dotfiles/salt/states/files/sudoers

## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias	WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias	ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# 			    /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias	REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff

##
## Defaults specification
##
## Prevent environment variables from influencing programs in an
## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
Defaults always_set_home
## Path that will be used for every command run from sudo
Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
Defaults env_reset
## Change env_reset to !env_reset in previous line to keep all environment variables
## Following list will no longer be nevessary after this change
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
## Comment out the preceding line and uncomment the following one if you need
## to use special input methods. This may allow users to compromise the root
## account if they are allowed to run commands without authentication.
#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"

## Do not insult users when they enter an incorrect password.
Defaults !insults

## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output

## In the default (unconfigured) configuration, sudo asks for the root password.
## This allows use of an ordinary user account for administration of a freshly
## installed system. When configuring sudo, delete the two
## following lines:
#Defaults targetpw   # ask for the password of the target user i.e. root
#ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
added sudo 2020-08-10 12:04:35 +00:00			`## sudoers file.`
			`##`
			`## This file MUST be edited with the 'visudo' command as root.`
			`## Failure to use 'visudo' may result in syntax or file permission errors`
			`## that prevent sudo from running.`
			`##`
			`## See the sudoers man page for the details on how to write a sudoers file.`
			`##`

			`##`
			`## Host alias specification`
			`##`
			`## Groups of machines. These may include host names (optionally with wildcards),`
			`## IP addresses, network numbers or netgroups.`
			`# Host_Alias WEBSERVERS = www1, www2, www3`

			`##`
			`## User alias specification`
			`##`
			`## Groups of users. These may consist of user names, uids, Unix groups,`
			`## or netgroups.`
			`# User_Alias ADMINS = millert, dowdy, mikef`

			`##`
			`## Cmnd alias specification`
			`##`
			`## Groups of commands. Often used to group related commands together.`
			`# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \`
			`# /usr/bin/pkill, /usr/bin/top`
			`# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff`

			`##`
			`## Defaults specification`
			`##`
			`## Prevent environment variables from influencing programs in an`
			`## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)`
			`Defaults always_set_home`
			`## Path that will be used for every command run from sudo`
			`Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"`
			`Defaults env_reset`
			`## Change env_reset to !env_reset in previous line to keep all environment variables`
			`## Following list will no longer be nevessary after this change`
			`Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"`
			`## Comment out the preceding line and uncomment the following one if you need`
			`## to use special input methods. This may allow users to compromise the root`
			`## account if they are allowed to run commands without authentication.`
			`#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"`

			`## Do not insult users when they enter an incorrect password.`
			`Defaults !insults`

			`## Uncomment to use a hard-coded PATH instead of the user's to find commands`
			`# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"`
			`##`
			`## Uncomment to send mail if the user does not enter the correct password.`
			`# Defaults mail_badpass`
			`##`
			`## Uncomment to enable logging of a command's output, except for`
			`## sudoreplay and reboot. Use sudoreplay to play back logged sessions.`
			`# Defaults log_output`
			`# Defaults!/usr/bin/sudoreplay !log_output`
			`# Defaults!REBOOT !log_output`

			`## In the default (unconfigured) configuration, sudo asks for the root password.`
			`## This allows use of an ordinary user account for administration of a freshly`
			`## installed system. When configuring sudo, delete the two`
			`## following lines:`
			`#Defaults targetpw # ask for the password of the target user i.e. root`
			`#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!`

			`##`
			`## Runas alias specification`
			`##`

			`##`
			`## User privilege specification`
			`##`
			`root ALL=(ALL) ALL`

			`## Uncomment to allow members of group wheel to execute any command`
			`# %wheel ALL=(ALL) ALL`

			`## Same thing without a password`
			`# %wheel ALL=(ALL) NOPASSWD: ALL`

			`## Read drop-in files from /etc/sudoers.d`
			`## (the '#' here does not indicate a comment)`
			`#includedir /etc/sudoers.d`