WebSVN – ALCASAR – Diff – /conf/sudoers


# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
 
# Host alias specification
Host_Alias	LAN_ORG=192.168.182.0/255.255.255.0,localhost		#réseau de l'organisme
# User alias specification
User_Alias	ADMIN=sysadmin				# local admin account
User_Alias	ADMWEB=apache				# web server owner
User_Alias	SMS=gammu_smsd				# gammu-smsd owner
 
# Cmnd alias specification
Cmnd_Alias	NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh	# network commands
Cmnd_Alias	URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update										# packages managment
Cmnd_Alias	BYPASS=/usr/local/bin/alcasar-bypass.sh											# authentication bypass
Cmnd_Alias	RADDB=/usr/bin/radwho,/usr/sbin/chilli_query										# to manage users in command line
Cmnd_Alias	SQL=/usr/local/bin/alcasar-mysql.sh											# to export users database
Cmnd_Alias	SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh										# to create conf backup file
Cmnd_Alias	EXPORT=/usr/local/bin/alcasar-archive.sh										# to export/save the log files
Cmnd_Alias	BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh	# to manage the filtering system
Cmnd_Alias	NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset									# to manage the firewall
Cmnd_Alias	LOGOUT=/usr/local/bin/alcasar-logout.sh											# to disconnect the users
Cmnd_Alias	UAM=/usr/local/bin/alcasar-uamallowed.sh										# to manage the trusted websites (uamallowed)
Cmnd_Alias	SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown										# to manage the linux services
Cmnd_Alias	GAMMU=/usr/local/bin/alcasar-sms.sh											# to manage the SMS subsystem
Cmnd_Alias	SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert *		# to manage the certificates
Cmnd_Alias	HTDIGEST=/usr/local/bin/alcasar-profil.sh										# to manage htdigest groups
Cmnd_Alias	LOG_GEN=/usr/local/bin/alcasar-generate_log.sh										# to create log PDF from ACC
Cmnd_Alias	LDAP=/usr/local/bin/alcasar-ldap.sh											# to enable/disable LDAP connection
Cmnd_Alias  IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh                           # to enable/disable raw capture of Iot (pcap) --> in activity ACC page
 
# Defaults specification
# Defaults syslog=auth
 
# Runas alias specification
 
# User privilege specification
root	ALL=(ALL) ALL
 
# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL
 
# Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL
 
# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
 
ADMWEB	LAN_ORG=(root)	NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE
ADMIN	LAN_ORG=(root)	NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
SMS	LAN_ORG=(root)	NOPASSWD: GAMMU
 

Subversion Repositories ALCASAR

(root)/conf/sudoers – Rev 2770 → 2882

Rev 2770		Rev 2882
1	`# sudoers file.`	1	`# sudoers file.`
2	`#`	2	`#`
3	`# This file MUST be edited with the 'visudo' command as root.`	3	`# This file MUST be edited with the 'visudo' command as root.`
4	`#`	4	`#`
5	`# See the sudoers man page for the details on how to write a sudoers file.`	5	`# See the sudoers man page for the details on how to write a sudoers file.`
6	`#`	6	`#`
7		7
8	`# Host alias specification`	8	`# Host alias specification`
9	`Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme`	9	`Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme`
10	`# User alias specification`	10	`# User alias specification`
11	`User_Alias ADMIN=sysadmin # local admin account`	11	`User_Alias ADMIN=sysadmin # local admin account`
12	`User_Alias ADMWEB=apache # web server owner`	12	`User_Alias ADMWEB=apache # web server owner`
13	`User_Alias SMS=gammu_smsd # gammu-smsd owner`	13	`User_Alias SMS=gammu_smsd # gammu-smsd owner`
14		14
15	`# Cmnd alias specification`	15	`# Cmnd alias specification`
16	`Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands`	16	`Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands`
17	`Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment`	17	`Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment`
18	`Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass`	18	`Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass`
19	`Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line`	19	`Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line`
20	`Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # to export users database`	20	`Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # to export users database`
21	`Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file`	21	`Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file`
22	`Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files`	22	`Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files`
23	`Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # to manage the filtering system`	23	`Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # to manage the filtering system`
24	`Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall`	24	`Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall`
25	`Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users`	25	`Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users`
26	`Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)`	26	`Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)`
27	`Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services`	27	`Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services`
28	`Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem`	28	`Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem`
29	`Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # to manage the certificates`	29	`Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # to manage the certificates`
30	`Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups`	30	`Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups`
31	`Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC`	31	`Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC`
32	`Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # to enable/disable LDAP connection`	32	`Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # to enable/disable LDAP connection`
33	`Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # to enable/disable raw capture of Iot (pcap) --> in activity ACC page`	33	`Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # to enable/disable raw capture of Iot (pcap) --> in activity ACC page`
34		34
35	`# Defaults specification`	35	`# Defaults specification`
36	`# Defaults syslog=auth`	36	`# Defaults syslog=auth`
37		37
38	`# Runas alias specification`	38	`# Runas alias specification`
39		39
40	`# User privilege specification`	40	`# User privilege specification`
41	`root ALL=(ALL) ALL`	41	`root ALL=(ALL) ALL`
42		42
43	`# Uncomment to allow people in group wheel to run all commands`	43	`# Uncomment to allow people in group wheel to run all commands`
44	`# %wheel ALL=(ALL) ALL`	44	`# %wheel ALL=(ALL) ALL`
45		45
46	`# Same thing without a password`	46	`# Same thing without a password`
47	`# %wheel ALL=(ALL) NOPASSWD: ALL`	47	`# %wheel ALL=(ALL) NOPASSWD: ALL`
48		48
49	`# Samples`	49	`# Samples`
50	`# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom`	50	`# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom`
51	`# %users localhost=/sbin/shutdown -h now`	51	`# %users localhost=/sbin/shutdown -h now`
52		52
53	`ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE`	53	`ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE`
54	`ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL`	54	`ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL`
55	`SMS LAN_ORG=(root) NOPASSWD: GAMMU`	55	`SMS LAN_ORG=(root) NOPASSWD: GAMMU`
56		56