The syntax of the file is pretty explanatory,
Quote:
user MACHINE=COMMANDS
So if the username is 'eth1' and you want to provide access to the command /sbin/mount to the user then,
Quote:
eth1 ALL=/sbin/mount
Example:
Quote:
username ALL=NOPASSWD: /sbin/fdisk
Find out the path of command using
which fdisk or etc..
Also, You can also split the specifications up using User_Alias and Cmnd_Alias to make it a little easier to organize.
Here is a contrived example for ya'.
Code:
### User Aliases
## This is a list of users that have the ability to sudo the same commands.
User_Alias USERLST1=user1,user2
## This group has the ability to sudo the same commands.
## 'webadmgp' is a primary or secondary group that some of your users have.
User_Alias WEBGROUP=%webadmgp
### Command Aliases
## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Webadmin
Cmnd_Alias WEBADMIN = /etc/rc.d/init.d/httpd
### The Commands Section
## The USERLST1 users (user1 and user2) can sudo all the commands listed in Cmnd_Alias STORAGE.
## They don't need to enter a password.
USERLST1 ALL=NOPASSWD: STORAGE
## The WEBGROUP users (every user that has 'webadmgp' as a primary or secondary group)
## can sudo all of the commands listed in the NETWORKING an WEBADMIN Cmnd_Alias lists.
## They don't need to enter a password either.
WEBGROUP ALL=NOPASSWD: NETWORKING,WEBADMINWhere things go doesn't seem to be important.
When you save the file, 'visudo' will tell you if you have a syntax error or some inconsistancy.
And be careful if you cut and paste into the file. If you cut a single long line that has wrapped on your screen, it'll paste in as multiple lines. When you file, 'visudo' will complain...
No comments:
Post a Comment