Scribd
Upload
364 views3 pages

Sudoers Sampleconfig 8 4

This document provides instructions and templates for configuring sudoers access on Linux systems. It includes sections for defaults, include files, and a final entry protecting all sudo access. Administrators are instructed to uncomment and include separate template files for standard entries and to make any local adjustments in additional include files.

Uploaded by

Said A. Quiroz Tapia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
364 views3 pages

Sudoers Sampleconfig 8 4

This document provides instructions and templates for configuring sudoers access on Linux systems. It includes sections for defaults, include files, and a final entry protecting all sudo access. Administrators are instructed to uncomment and include separate template files for standard entries and to make any local adjustments in additional include files.

Uploaded by

Said A. Quiroz Tapia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

# Begin Global sudoers standard template Ver 8.

4 Date 2015-04-01 * Master * Refer


xxxxxx Begin #
# Description Standard sudoers template
#
# Version control
#
# See changelog on Global sudo wiki http://ibm.biz/GsudoStandardAlias for previous
changes
#
# Updates in this version:
#
# April 2015 Update V 8.4
# Moved standard negation entries to independent template. Added #include
# Moved standard alias entries to independent template. Added #include
# Moved standard SA entries to independent template. Added #include
# Added line ## IBM Team include statements precede this comment - for S-TRAN
#------------------------------------------------------------------------------
#
# Sudo implementation team instruction:
# This special template is NOT to be # included. Instead, this template
# has content which must, for functional purposes, be 'spread over' the
# entire span of the /etc/sudoers file. For instance, the
# Defaults env_file=/etc/sudo.env
# line should be 'early' in the file, while the line:
# ALL ALL=!SUDOSUDO
# needs to be after the last 'additive' sudo entry to ensure all sudo entries
# are appropriately protected.
#==============================================================================
# Defaults
#==============================================================================
#
# The following entries are required if you allow users to run
# smit / smitty on AIX:
#
# For sudo 1.7.0 and up, include the following entries in the
# /etc/sudo.env file:
# SMIT_SHELL=n
# SMIT_SEMI_COLON=n
# SMIT_QUOTE=n
# and define sudo environment file within /etc/sudoers (or included
# file) via:
#
Defaults env_file=/etc/sudo.env # Includes the sudo environment file
#
#
#------------------------------------------------------------------------------
#
# The following entry is only required if you are using a secondary logging
# method which cannot capture commands issued in shell outs.
# This will help ensure that commands with shell outs are
# appropriately controled:
#
Defaults!IBM_SHELLESCAPE_ALL noexec
#
# CAUTION: This affects all entries; ensure your customer is aware this is being
# added on first implementation, and appropriate testing is done.
#
#------------------------------------------------------------------------------
#
#
#==============================================================================
# include files
#==============================================================================
# Include the Middleware templates relevant for the server
#
# Note: Sudo syntax for include is "#include /dir/file", to 'uncomment'
# these sample lines, change from
# ##include /etc/sudoers.d/1xx_{application}_GLB entries if desired>
# to
# #include /etc/sudoers.d/1xx_{application}_GLB entries if desired>
#
# While it is permissible to 'inline' the following three templates,
# we are setting the 'default' usage to use the #include structure:
#include /etc/sudoers.d/010_STD_NEG_GLB
#include /etc/sudoers.d/010_STD_ALIAS_GLB
#include /etc/sudoers.d/010_STD_SA_GLB
#
# Global template
# The next is needed for by the S-TRAN tool
#
## IBM Team include statements precede this comment
#
#
##include /etc/sudoers.d/1xx_{application}_GLB
#
# GEO specific adjustments to GLB template, or GEO template with no
# corresponding GLB template
#
##include /etc/sudoers.d/2xx_{application}_{GEO name}
#
# IMT specific adjustments to GLB or GEO template, or IMT template with no
# corresponding GLB or GEO template
#
##include /etc/sudoers.d/3xx_{application}_{IMT name}
#
# Account specific adjustments to GLB, GEO, or IMT template
#
##include /etc/sudoers.d/4xx_{application}_ADJ
#
# Local Account specific entries - no corresponding GLB, GEO, or IMT template
#
##include /etc/sudoers.d/4xx_{application}_LCL
#
# Customer entries if needed
#
##include /etc/sudoers.d/8xx_{customer_application}_CUST
#
#
# If server specific commands are needed include them here
#
##include /etc/sudoers.d/9xx_sudoers_%h
# or
##include /etc/sudoers.d/9xx_sudoers.local
#
#
#
# The following line must be after the last 'additive' line in this file,
# only negations' should follow this:
#
ALL ALL=!SUDOSUDO
#
# End Global sudoers standard template Ver 8.4 Date 2015-04-01 * Master * Refer
xxxxxx End #

You might also like