Differences
This shows you the differences between two versions of the page.
linux_wiki:sudoers [2015/10/07 21:39] billdozor [/etc/sudoers.d/] |
linux_wiki:sudoers [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Sudoers ====== | ||
- | **General Information** | ||
- | |||
- | Configuration of sudoers. | ||
- | |||
- | **Checklist** | ||
- | * Distro: Enterprise Linux 6 | ||
- | |||
- | ---- | ||
- | |||
- | ===== Config Locations ===== | ||
- | |||
- | The most maintainable method is to leave the main sudoers file as vanilla as possible. \\ | ||
- | Additional sudo access can be given with additional files in / | ||
- | |||
- | * Main sudoers file: / | ||
- | * Additional sudoers directory: / | ||
- | |||
- | ---- | ||
- | |||
- | ===== / | ||
- | |||
- | The main system sudoers file should contain this include statement to ensure all files in / | ||
- | <code bash> | ||
- | #includedir / | ||
- | </ | ||
- | * Note: The "#" | ||
- | |||
- | ---- | ||
- | |||
- | ===== / | ||
- | The sudoers.d directory holds additional files that contain group specific sudoers configuration. | ||
- | |||
- | These files should: | ||
- | * Owner/ | ||
- | * Permissions: | ||
- | * Initially be created with " | ||
- | |||
- | ---- | ||
- | |||
- | ===== sudoers.d files ===== | ||
- | |||
- | Example sudoers.d files. | ||
- | |||
- | Single user, no password when using sudo | ||
- | <code bash> | ||
- | rjones ALL=(root) | ||
- | </ | ||
- | |||
- | Group of users, no password when using sudo | ||
- | <code bash> | ||
- | User_Alias SYSADMINS = rjones, tux, ltorvalds | ||
- | |||
- | SYSADMINS ALL=(root) | ||
- | </ | ||
- | |||
- | Group of users given elevated access to specific commands | ||
- | < | ||
- | User_Alias LOGUSERS = operator, rjones | ||
- | |||
- | Cmnd_Alias LOGFILEVIEW = /bin/grep /var/log/*, / | ||
- | |||
- | LOGUSERS ALL = NOPASSWD: | ||
- | </ |