Help configuring sudoers

Wiese, Maria Maria.Wiese at
Mon Nov 18 17:35:03 EST 2002

I currently have the following sudoers file, which includes most of my
support groups. I am not sure if it is the most secure configuration
but I am just learning, and it is better that all having the root password. 
I need suggestions on how to make it better, and a way to  add the DBA
group . The dba's currently su to Oracle, but I rather 
they run  the commands  from the own userids as Oracle without having to su
to it. I would also like them to be able to execute some 
commands as root.  How can I accomplish this ? . I am finding the manual
pages confusing.

# sudoers file
# Use 'visudo' command to edit this file as root - visudo will perform \
# grammatical checks and lock it
# edited by aecpzbf 10/16/02
# User Alias specifications
User_Alias      OPS = %oper

#[ all members of USA go here ]
User_Alias      USA = %usa

#[ all of the security members go here ]
User_Alias      SEC = %security

#[ all of the storage members go here ]
User_Alias      USS = %storage

# Command Alias specifications

# USER alias gives permsissions to modify all user info
# except root and possibly USA members because USA members
# are given root permissions through SUDO.
Cmnd_Alias      USER = /usr/sbin/user*, /usr/bin/passwd [A-z]*,  \
                /usr/bin/ch*, !/usr/bin/passwd root, !/usr/bin/ch* root

Cmnd_Alias      SU = !/usr/bin/su -, !/usr/bin/su - root, !/usr/bin/su

# Change some of the default values
Defaults                log_year, logfile=/var/log/sudo.log,
always_set_home, \
Defaults:USA            !lecture
Defaults:USA       !authenticate
Defaults:OPS       !authenticate
Defaults:USS       !authenticate
# members of USA and USO do not have to Authenticate themselves

# User specifications
# root was disabled from using SUDO upon initial configuration
# root          ALL = (ALL) ALL
USA             ALL = (ALL) ALL
OPS             ALL = (root) ALL, SU
SEC             ALL = (root) USER, SU
%storage        ALL = (root) ALL, SU


Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

More information about the sudo-users mailing list