Sudo configuration: Difference between revisions
From wikinotes
No edit summary |
|||
Line 60: | Line 60: | ||
willjp ALL=BACKUP # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mt | willjp ALL=BACKUP # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mt | ||
</source> | </source> | ||
== timeouts/durations == | |||
<blockquote> | |||
<syntaxhighlight lang="bash"> | |||
# /etc/sudoers | |||
Defaults passwd_timeout=30 # password timeout every 30s | |||
Defaults timestamp_timeout=60 # don't prompt for sudo again for 60min | |||
</syntaxhighlight> | |||
</blockquote><!-- timeouts/durations --> | |||
</blockquote><!-- Sudoers file --> | </blockquote><!-- Sudoers file --> |
Revision as of 01:43, 20 October 2023
Documentation
man sudoers
https://man.archlinux.org/man/core/sudo/sudoers.5.en
Locations
/etc/sudoers
configuration file (but use visudo unless certain)
/etc/sudoers
Basics
USER HOST=(USER:GROUP) ALLOWED_COMMANDS USER localhost = \ /bin/commandA, /bin/commandB # can be split on multiple linesUSER
username # username #1001 # uid %groupname # groupname %#1001 # gidHOST
192.168.1.1 # ip address myhostname # hostname hostA,10.10.10.10,hostC # list of eitherlogic
%wheel,!willjp # all members of wheel, but not willjpaliased lists
If you find you are reusing a list of commands quite a lot, you can create a list of aliases.
Cmnd_Alias BACKUP = \ /sbin/dump,\ /sbin/restore,\ /sbin/mt willjp ALL=BACKUP # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mttimeouts/durations
# /etc/sudoers Defaults passwd_timeout=30 # password timeout every 30s Defaults timestamp_timeout=60 # don't prompt for sudo again for 60min