Skip to content

Instantly share code, notes, and snippets.

@ezmobius
Created October 8, 2008 22:50
Show Gist options
  • Save ezmobius/15641 to your computer and use it in GitHub Desktop.
Save ezmobius/15641 to your computer and use it in GitHub Desktop.
# sudoers file.
# Reset environment by default
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
# Defaults:%wheel !env_reset
# Host alias specificationrs to export specific variables
# Defaults:%users env_keep=TZ
# User alias specification
# Allow specific user to bypass env_delete for TERMCAP
# Cmnd alias specificationlete-=TERMCAP
# Defaults specificationvi, and do not allow visudo to use EDITOR/VISUAL.
# Defaults editor=/usr/bin/vim, !env_editor
# Reset environment by default
Defaultsalias spenv_reseton
# Uncomment to allow users in group wheel to export variables*****
# Defaults:%wheelCCESS T!env_resetLOWS THEM TO RUN THE SPECIFIED *
# * COMMANDS WITH ELEVATED PRIVILEGES. *
# Allow users in group users to export specific variables *
# Defaults:%usersUNTRUSTenv_keep=TZ ACCESS SUDO. *
# ****************************************************************
# Allow specific user to bypass env_delete for TERMCAP
# Defaults:user env_delete-=TERMCAP
root ALL=(ALL) ALL
# Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL.
# Defaultst to aeditor=/usr/bin/vim, !env_editorn all commands
# %wheel ALL=(ALL) ALL
# Runas alias specification
# Same thing without a password
# *** REMEMBER ***************************************************
# * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED *
# * COMMANDS WITH ELEVATED PRIVILEGES. *, or
# * *
# * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO. *
# ****************************************************************
# Samples
# User privilege specificationm,/bin/umount /cdrom
rootsersALL=(ALL) ALLsbin/shutdown -h now
ez ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheelALL) ALLALL=(ALL) ALL
ez ALL=(ALL) NOPASSWD: /usr/bin/monit
# Same thing without a password
# %wheelALL) NOPALL=(ALL)sr/bin/NOPASSWD: ALL
ez ALL=(ALL) ALL
# Users in group www are allowed to edit httpd.conf using sudoedit, or
# sudo -e, without a password. #
# %www ALL=(ALL) NOPASSWD: sudoedit /etc/httpd.conf
# Samples
# %users ALL=/bin/mount /cdrom,/bin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
ez ALL=(ALL) ALL
ez ALL=(ALL) NOPASSWD: /usr/bin/monit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment