1 |
root |
1 |
# sudoers file.
|
|
|
2 |
#
|
|
|
3 |
# This file MUST be edited with the 'visudo' command as root.
|
|
|
4 |
#
|
|
|
5 |
# See the sudoers man page for the details on how to write a sudoers file.
|
|
|
6 |
#
|
|
|
7 |
|
|
|
8 |
# Host alias specification
|
1349 |
richard |
9 |
Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme
|
1 |
root |
10 |
# User alias specification
|
1710 |
richard |
11 |
User_Alias ADMIN=sysadmin # local admin account
|
2631 |
rexy |
12 |
User_Alias ADMWEB=apache # web server owner
|
|
|
13 |
User_Alias SMS=gammu_smsd # gammu-smsd owner
|
1 |
root |
14 |
|
|
|
15 |
# Cmnd alias specification
|
2559 |
rexy |
16 |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands
|
2324 |
tom.houday |
17 |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
|
|
|
18 |
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
|
|
|
19 |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line
|
|
|
20 |
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # to export users database
|
|
|
21 |
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file
|
|
|
22 |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files
|
2882 |
rexy |
23 |
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # to manage the filtering system
|
2324 |
tom.houday |
24 |
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
|
|
|
25 |
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users
|
|
|
26 |
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
|
|
|
27 |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services
|
|
|
28 |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
|
2705 |
tom.houday |
29 |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # to manage the certificates
|
2324 |
tom.houday |
30 |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups
|
|
|
31 |
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC
|
2466 |
richard |
32 |
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # to enable/disable LDAP connection
|
2770 |
rexy |
33 |
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # to enable/disable raw capture of Iot (pcap) --> in activity ACC page
|
1 |
root |
34 |
|
|
|
35 |
# Defaults specification
|
|
|
36 |
# Defaults syslog=auth
|
|
|
37 |
|
|
|
38 |
# Runas alias specification
|
|
|
39 |
|
|
|
40 |
# User privilege specification
|
|
|
41 |
root ALL=(ALL) ALL
|
|
|
42 |
|
|
|
43 |
# Uncomment to allow people in group wheel to run all commands
|
|
|
44 |
# %wheel ALL=(ALL) ALL
|
|
|
45 |
|
|
|
46 |
# Same thing without a password
|
|
|
47 |
# %wheel ALL=(ALL) NOPASSWD: ALL
|
|
|
48 |
|
|
|
49 |
# Samples
|
|
|
50 |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
|
|
|
51 |
# %users localhost=/sbin/shutdown -h now
|
|
|
52 |
|
2770 |
rexy |
53 |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE
|
2304 |
tom.houday |
54 |
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
|
2633 |
rexy |
55 |
SMS LAN_ORG=(root) NOPASSWD: GAMMU
|