Linux Admin

From miki
Revision as of 19:48, 7 April 2010 by Mip (talk | contribs) (/etc/sudoers specification)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

/etc/sudoers

The man page gives a complete but unclear description of the file specification. Here a simplified but complete version:

First the description of possible entries in the file:

# Alias
'User_Alias'  NAME '=' User...         (':' NAME '=' User...        )*  |
'Runas_Alias' NAME '=' Runas_Member... (':' NAME '=' Runas_Member...)*  |
'Host_Alias'  NAME '=' Host...         (':' NAME '=' Host...        )*  |
'Cmnd_Alias'  NAME '=' Cmnd...         (':' NAME '=' Cmnd...        )*

#Default_Entry
'Defaults' ('@' Host... | ':' User... | '!' Cmnd... | '>' Runas_Member...)? Parameter...

#User_Spec
User... Host... '=' Cmnd_Spec...       (':' Host... '=' Cmnd_Spec...)*

Now the description of the syntactical elements:

identifier... ::= identifier (',' identifier)*

NAME          ::= [A-Z]([a-z][A-Z][0-9]_)*

User /
Runas_Member  ::= '!'* ( username | '#'uid | '%'group | '+'netgroup | Alias | 'ALL' )

Host          ::= '!'* ( hostname | ip_addr | network(/netmask)? | '+'netgroup | Alias| 'ALL' )

Cmnd          ::= '!'* ( command filename (args | '""')? | directory | "sudoedit" | Alias | 'ALL' )

Parameter     ::= Parameter '=' Value | Parameter '+=' Value | Parameter '-=' Value | '!'* Parameter

Cmnd_Spec     ::= ('(' Runas_Member...? (':' ...? ')')? ('NOPASSWD:'|'PASSWD:'|'NOEXEC:'|'EXEC:'|'SETENV:'|'NOSETENV:')* Cmnd