Subversion Repositories ALCASAR

Rev

Rev 1710 | Rev 1827 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification
Host_Alias      LAN_ORG=192.168.182.0/255.255.255.0,localhost           #réseau de l'organisme
# User alias specification
User_Alias      ADMIN=sysadmin                          # local admin account
User_Alias      ADMWEB=apache                           # web admin account

# Cmnd alias specification
Cmnd_Alias      NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh        # network commands
Cmnd_Alias      URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update                                            # packages managment
Cmnd_Alias      BYPASS=/usr/local/sbin/alcasar-bypass.sh                                                # authentication bypass
Cmnd_Alias      RADDB=/usr/bin/radwho,/usr/sbin/chilli_query                                            # to manage users in command line
Cmnd_Alias      SQL=/usr/local/sbin/alcasar-mysql.sh                                                    # to export users database
Cmnd_Alias      SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh                                            # to create conf backup file
Cmnd_Alias      EXPORT=/usr/local/bin/alcasar-archive.sh                                                # to export/save the log files
Cmnd_Alias      BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh     # to manage the filtering system
Cmnd_Alias      NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset     # to manage the firewall
Cmnd_Alias      LOGOUT=/usr/local/sbin/alcasar-logout.sh                                                # to disconnect the users
Cmnd_Alias      UAM=/usr/local/sbin/alcasar-uamallowed.sh                                               # to manage the trusted websites (uamallowed)
Cmnd_Alias      SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown                                           # to manage the linux services
Cmnd_Alias      GAMMU=/usr/local/bin/alcasar-sms.sh                                                     # to manage the SMS subsystem
Cmnd_Alias      SSL=/usr/bin/openssl                                                                    # to manage the certificates
Cmnd_Alias      IMPCERT=/usr/local/sbin/alcasar-importcert.sh                                           # to import an official certificate

# Defaults specification
# Defaults syslog=auth

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

ADMWEB          LAN_ORG=(root)  NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,IMPCERT
ADMIN           LAN_ORG=(root)  NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE