sudoers File

 

  

#  sudoers file

# Host aliases

Host_Alias CLOWNS = clowns.bigtop.com
Host_Alias LOCAL = bozo,harpo
Host_Alias MASTERS =bozo,harpo
Host_Alias SERVERS = 201.31.14.0/24

# User aliases

User_Alias SUPER = forest
User_Alias SUBSUPER = smokey,mrpibb
User_Alias TAS = bob,joe
User_Alias ADMIN = tom,mary,alice
User_Alias WEBADMIN = nick,nack,pat
User_Alias SECRETARIES = jeannette,kristin

# Run as aliases

Runas Alias DB = oracle, sql

# Command aliases

Cmnd_Alias USERCMDS = /usr/bin/passwd, /usr/bin/smbpasswd
Cmnd_Alias PRINTINGCMDS = /usr/sbin/lpc, /usr/sbin/lprm
Cmnd_Alias SHUTDOWNCMDS = /usr/sbin/shutdown, /usr/sbin/halt
Cmnd_Alias ADMINCMDS = PRINTINGCMDS, /sbin/pppdump

# User specifications in the form: USERS HOSTS = (RUN_AS_LIST) COMMANDS

# Let SUPER users, running on any host, without entering a password
# execute all commands. This is a really stupid thing to do normally!
SUPER ALL = NOPASSWD: ALL

# Let SUBSUPER users, running on any host, run all commands except su
SUBSUPER ALL = ALL,!/bin/su

# Let ADMIN users running on MASTERS hosts run as the user oper execute
# the commands in PRINTINGCMDS and SHUTDOWNCMDS.
ADMIN MASTERS = (oper) PRINTINGCMDS, SHUTDOWNCMDS

# Let users in TAS running on hosts in MASTERS and LOCAL execute
# USER CMDS as uid=2 and SHUTDOWNCMDS running as root.
TAS MASTERS,LOCAL = (#2) USERCMDS, (root) SHUTDOWNCMDS

# Let WEBADMIN users logging in from the system www access all commands
# as user webadmin and the apachectl command as root.
WEDADMIN www = (webadmin) ALL, (root) /usr/local/apache/bin/apachectl

# Let jimbbob coming from any host except those in SERVERS execute
# all commands except passwd and shutdown with group wheel permissions.
jimbob ALL,!SERVERS = (%wheel) ALL,!/usr/bin/passwd, !/usr/bin/shutdown

# Allow users in SECRETARIES accessing from SERVERS execute adduser,
# rmuser and the PRINTINGCMDS as root.
SECRETARIES SERVERS = (root) /usr/bin/adduser, /usr/bin/rmuser, PRINTINGCMDS

# Let dbadmin from any host execute all commands without a password as user
# DB
dbadmin ALL = (DB) NOPASSWD: ALL