Keith Whyte
51760b1bcf
Starting to make the system operable without using root. Changes to groups, sudo, some file permissions. Places all the user key config into users.pp
32 lines
908 B
Text
32 lines
908 B
Text
#
|
|
# This file MUST be edited with the 'visudo' command as root.
|
|
#
|
|
# Please consider adding local content in /etc/sudoers.d/ instead of
|
|
# directly modifying this file.
|
|
#
|
|
# See the man page for details on how to write a sudoers file.
|
|
#
|
|
Defaults env_reset
|
|
Defaults mail_badpass
|
|
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
Defaults env_keep+=SSH_AUTH_SOCK
|
|
|
|
# Host alias specification
|
|
|
|
# User alias specification
|
|
|
|
# Cmnd alias specification
|
|
Cmnd_Alias OP_CMDS = /usr/bin/sngrep, /usr/sbin/tcpdump
|
|
Cmnd_Alias DATABASE = /usr/bin/psql, /usr/bin/pg_dump
|
|
|
|
# User privilege specification
|
|
root ALL=(ALL:ALL) ALL
|
|
|
|
# Allow members of group sudo to execute any command
|
|
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
|
|
%operator ALL=(root) NOPASSWD:NOEXEC: OP_CMDS
|
|
tic ALL=(postgres) NOPASSWD: DATABASE
|
|
|
|
# See sudoers(5) for more information on "#include" directives:
|
|
|
|
#includedir /etc/sudoers.d
|