Basic structure of ACL entries for the sudoers file
Always use visudo to edit as it does syntax checking for you
Command aliases:
Cmnd_Alias DIAGS = /usr/sbin/tcpdump,/usr/sbin/ethtool
Network / host aliases:
Host_Alias LAN = 192.168.0.0/255.255.255.0
You can then allow a user to access these commands:
This will allow Paul to run tcpdump & ethtool from anywhere without reentering his password:
paul ALL = NOPASSWD:DIAGS
Or you can restrict it to certain subnets:
paul LAN = NOPASSWD:DIAGS
Omit the NOPASSWD parameter if you want Paul to reenter his password everytime he uses sudo.
If you want paul to be able to become root and do anything:
paul ALL=(ALL) NOPASSWD:ALL
No comments:
Post a Comment