[sudo-users] [Fwd: About Sudoers Manual]
christian.peper at kpn.com
christian.peper at kpn.com
Thu Oct 9 10:22:31 EDT 2008
from http://www.gratisoft.us/sudo/man/sudoers.html#aliases
The definitions of what constitutes a valid alias member follow
User_List ::= User |
User ',' User_List
User ::= '!'* username |
'!'* '%'group |
'!'* '+'netgroup |
'!'* User_Alias
A User_List is made up of one or more usernames, system groups (prefixed
with '%'), netgroups (prefixed with '+') and other aliases. Each list
item may be prefixed with one or more '!' operators. An odd number of
'!' operators negate the value of the item; an even number just cancel
each other out.
This means....
a user_list can be a combi of a user and possibly another user_list. A
user_list can be a combination of zero or more users, zero or more
groups (%), zero or more netgroups (+) and zero or more user_aliases.
Using a "!" in front of a username or groupname means they will be
excluded.
So User_Alias myteam = chris, edward, %sysop, %dba, +sunadmins is a
legal alias, AFAIK.
Chris.
PS: what happens if a user is allowed by username but denied by
groupname and if the order matters, I don't know. However, using sudo -l
at the prompt, you can see what is allowed for the current user.
More information about the sudo-users
mailing list