Differences

This shows you the differences between two versions of the page.

--- linux:sudo [2009/12/21 00:33] – rlunaro
+++ linux:sudo [2016/09/17 17:22] (current) – removed rlunaro
@@ Line 1: / Line 1: @@
-====== Mi configuración de SUDO favorita ======
-Desde que ubuntu usa sudo para ejecutar las acciones administrativas, este simpático programa de seguridad se ha puesto de moda. Y cómo no, yo también me he subido al carro. Tengo una configuración de sudo que no me pide contraseña, simplemente mi usuario está entre los que se les permite ejecutar todo como superusuario.
-Esta es mi configuración de sudo (ver abajo). Tampoco es //rocket science//: es la configuración por defecto de SuSE con unos retoques aquí y alli para que:
-  * permita ejecutar todo a ciertos usuarios sin preguntar contraseña excepto:
-  * passwd y visudo
-¿Porqué? pues para mantener algo limitada la posibilidad de "escalar permisos", aunque es cierto que con hacer "sudo su" ya está todo ganado, pero bueno...
-<code>
-# sudoers file.
-#
-# This file MUST be edited with the 'visudo' command as root.
-# Failure to use 'visudo' may result in syntax or file permission errors
-# that prevent sudo from running.
-#
-# See the sudoers man page for the details on how to write a sudoers file.
-#
-# Host alias specification
-# User alias specification
-User_Alias      POWER_USERS = rluna,soco
-# Cmnd alias specification
-Cmnd_Alias      CMD_PASSWD = /usr/bin/passwd
-Cmnd_Alias      CMD_VISUDO = /usr/sbin/visudo
-Cmnd_Alias      CMD_ROOT = ALL, !CMD_PASSWD, !CMD_VISUDO
-# Defaults specification
-# Prevent environment variables from influencing programs in an
-# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
-Defaults always_set_home
-Defaults env_reset
-# Change env_reset to !env_reset in previous line to keep all environment variables
-# Following list will no longer be necessary after this change
-Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
-# Comment out the preceding line and uncomment the following one if you need
-# to use special input methods. This may allow users to compromise  the root
-# account if they are allowed to run commands without authentication.
-#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULEQT_IM_MODULE QT_IM_SWITCHER"
-# In the default (unconfigured) configuration, sudo asks for the root password.
-# This allows use of an ordinary user account for administration of a freshly
-# installed system. When configuring sudo, delete the two
-# following lines:
-Defaults targetpw   # ask for the password of the target user i.e. root
-#ALL    ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
-# Runas alias specification
-POWER_USERS     ALL = (root) NOPASSWD: CMD_ROOT
-# User privilege specification
-root    ALL=(ALL) SETENV: ALL
-# Uncomment to allow people in group wheel to run all commands
-# %wheel        ALL=(ALL) ALL
-# Same thing without a password
-# %wheel        ALL=(ALL) NOPASSWD: ALL
-# Samples
-# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
-# %users  localhost=/sbin/shutdown -h now
-</code>