Differences

This shows you the differences between two versions of the page.

--- linux_wiki:sudoers [2016/03/18 23:16]
billdozor [Sudoers]
+++ linux_wiki:sudoers [2019/05/25 23:50]
@@ Line 1: / Line 1: @@
-====== Sudoers ======
-**General Information**
-Configuration of sudoers.
-**Checklist**
-  * Distro(s): Enterprise Linux 6
-----
-===== Config Locations =====
-The most maintainable method is to leave the main sudoers file as vanilla as possible. \\
-Additional sudo access can be given with additional files in /etc/sudoers.d/
-  * Main sudoers file: /etc/sudoers
-  * Additional sudoers directory: /etc/sudoers.d/
-----
-===== /etc/sudoers =====
-The main system sudoers file should contain this include statement to ensure all files in /etc/sudoers.d/ will be read from:
-<code bash>
-#includedir /etc/sudoers.d
-</code>
-  * Note: The "#" in this case does not mean a comment and will work as intended
-----
-===== /etc/sudoers.d/ =====
-The sudoers.d directory holds additional files that contain group specific sudoers configuration.
-These files should:
-  * Owner/group: chown root:root
-  * Permissions: chmod 440
-  * Initially be created with "visudo -f /etc/sudoers.d/<filename>" to ensure no syntax errors.
-----
-===== sudoers.d files =====
-Example sudoers.d files.
-Single user, no password when using sudo
-<code bash>
-rjones ALL=(root)      NOPASSWD:ALL
-</code>
-Group of users, no password when using sudo
-<code bash>
-User_Alias SYSADMINS = rjones, tux, ltorvalds
-SYSADMINS ALL=(root)      NOPASSWD:ALL
-</code>
-Group of users given elevated access to specific commands
-<code>
-User_Alias LOGUSERS = operator, rjones
-Cmnd_Alias LOGFILEVIEW = /bin/grep /var/log/*, /usr/bin/tail /var/log/*, /usr/bin/less /var/log/*, /bin/more /var/log/*, /bin/cat /var/log/*, /bin/ls /var/log/*
-LOGUSERS ALL = NOPASSWD:LOGFILEVIEW
-</code>