[sudo-users] [Fwd: About Sudoers Manual]

christian.peper at kpn.com christian.peper at kpn.com
Thu Oct 9 10:22:31 EDT 2008

from http://www.gratisoft.us/sudo/man/sudoers.html#aliases 

The definitions of what constitutes a valid alias member follow  
 User_List ::= User |
               User ',' User_List
 User ::= '!'* username |
          '!'* '%'group |
          '!'* '+'netgroup |
          '!'* User_Alias

A User_List is made up of one or more usernames, system groups (prefixed
with '%'), netgroups (prefixed with '+') and other aliases. Each list
item may be prefixed with one or more '!' operators. An odd number of
'!' operators negate the value of the item; an even number just cancel
each other out. 

This means....
a user_list can be a combi of a user and possibly another user_list. A
user_list can be a combination of zero or more users, zero or more
groups (%), zero or more netgroups (+) and zero or more user_aliases.
Using a "!" in front of a username or groupname means they will be

So User_Alias myteam = chris, edward, %sysop, %dba, +sunadmins is a
legal alias, AFAIK.


PS: what happens if a user is allowed by username but denied by
groupname and if the order matters, I don't know. However, using sudo -l
at the prompt, you can see what is allowed for the current user.

More information about the sudo-users mailing list