source: trunk/server/fedora/config/etc/sudoers @ 2652

Last change on this file since 2652 was 2304, checked in by ezyang, 13 years ago
Allow user list generation to access LDAP credentials.
File size: 2.9 KB
RevLine 
[794]1## Sudoers allows particular users to run various commands as
2## the root user, without needing the root password.
3##
4## Examples are provided at the bottom of the file for collections
5## of related commands, which can then be delegated out to particular
6## users or groups.
7##
8## This file must be edited with the 'visudo' command.
9
10## Host Aliases
11## Groups of machines. You may prefer to use hostnames (perhaps using
12## wildcards for entire domains) or IP addresses instead.
13# Host_Alias     FILESERVERS = fs1, fs2
14# Host_Alias     MAILSERVERS = smtp, smtp2
15
16## User Aliases
17## These aren't often necessary, as you can use regular groups
18## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
19## rather than USERALIAS
20# User_Alias ADMINS = jsmith, mikem
21
22
23## Command Aliases
24## These are groups of related commands...
25
26## Networking
[205]27Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
[794]28
29## Installation and management of software
[205]30Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
[794]31
32## Services
[205]33Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
[794]34
35## Updating the locate database
[1259]36Cmnd_Alias LOCATE = /usr/bin/updatedb
[794]37
38## Storage
[205]39Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
[794]40
41## Delegating permissions
[205]42Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
[794]43
44## Processes
[205]45Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
[794]46
47## Drivers
[205]48Cmnd_Alias DRIVERS = /sbin/modprobe
49
50#Defaults    requiretty
51
52Defaults    env_reset
[794]53Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
54Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
55Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
56Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
57Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
[1671]58Defaults    env_keep += "USE_NEWLINES"
[205]59
[794]60## Next comes the main part: which users can run what software on
61## which machines (the sudoers file can be shared between multiple
62## systems).
63## Syntax:
64##
65##      user    MACHINE=COMMANDS
66##
67## The COMMANDS section may have other options added to it.
68##
69## Allow root to run any commands anywhere
[205]70root    ALL=(ALL)       ALL
71
[1379]72scripts ALL=(root)      NOPASSWD: /usr/local/sbin/ldap-backup ""
[2304]73scripts ALL=(root)      NOPASSWD: /usr/local/sbin/get-homedirs ""
[1272]74nrpe    ALL=(signup)    NOPASSWD: /etc/nagios/check_ldap_mmr.real
[847]75
[914]76Defaults:munin !syslog
77
78munin ALL=(root) SETENV: NOPASSWD: /etc/munin/plugins/postfix_mailqueue , /etc/munin/plugins/postfix_mailvolume , /etc/munin/plugins/hddtemp_smartctl , /etc/munin/plugins/sendmail* , /etc/munin/plugins/if_* , /etc/munin/plugins/if_err_eth2
[865]79munin ALL=(root) NOPASSWD: /etc/munin/plugins/smart_*, /etc/munin/plugins/sensors_*
Note: See TracBrowser for help on using the repository browser.