[sudo-users] Understanding on configuration

Binkley, Robert Robert.Binkley at fnis.com
Wed Oct 15 10:34:13 EDT 2008 

Can some help me understand the below configuration if 
            
gadm        ALL=(ALL)       NOPASSWD: ALL
%unixsa        ALL=(ALL)       ALL
%isadm         ALL=(ALL)       ALL                        
keith           ALL=(ALL)       NOPASSWD: ALL
 

1.    The NOPASSWD keyword provides access without prompting for your
password

2.    You can have multiple usernames per line separated by commas

3.    Multiple commands also can be separated by commas. 

4.    Spaces are considered part of the command. 

5.    Before moving sudousers file into production sanity check the
resulting data with visudo -f tempsudoers -c 

6.    The "!" mark is denotes as password required if used in an odd
number The ! is used to negate the value of the item, if an odd number
of ! are used in sudo file are preferred, even number just cancel each
other out

7.    The "" indicates that a command can be ran without command line
arguments.

8.    Last entry wins 

 
 
 

User alias specification

 

User_Alias OWNER = keith, nick, daniel, lloyd

 

: This below example will allow user Keith, nick, Daniel or Lloyd and
root user. 

 User root may run the following commands on this host:

    (ALL) ALL

If root is allowed to run sudo, one can inspect what commands another
user may run

Command to use to check what any uses can execute

                     sudo sudo -u someotheruser sudo -l

 

 User keith may run the following commands on this host:

    (root) NOPASSWD: ALL

    (root) NOPASSWD: !SUROOT

    (root) NOPASSWD: !VISUDO

    (root) NOPASSWD: !SHELLS

    (ALL) NOPASSWD: ALL

    (ALL) ALL

    (ALL) NOPASSWD: ALL =  User keith may run the following commands on
this host: 

  User nick may run the following commands on this host:

    (root) NOPASSWD: ALL

    (root) NOPASSWD: !SUROOT

    (root) NOPASSWD: !VISUDO

    (root) NOPASSWD: !SHELLS

User daniel may run the following commands on this host:

    (root) NOPASSWD: ALL

    (root) NOPASSWD: !SUROOT

    (root) NOPASSWD: !VISUDO

    (root) NOPASSWD: !SHELLS

User lloyd may run the following commands on this host:

    (root) NOPASSWD: ALL

    (root) NOPASSWD: !SUROOT

    (root) NOPASSWD: !VISUDO

    (root) NOPASSWD: !SHELLS

 


Robert Lee Binkley


_____________

The information contained in this message is proprietary and/or confidential. If you are not the 
intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, 
distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, 
please be aware that any message addressed to our domain is subject to archiving and review by 
persons other than the intended recipient. Thank you.
_____________

More information about the sudo-users mailing list