~mdw / distorted-ansible / blame
| Commit | Line | Data |
|---|---|---|
| 5fc6de27 MW |
1 | ### -*-conf-*- |
| 2 | ### sudoers file for distorted.org.uk | |
| 3 | ### | |
| 4 | ### This file is maintained on ibanez: edit it there and run `update-slaves'. | |
| 5 | ||
| 6 | ###-------------------------------------------------------------------------- | |
| 7 | ### Thoughts. | |
| 8 | ### | |
| 9 | ### I'm not using `sudo' to give people limited access to privileged | |
| 10 | ### commands. That's a mug's game, and anyway `userv' does it better. | |
| 11 | ### So I'm not going to try to restrict what administrators can do. | |
| 12 | ||
| 13 | ###-------------------------------------------------------------------------- | |
| 14 | ### Defaults. | |
| 15 | ||
| 16 | ## The `authentication' -- making people type in their passwords -- will | |
| 17 | ## only thwart an unimaginitive attacker. We have to face up to the fact | |
| 18 | ## that `sudo' basically deals in `at-least-as-powerful-as' relationships: | |
| 19 | ## if Alice can `sudo' to Bob, then Alice is at least as powerful as Bob, | |
| 20 | ## and all of the molly guards and password typing won't help that. | |
| 21 | Defaults !authenticate | |
| 22 | ||
| 23 | ## Again, with the idea that we're trusting the calling users, we don't | |
| 24 | ## to scrub the environment. | |
| 25 | Defaults !always_set_home, !env_reset, !secure_path | |
| 26 | ||
| 27 | ## Allow any editor with `visudo'. The idea that allowing a user to edit | |
| 28 | ## the `sudoers' file is OK but letting him choose which editor he uses | |
| 29 | ## isn't is obviously crazy. After all, he can change the editor list | |
| 30 | ## if he likes. | |
| 31 | Defaults env_editor | |
| 32 | ||
| 33 | ## Don't spam me with reports of people being turned away. I have logs for | |
| 34 | ## that. | |
| 35 | Defaults !mailto | |
| 36 | ||
| 37 | ## I'm going to assume that administrators already know how to behave | |
| 38 | ## responsibly. | |
| 39 | Defaults lecture = never | |
| 40 | ||
| 41 | ## Passing file descriptors into a program seems OK to me, given that | |
| 42 | ## I'm assuming that the target user trusts the caller anyway. | |
| 43 | Defaults !closefrom_override | |
| 44 | ||
| 45 | ###-------------------------------------------------------------------------- | |
| 46 | ### Administration. | |
| 47 | ### | |
| 48 | ### Summary: | |
| 49 | ### FROM HOSTS = (TO-USERS [: TO-GROUPS]) [TAGS] COMMAND | |
| 50 | ### | |
| 51 | ### LIST ::= [!] ITEM, ... | |
| 52 | ### USER ::= NAME | #UID | %GROUP | |
| 53 | ### HOST ::= HOSTNAME | ADDR | NET/MASK | |
| 54 | ### COMMAND ::= CMD | DIR/ | sudoedit | |
| 55 | ### TAG ::= NOPASSWD: | PASSWD: | NOEXEC: | EXEC: | SETENV: | NOSETENV: | | |
| 56 | ### LOG_INPUT: | NOLOG_INPUT: | LOG_OUTPUT: | NOLOG_OUTPUT: | |
| 57 | ||
| 58 | ## Allow `root' and members of the `sudo' and `root' groups to do their | |
| 59 | ## things. | |
| 60 | root, %sudo, %root, %wheel ALL = (ALL : ALL) ALL | |
| 61 | ||
| 62 | ###----- That's all, folks -------------------------------------------------- |