ALL
(ALL) NOPASSWD: ALL = User keith may run the following commands on
this host:
User nick may run the following commands on this host:
(root) NOPASSWD: ALL
(root) NOPASSWD: !SUROOT
(root) NOPASSWD: !VISUDO
(root) NOPASSWD: !SHELLS
User daniel may run the following commands on this host:
(root) NOPASSWD: ALL
(root) NOPASSWD: !SUROOT
(root) NOPASSWD: !VISUDO
(root) NOPASSWD: !SHELLS
User lloyd may run the following commands on this host:
(root) NOPASSWD: ALL
(root) NOPASSWD: !SUROOT
(root) NOPASSWD: !VISUDO
(root) NOPASSWD: !SHELLS
Robert Lee Binkley
_____________
The information contained in this message is proprietary and/or confidential. If you are not the
intended recipient, please: (i) delete the message and all copies; (ii) do not disclose,
distribute or use the message in any manner; and (iii) notify the sender immediately. In addition,
please be aware that any message addressed to our domain is subject to archiving and review by
persons other than the intended recipient. Thank you.
_____________
More information about the sudo-users
mailing list