add new changes
This commit is contained in:
@ -1,6 +1,5 @@
|
||||
no-greeting
|
||||
no-permission-warning
|
||||
lock-never
|
||||
#keyserver-options timeout=10
|
||||
keyserver hkps://hkps.pool.sks-keyservers.net:443
|
||||
#keyserver hkp://pgp.mit.edu:11371
|
||||
|
||||
59
etc/sudoers
59
etc/sudoers
@ -27,11 +27,29 @@
|
||||
## Groups of commands. Often used to group related commands together.
|
||||
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
|
||||
# /usr/bin/pkill, /usr/bin/top
|
||||
#
|
||||
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
|
||||
#
|
||||
# Cmnd_Alias DEBUGGERS = /usr/bin/gdb, /usr/bin/lldb, /usr/bin/strace, \
|
||||
# /usr/bin/truss, /usr/bin/bpftrace, \
|
||||
# /usr/bin/dtrace, /usr/bin/dtruss
|
||||
#
|
||||
# Cmnd_Alias PKGMAN = /usr/bin/apt, /usr/bin/dpkg, /usr/bin/rpm, \
|
||||
# /usr/bin/yum, /usr/bin/dnf, /usr/bin/zypper, \
|
||||
# /usr/bin/pacman
|
||||
|
||||
##
|
||||
## Defaults specification
|
||||
##
|
||||
## Preserve editor environment variables for visudo.
|
||||
## To preserve these for all commands, remove the "!visudo" qualifier.
|
||||
Defaults!/usr/bin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
|
||||
##
|
||||
## Use a hard-coded PATH instead of the user's to find commands.
|
||||
## This also helps prevent poorly written scripts from running
|
||||
## artbitrary commands under sudo.
|
||||
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"
|
||||
##
|
||||
## You may wish to keep some of the following environment variables
|
||||
## when running commands via sudo.
|
||||
##
|
||||
@ -56,19 +74,39 @@
|
||||
## this may allow users to subvert the command being run via sudo.
|
||||
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
|
||||
##
|
||||
## Uncomment to use a hard-coded PATH instead of the user's to find commands
|
||||
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
## Uncomment to disable "use_pty" when running commands as root.
|
||||
## Commands run as non-root users will run in a pseudo-terminal,
|
||||
## not the user's own terminal, to prevent command injection.
|
||||
# Defaults>root !use_pty
|
||||
##
|
||||
## Uncomment to run commands in the background by default.
|
||||
## This can be used to prevent sudo from consuming user input while
|
||||
## a non-interactive command runs if "use_pty" or I/O logging are
|
||||
## enabled. Some commands may not run properly in the background.
|
||||
# Defaults exec_background
|
||||
##
|
||||
## Uncomment to send mail if the user does not enter the correct password.
|
||||
# Defaults mail_badpass
|
||||
##
|
||||
## Uncomment to enable logging of a command's output, except for
|
||||
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
|
||||
## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
|
||||
## Set maxseq to a smaller number if you don't have unlimited disk space.
|
||||
# Defaults log_output
|
||||
# Defaults!/usr/bin/sudoreplay !log_output
|
||||
# Defaults!/usr/local/bin/sudoreplay !log_output
|
||||
# Defaults!REBOOT !log_output
|
||||
Defaults env_reset,timestamp_timeout=1440
|
||||
# Defaults maxseq = 1000
|
||||
##
|
||||
## Uncomment to disable intercept and log_subcmds for debuggers and
|
||||
## tracers. Otherwise, anything that uses ptrace(2) will be unable
|
||||
## to run under sudo if intercept_type is set to "trace".
|
||||
# Defaults!DEBUGGERS !intercept, !log_subcmds
|
||||
##
|
||||
## Uncomment to disable intercept and log_subcmds for package managers.
|
||||
## Some package scripts run a huge number of commands, which is made
|
||||
## slower by these options and also can clutter up the logs.
|
||||
# Defaults!PKGMAN !intercept, !log_subcmds
|
||||
|
||||
##
|
||||
## Runas alias specification
|
||||
@ -77,23 +115,22 @@ Defaults env_reset,timestamp_timeout=1440
|
||||
##
|
||||
## User privilege specification
|
||||
##
|
||||
root ALL=(ALL) ALL
|
||||
default ALL=(ALL) ALL
|
||||
root ALL=(ALL:ALL) ALL
|
||||
default ALL=(ALL:ALL) ALL
|
||||
|
||||
## Uncomment to allow members of group wheel to execute any command
|
||||
# %wheel ALL=(ALL) ALL
|
||||
%wheel ALL=(ALL:ALL) ALL
|
||||
|
||||
## Same thing without a password
|
||||
# %wheel ALL=(ALL) NOPASSWD: ALL
|
||||
# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
|
||||
|
||||
## Uncomment to allow members of group sudo to execute any command
|
||||
# %sudo ALL=(ALL) ALL
|
||||
# %sudo ALL=(ALL:ALL) ALL
|
||||
|
||||
## Uncomment to allow any user to run sudo if they know the password
|
||||
## of the user they are running the command as (root by default).
|
||||
# Defaults targetpw # Ask for the password of the target user
|
||||
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
|
||||
# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
|
||||
|
||||
## Read drop-in files from /etc/sudoers.d
|
||||
## (the '#' here does not indicate a comment)
|
||||
#includedir /etc/sudoers.d
|
||||
@includedir /etc/sudoers.d
|
||||
|
||||
Reference in New Issue
Block a user