# # sudoers # # # Zoidial, Inc. # Eric Thern, eric (at) zoidial.com # # default sudoers for a secure shellserver installation # hopefully with enough checks to keep people from messing # with the real 'root' account. # # although that is hard to do. I know pXr would know how. damn him. # Defaults syslog=auth Defaults:FULLTIMERS !lecture #Defaults:millert !authenticate Defaults log_year, logfile=/var/log/sudo.log root ALL=(ALL) ALL User_Alias ADMINS = zoidial User_Alias ACCOUNTS = someotheruser Cmnd_Alias PASSWD = /usr/bin/passwd [!-][A-z]*, !/usr/bin/passwd *root* Cmnd_Alias CHSH = /usr/bin/chsh [!-]?[A-z]*, /usr/bin/chsh -s??[A-z]*, !/usr/bin/chsh *root*, !/usr/bin/chsh -s*root* Cmnd_Alias EDQUOTA = /usr/sbin/edquota [!-]?[A-z]*, /usr/sbin/edquota -u?[A-z]*, /usr/sbin/edquota -p?[A-z]*, \ !/usr/sbin/edquota *root*, !/usr/sbin/edquota -u*root*, !/usr/sbin/edquota -p*root* Cmnd_Alias QUOTA = /sbin/quota ?[A-z]*, !/sbin/quota [], !/sbin/quota *root* Cmnd_Alias USER = /usr/local/sbin/w Cmnd_Alias NETWORK = /sbin/ping, /usr/sbin/traceroute, /usr/bin/netstat ADMINS ALL = NOPASSWD: PASSWD, CHSH, QUOTA, USER, NETWORK, EDQUOTA