pavement

Usr/local/etc/sudoers

From FreeBSDwiki
Jump to: navigation, search

the file which controls who gets to sudo to whom.

simple sample:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

rsyncuser ALL = NOPASSWD: /usr/local/bin/rsync
qmaild ALL=(vpopmail) NOPASSWD: /usr/local/bin/maildir

The last two lines in the above sample file allow user rsyncuser to run rsync as root - so that he can use rsync over ssh to access anywhere in the filesystem he needs to - and to allow the qmaild uid to run the maildir delivery agent as vpopmail, so that a qmail-queue wrapper can safely deliver quarantined copies of things to a vpopmail-accessible maildir.

Personal tools