|
|
| Line 2: |
Line 2: |
|
| |
|
| I mentioned the Sudoers file briefly in the main Linux write up, but here we will go more in depth about it. Here is a typical Sudoers file: | | I mentioned the Sudoers file briefly in the main Linux write up, but here we will go more in depth about it. Here is a typical Sudoers file: |
| <nowiki>Defaults env_reset | | <nowiki>#!/bin/bash |
| Defaults mail_badpass
| | if [ "$1" == "password" ]; then |
| Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
| | echo "correct"; |
| | | else |
| # This fixes CVE-2005-4890 and possibly breaks some versions of kdesu
| | echo "wrong"; |
| # (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532)
| | fi</nowiki> |
| Defaults use_pty
| |
| | |
| # This preserves proxy settings from user environments of root
| |
| # equivalent users (group sudo)
| |
| #Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"
| |
| | |
| # This allows running arbitrary commands, but so does ALL, and it means
| |
| # different sudoers have their choice of editor respected.
| |
| #Defaults:%sudo env_keep += "EDITOR"
| |
| | |
| # Completely harmless preservation of a user preference.
| |
| #Defaults:%sudo env_keep += "GREP_COLOR"
| |
| | |
| # While you shouldn't normally run git as root, you need to with etckeeper
| |
| #Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*"
| |
| | |
| # Per-user preferences; root won't have sensible values for them.
| |
| #Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME"
| |
| | |
| # "sudo scp" or "sudo rsync" should be able to use your SSH agent.
| |
| #Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK"
| |
| | |
| # Ditto for GPG agent
| |
| #Defaults:%sudo env_keep += "GPG_AGENT_INFO"
| |
| | |
| # Host alias specification
| |
| | |
| # User alias specification
| |
| | |
| # Cmnd alias specification
| |
| | |
| # User privilege specification
| |
| root ALL=(ALL:ALL) ALL
| |
| | |
| # Allow members of group sudo to execute any command
| |
| %sudo ALL=(ALL:ALL) ALL
| |
| | |
| # See sudoers(5) for more information on "@include" directives:
| |
| | |
| brendan ALL = (root) NOPASSWD: /usr/bin/firefox-esr
| |
| | |
| @includedir /etc/sudoers.d</nowiki>
| |
