supermanhamuerto.com

User Tools

Site Tools

Trace:
linux:sudo

This is an old revision of the document!

Mi configuración de SUDO favorita

Desde que ubuntu usa sudo para ejecutar las acciones administrativas, este simpático programa de seguridad se ha puesto de moda. Y cómo no, yo también me he subido al carro. Tengo una configuración de sudo que no me pide contraseña, simplemente mi usuario está entre los que se les permite ejecutar todo como superusuario.

Esta es mi configuración de sudo: 

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#


# Host alias specification

# User alias specification
User_Alias      POWER_USERS = rluna,soco

# Cmnd alias specification
Cmnd_Alias      CMD_PASSWD = /usr/bin/passwd
Cmnd_Alias      CMD_VISUDO = /usr/sbin/visudo
Cmnd_Alias      CMD_ROOT = ALL, !CMD_PASSWD, !CMD_VISUDO

# Defaults specification

# Prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
Defaults always_set_home
Defaults env_reset

# Change env_reset to !env_reset in previous line to keep all environment variables
# Following list will no longer be necessary after this change

Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
# Comment out the preceding line and uncomment the following one if you need
# to use special input methods. This may allow users to compromise  the root
# account if they are allowed to run commands without authentication.
#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULEQT_IM_MODULE QT_IM_SWITCHER"

# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
Defaults targetpw   # ask for the password of the target user i.e. root
#ALL    ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

# Runas alias specification
POWER_USERS     ALL = (root) NOPASSWD: CMD_ROOT

# User privilege specification
root    ALL=(ALL) SETENV: ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL) ALL

# Same thing without a password
# %wheel        ALL=(ALL) NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
linux/sudo.1261351609.txt.gz · Last modified: 2022/12/02 21:02 (external edit)