3
## This file MUST be edited with the 'visudo' command as root.
4
## Failure to use 'visudo' may result in syntax or file permission errors
5
## that prevent sudo from running.
7
## See the sudoers man page for the details on how to write a sudoers file.
11
## Host alias specification
13
## Groups of machines. These may include host names (optionally with wildcards),
14
## IP addresses, network numbers or netgroups.
15
# Host_Alias WEBSERVERS = www1, www2, www3
18
## User alias specification
20
## Groups of users. These may consist of user names, uids, Unix groups,
22
# User_Alias ADMINS = millert, dowdy, mikef
25
## Cmnd alias specification
27
## Groups of commands. Often used to group related commands together.
28
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
29
# /usr/bin/pkill, /usr/bin/top
32
## Defaults specification
34
## You may wish to keep some of the following environment variables
35
## when running commands via sudo.
38
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
40
## Run X applications through sudo; HOME is used to find the
41
## .Xauthority file. Note that other programs use HOME to find
42
## configuration files and this may lead to privilege escalation!
43
# Defaults env_keep += "HOME"
45
## X11 resource path settings
46
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
48
## Desktop path settings
49
# Defaults env_keep += "QTDIR KDEDIR"
51
## Allow sudo-run commands to inherit the callers' ConsoleKit session
52
# Defaults env_keep += "XDG_SESSION_COOKIE"
54
## Uncomment to enable special input methods. Care should be taken as
55
## this may allow users to subvert the command being run via sudo.
56
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
58
## Uncomment to enable logging of a command's output, except for
59
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
61
# Defaults!/usr/bin/sudoreplay !log_output
62
# Defaults!/usr/local/bin/sudoreplay !log_output
63
# Defaults!/sbin/reboot !log_output
66
## Runas alias specification
70
## User privilege specification
74
## Uncomment to allow members of group wheel to execute any command
75
# %wheel ALL=(ALL) ALL
77
## Same thing without a password
78
# %wheel ALL=(ALL) NOPASSWD: ALL
80
## Uncomment to allow members of group sudo to execute any command
83
## Uncomment to allow any user to run sudo if they know the password
84
## of the user they are running the command as (root by default).
85
# Defaults targetpw # Ask for the password of the target user
86
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
88
## Read drop-in files from @sysconfdir@/sudoers.d
89
## (the '#' here does not indicate a comment)
90
#includedir @sysconfdir@/sudoers.d