| # sudoers file. | |
| # | |
| # This file MUST be edited with the 'visudo' command as root. | |
| # Failure to use 'visudo' may result in syntax or file permission errors | |
| # that prevent sudo from running. | |
| # | |
| # See the sudoers man page for the details on how to write a sudoers file. | |
| # | |
| # | |
| # Host alias specification | |
| # | |
| # Groups of machines. These may include host names (optionally with wildcards), | |
| # IP addresses, network numbers or netgroups. | |
| Host_Alias WEBSERVERS = www1, www2, www3 | |
| # | |
| # User alias specification | |
| # | |
| # Groups of users. These may consist of user names, uids, Unix groups, | |
| # or netgroups. | |
| User_Alias ADMINS = millert, dowdy, mikef | |
| # | |
| # Cmnd alias specification | |
| # | |
| # Groups of commands. Often used to group related commands together. | |
| Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ | |
| # /usr/bin/pkill, /usr/bin/top | |
| # Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff | |
| # Cmnd_Alias DEBUGGERS = /usr/bin/gdb, /usr/bin/lldb, /usr/bin/strace, \ | |
| # /usr/bin/truss, /usr/bin/bpftrace, \ | |
| # /usr/bin/dtrace, /usr/bin/dtruss | |
| # Cmnd_Alias PKGMAN = /usr/bin/apt, /usr/bin/dpkg, /usr/bin/rpm, \ | |
| # /usr/bin/yum, /usr/bin/dnf, /usr/bin/zypper, \ | |
| # /usr/bin/pacman | |
| # | |
| # Defaults specification | |
| # | |
| # Preserve editor environment variables for visudo. | |
| # To preserve these for all commands, remove the "!visudo" qualifier. | |
| Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL" | |
| # | |
| # Use a hard-coded PATH instead of the user's to find commands. | |
| # This also helps prevent poorly written scripts from running | |
| # arbitrary commands under sudo. | |
| Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | |
| # | |
| # You may wish to keep some of the following environment variables | |
| # when running commands via sudo. | |
| # | |
| # Locale settings | |
| Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" | |
| # | |
| # Run X applications through sudo; HOME is used to find the | |
| # .Xauthority file. Note that other programs use HOME to find | |
| # configuration files and this may lead to privilege escalation! | |
| Defaults env_keep += "HOME" | |
| # | |
| # X11 resource path settings | |
| Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" | |
| # | |
| # Desktop path settings | |
| Defaults env_keep += "QTDIR KDEDIR" | |
| # | |
| # Allow sudo-run commands to inherit the callers' ConsoleKit session | |
| Defaults env_keep += "XDG_SESSION_COOKIE" | |
| # | |
| # Uncomment to enable special input methods. Care should be taken as | |
| # this may allow users to subvert the command being run via sudo. | |
| Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" | |
| # | |
| # Uncomment to disable "use_pty" when running commands as root. | |
| # Commands run as non-root users will run in a pseudo-terminal, | |
| # not the user's own terminal, to prevent command injection. | |
| Defaults>root !use_pty | |
| # | |
| # Uncomment to run commands in the background by default. | |
| # This can be used to prevent sudo from consuming user input while | |
| # a non-interactive command runs if "use_pty" or I/O logging are | |
| # enabled. Some commands may not run properly in the background. | |
| Defaults exec_background | |
| # | |
| # Uncomment to send mail if the user does not enter the correct password. | |
| Defaults mail_badpass | |
| # | |
| # Uncomment to enable logging of a command's output, except for | |
| # sudoreplay and reboot. Use sudoreplay to play back logged sessions. | |
| # Sudo will create up to 2,176,782,336 I/O logs before recycling them. | |
| # Set maxseq to a smaller number if you don't have unlimited disk space. | |
| Defaults log_output | |
| Defaults!/usr/bin/sudoreplay !log_output | |
| Defaults!/usr/local/bin/sudoreplay !log_output | |
| Defaults!REBOOT !log_output | |
| Defaults maxseq = 1000 | |
| # | |
| # Uncomment to disable intercept and log_subcmds for debuggers and | |
| # tracers. Otherwise, anything that uses ptrace(2) will be unable | |
| # to run under sudo if intercept_type is set to "trace". | |
| Defaults!DEBUGGERS !intercept, !log_subcmds | |
| # | |
| # Uncomment to disable intercept and log_subcmds for package managers. | |
| # Some package scripts run a huge number of commands, which is made | |
| # slower by these options and also can clutter up the logs. | |
| Defaults!PKGMAN !intercept, !log_subcmds | |
| # | |
| # Uncomment to disable PAM silent mode. Otherwise messages by PAM | |
| # modules such as pam_faillock will not be printed. | |
| Defaults !pam_silent | |
| # | |
| # Runas alias specification | |
| # | |
| # | |
| # User privilege specification | |
| # | |
| root ALL=(ALL:ALL) ALL | |
| # Uncomment to allow members of group wheel to execute any command | |
| %wheel ALL=(ALL:ALL) ALL | |
| # Same thing without a password | |
| %wheel ALL=(ALL:ALL) NOPASSWD: ALL | |
| # Uncomment to allow members of group sudo to execute any command | |
| %sudo ALL=(ALL:ALL) ALL | |
| # Uncomment to allow any user to run sudo if they know the password | |
| # of the user they are running the command as (root by default). | |
| Defaults targetpw # Ask for the password of the target user | |
| ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw' | |
| # Read drop-in files from /etc/sudoers.d | |
| @includedir /etc/sudoers.d | |
Xet Storage Details
- Size:
- 5.05 kB
- Xet hash:
- c6f4facea5181995727b32d56dd2f91cf6f70147ad78d36ea1de847edcebb581
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.