Linux Admin
Jump to navigation
Jump to search
/etc/sudoers
The man page gives a complete but unclear description of the file specification. Here a simplified but complete version:
First the description of possible entries in the file:
# Alias
'User_Alias' NAME '=' User... (':' NAME '=' User... )* |
'Runas_Alias' NAME '=' Runas_Member... (':' NAME '=' Runas_Member...)* |
'Host_Alias' NAME '=' Host... (':' NAME '=' Host... )* |
'Cmnd_Alias' NAME '=' Cmnd... (':' NAME '=' Cmnd... )*
#Default_Entry
'Defaults' ('@' Host... | ':' User... | '!' Cmnd... | '>' Runas_Member...)? Parameter...
#User_Spec
User... Host... '=' Cmnd_Spec... (':' Host... '=' Cmnd_Spec...)*
Now the description of the syntactical elements:
identifier... ::= identifier (',' identifier)*
NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
User /
Runas_Member ::= '!'* ( username | '#'uid | '%'group | '+'netgroup | Alias | 'ALL' )
Host ::= '!'* ( hostname | ip_addr | network(/netmask)? | '+'netgroup | Alias| 'ALL' )
Cmnd ::= '!'* ( command filename (args | '""')? | directory | "sudoedit" | Alias | 'ALL' )
Parameter ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter
Cmnd_Spec ::= ('(' Runas_Member...? (':' ...? ')')? ('NOPASSWD:'|'PASSWD:'|'NOEXEC:'|'EXEC:'|'SETENV:'|'NOSETENV:')* Cmnd