cvtsudoers
—
cvtsudoers |
[-ehMpV -b
dn-c
conf_file-d
deftypes-f
output_format-i
input_format-I
increment-m
filter-o
output_file-O
start_point-s
sectionsinput_file ] |
cvtsudoers
can be used to convert between
sudoers security policy file formats. The default
input format is sudoers. The default output format is LDIF. It is only
possible to convert a sudoers file that is
syntactically correct.
If no input_file is specified, or if it is
‘-
’, the policy is read from the
standard input. By default, the result is written to the standard output.
The options are as follows:
-b
dn,
--base
=dnou=SUDOers,dc=-mydomain,dc=com
for the domain
my-domain.com
. If this option is not specified,
the value of the SUDOERS_BASE
environment variable will be used instead. Only necessary when converting
to LDIF format.-c
,
--config
-d
deftypes,
--defaults
=deftypesDefaults
entries of the specified
types. One or more Defaults
types may be
specified, separated by a comma
(‘,
’). The supported types are:
-d
option is not specified, all
Defaults
entries will be converted.-e
,
--expand-aliases
-f
output_format,
--format
=output_format-h
,
--help
-i
input_format,
--input-format
=input_format-I
increment,
--increment
=increment-m
filter,
--match
=filter,
’). The
key may be “user”,
“group” or “host”. For example,
user =
operator or
host =
www. An upper-case User_Alias or
Host_Alias may be specified as the “user” or
“host”.
A matching sudoers rule may also include users,
groups and hosts that are not part of the
filter. This can happen when a rule
includes multiple users, groups or hosts. To prune out any non-matching
user, group or host from the rules, the
-p
option may be used.
By default, the password and group databases are not consulted when matching
against the filter so the users and groups do not need to be present on
the local system (see the -M
option).
Only aliases that are referenced by the filtered policy rules will be
displayed.-M
,
--match-local
-m
option is also specified,
use password and group database information when matching users and groups
in the filter. Only users and groups in the filter that exist on the local
system will match, and a user's groups will automatically be added to the
filter. If the -M
is
not specified, users and groups in the filter
do not need to exist on the local system, but all groups used for matching
must be explicitly listed in the filter.-o
output_file,
--output
=output_file-
’, the converted
sudoers policy will be written to the
standard output.-O
start_point,
--order-start
=start_point-I
option for details. Defaults
to a starting point of 1. A starting point of 0 will disable the
generation of sudoOrder attributes in the resulting LDIF file.-p
,
--prune-matches
-m
option is also specified,
cvtsudoers
will prune out non-matching
users, groups and hosts from matching entries.-s
sections,
--suppress
=sections,
’). The
supported section name are: defaults,
aliases and
privileges (which may be shortened to
privs).-V
,
--version
cvtsudoers
and
sudoers grammar versions and exit.-d
command
line option.-e
command
line option.-i
command
line option.-m
command
line option.-I
command
line option.-O
command
line option.-f
command
line option.-p
command
line option.-b
command
line option.-s
command
line option.$ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \ /etc/sudoers
$ cvtsudoers -f json -o sudoers.json /etc/sudoers
$ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers
$ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers
$ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif
sudo
over the
years; this version consists of code written primarily by:
sudo
distribution (https://www.sudo.ws/contributors.html) for an exhaustive list of
people who have contributed to sudo
.
cvtsudoers
, please submit a bug report at
https://bugzilla.sudo.ws/
cvtsudoers
is provided “AS IS”
and any express or implied warranties, including, but not limited to, the
implied warranties of merchantability and fitness for a particular purpose are
disclaimed. See the LICENSE file distributed with
sudo
or https://www.sudo.ws/license.html
for complete details.