|
| 1 | +## sudoers file. |
| 2 | +## |
| 3 | +## This file SHOULD be edited with the 'visudo' command as root. |
| 4 | +## Failure to use 'visudo' may result in syntax or file permission errors |
| 5 | +## that prevent sudo from running. |
| 6 | +## |
| 7 | +## See the sudoers man page for the details on how to write a sudoers file. |
| 8 | + |
| 9 | +## Defaults specification |
| 10 | +## |
| 11 | +## Preserve editor environment variables for visudo. |
| 12 | +## To preserve these for all commands, remove the "!visudo" qualifier. |
| 13 | +Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL" |
| 14 | +## |
| 15 | +## Use a hard-coded PATH instead of the user's to find commands. |
| 16 | +## This also helps prevent poorly written scripts from running |
| 17 | +## arbitrary commands under sudo. |
| 18 | +Defaults secure_path="/usr/sbin:/usr/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
| 19 | +## |
| 20 | +## Uncomment this to allow commands run by sudo to see the |
| 21 | +## environment variables set by sshd(8). |
| 22 | +# Defaults env_keep += "SSH_*" |
| 23 | +## |
| 24 | +## Uncomment to disable "use_pty" when running commands as root. |
| 25 | +## Commands run as non-root users will run in a pseudo-terminal, |
| 26 | +## not the user's own terminal, to prevent command injection. |
| 27 | +# Defaults>root !use_pty |
| 28 | +## |
| 29 | +## Uncomment if the historical silent password prompt is desired |
| 30 | +# Defaults !pwfeedback |
| 31 | + |
| 32 | +### User privilege specifications |
| 33 | + |
| 34 | +## Allow root to execute any command |
| 35 | +root ALL=(ALL:ALL) ALL |
| 36 | + |
| 37 | +## Allow members of group sudo to execute any command |
| 38 | +%sudo ALL=(ALL:ALL) ALL |
| 39 | + |
| 40 | +## Same thing without a password |
| 41 | +# %sudo ALL=(ALL:ALL) NOPASSWD: ALL |
| 42 | + |
| 43 | +## Read drop-in files from /usr/etc/sudoers.d |
| 44 | +@includedir /usr/etc/sudoers.d |
0 commit comments