Rechercher une page de manuel
sudoers
Langue: ja
Version: 1.6.6 (openSuse - 09/10/07)
Section: 5 (Format de fichier)
Sommaire
̾Á°
sudoers - ¤É¤Î¥æ¡¼¥¶¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥ÈÀâÌÀ
sudoers ¥Õ¥¡¥¤¥ë¤Ï¡¢2 ¤Ä¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤«¤é¹½À®¤µ¤ì¤ë¡£ (´ðËÜŪ¤Ë¤ÏÊÑ¿ô¤Ç¤¢¤ë) ¥¨¥¤¥ê¥¢¥¹¤È (郎²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò»ØÄꤹ¤ë) ¥æ¡¼¥¶»ØÄê¤Ç¤¢¤ë¡£ sudoers ¤Îʸˡ¤Ï¡¢ Extended Backus-Naur Form (EBNF) (³ÈÄ¥¥Ð¥Ã¥«¥¹¡¦¥Ê¥¦¥¢µË¡) ¤òÍѤ¤¤¿¤«¤¿¤Á¤Ç°Ê²¼¤Ëµ½Ò¤¹¤ë¡£ EBNF ¤òÃΤé¤Ê¤¯¤Æ¤âÄü¤á¤Ê¤¤¤Ç¤Û¤·¤¤¡£ EBNF ¤Ï³ä¤Ë´Êñ¤À¤·¡¢°Ê²¼¤ÎÄêµÁ¤Ë¤ÏÃí¼á¤ò¤Ä¤±¤Æ¤¢¤ë¡£EBNF ¤Î´Êñ¤Ê¥¬¥¤¥É
EBNF ¤Ï¸À¸ì¤Îʸˡ¤òµ½Ò¤¹¤ë´Êñ¤Ç¸·Ì©¤ÊÊýË¡¤Ç¤¢¤ë¡£ EBNF ¤Î³ÆÄêµÁ¤Ï¡¢À¸À®µ¬Â§¤«¤é¤Ê¤Ã¤Æ¤¤¤ë¡£¥·¥ó¥Ü¥ë ::= ÄêµÁ | Ê̤ÎÄêµÁ 1 | Ê̤ÎÄêµÁ 2 ...³ÆÀ¸À®µ¬Â§¤Ï¾¤ÎÀ¸À®µ¬Â§¤ò»²¾È¤¹¤ë¡£ ¤³¤Î¤è¤¦¤Ë¤·¤Æ¸À¸ì¤Îʸˡ¤¬¤Ç¤¤¢¤¬¤ë¡£ EBNF ¤Ï°Ê²¼¤Î¤è¤¦¤Ê¥ª¥Ú¥ì¡¼¥¿¤ò´Þ¤à¡£ ¤³¤ì¤Ï¿¤¯¤Î¿Í¤¬Àµµ¬É½¸½¤Ç¤ªÆëÀ÷¤ß¤À¤í¤¦¡£ ¤·¤«¤·¡¢¤³¤ì¤È¤Ï°Û¤Ê¤ë°ÕÌ£¤ò»ý¤Ã¤¿¡¢ ``¥ï¥¤¥ë¥É¥«¡¼¥É'' ʸ»ú¤Èº®Æ±¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤ (ÌõÃí: ¸å¼Ô¤Ï¥·¥§¥ë¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¥Ñ¥¿¡¼¥ó¤Î¤³¤È¤À¤í¤¦¡£ regex(7) ¤È glob(7) ¤ò»²¾È¤Î¤³¤È)¡£
- ?
- Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ ¾Êά²Äǽ¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£ ¤Ä¤Þ¤ê¡¢¥·¥ó¥Ü¥ë¤¬ 1 ¸ÄÅо줹¤ë¤«¡¢¤¢¤ë¤¤¤ÏÁ´Á³Åо줷¤Ê¤¤¤«¤Ç¤¢¤ë¡£
- *
- Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 0 ¸Ä°Ê¾åÅо줹¤ë¡£
- +
- Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 1 ¸Ä°Ê¾åÅо줹¤ë¡£
³ç¸Ì¤ò»È¤¦¤È¥·¥ó¥Ü¥ë¤ò¥°¥ë¡¼¥×¤Ë¤Þ¤È¤á¤ë¤³¤È¤¬¤Ç¤¤ë¡£ °Ê¹ß¤ÎÎã¤Ç¤Ï¡¢(¥·¥ó¥Ü¥ë̾¤Ç¤Ï¤Ê¤¤) ʸ»úÄ̤ê¤Îʸ»úÎó¤Ï ¥·¥ó¥°¥ë¥¯¥ª¡¼¥È ('') ¤ò»ÈÍѤ·¤ÆÌÀ¼¨¤¹¤ë¡£
¥¨¥¤¥ê¥¢¥¹
User_Alias, Runas_Alias
, Host_Alias
, Cmnd_Alias
¤È¤¤¤¦ 4 ¼ïÎà¤Î¥¨¥¤¥ê¥¢¥¹¤¬¤¢¤ë¡£
Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | 'Host_Alias' Host_Alias (':' Host_Alias)* | 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)*
User_Alias ::= NAME '=' User_List
Runas_Alias ::= NAME '=' Runas_List
Host_Alias ::= NAME '=' Host_List
Cmnd_Alias ::= NAME '=' Cmnd_List
NAME ::= [A-Z]([A-Z][0-9]_)*³Æ¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤Ï¡¢¼¡¤Î·Á¼°¤ò¤È¤ë¡£
Alias_Type NAME = item1, item2, ...¤³¤³¤Ç Alias_Type ¤Ï¡¢ User_Alias
, Runas_Alias
, Host_Alias
, Cmnd_Alias
¤Î¤¦¤Á¤Î 1 ¤Ä¤Ç¤¢¤ë¡£ NAME
¤Ï¡¢Âçʸ»ú¡¦¿ô»ú¡¦ ¥¢¥ó¥À¡¼¥¹¥³¥¢Ê¸»ú ('_') ¤«¤é¹½À®¤µ¤ì¤ëʸ»úÎó¤Ç¤¢¤ë¡£ NAME
¤ÏÂçʸ»ú¤«¤é»Ï¤Þ¤Ã¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥³¥í¥ó (':') ¤Ç¤Ä¤Ê¤²¤ì¤Ð¡¢ Ʊ°ì¥¿¥¤¥×¤ÎÊ£¿ô¤Î¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤ò 1 ¹Ô¤ËÃÖ¤¯¤³¤È¤¬¤Ç¤¤ë¡£ Îã¤òµó¤²¤ë¡£
Alias_Type NAME = item1, item2, item3 : NAME = item4, item5³¤±¤Æ¡¢Í¸ú¤Ê¥¨¥¤¥ê¥¢¥¹¥á¥ó¥Ð¤ò¹½À®¤¹¤ëÍ×ÁǤÎÄêµÁ¤òµ½Ò¤¹¤ë¡£
User_List ::= User | User ',' User_List
User ::= '!'* username | '!'* '%'group | '!'* '+'netgroup | '!'* User_AliasUser_List
¤Ë¤Ï¡¢¥æ¡¼¥¶Ì¾¡¦¥æ¡¼¥¶ ID ('#' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ¥·¥¹¥Æ¥à¥°¥ë¡¼¥× ('%' ¤òÁ°¤ËÉÕ¤±¤ë) ¡¦ ¥Í¥Ã¥È¥°¥ë¡¼¥× ('+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ Ê̤Υ¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£ ¥ê¥¹¥È¤Î³Æ¥¢¥¤¥Æ¥à¤ÎÁ°¤Ë¤Ï¡¢1 ¸Ä°Ê¾å¤Î '!' ¥ª¥Ú¥ì¡¼¥¿¤òÃÖ¤¤¤Æ¤â¤è¤¤¡£ ´ñ¿ô¸Ä¤Î '!' ¥ª¥Ú¥ì¡¼¥¿¤Ï¥¢¥¤¥Æ¥à¤ÎÃͤò̵¸ú¤Ë¤¹¤ë¡£ ¶ö¿ô¸Ä¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¡¢¸ß¤¤¤ËÁ껦¤µ¤ì¤ë¤À¤±¤Ç¤¢¤ë¡£
Runas_List ::= Runas_User | Runas_User ',' Runas_List
Runas_User ::= '!'* username | '!'* '#'uid | '!'* '%'group | '!'* +netgroup | '!'* Runas_AliasRunas_List
¤Ï User_List
¤È»÷¤Æ¤¤¤ë¤¬¡¢ ('#' ¤òÁ°¤ËÉÕ¤±¤¿) uid ¤ò´Þ¤á¤ë¤³¤È¤â¤Ç¤¤ë¡£ ¤Þ¤¿ User_Alias
es ¤Ç¤Ï¤Ê¤¯¡¢ Runas_Alias
es ¤ò´Þ¤á¤ë¤³¤È¤¬¤Ç¤¤ë¡£
Host_List ::= Host | Host ',' Host_List
Host ::= '!'* hostname | '!'* ip_addr | '!'* network(/netmask)? | '!'* '+'netgroup | '!'* Host_AliasHost_List
¤Ë¤Ï¡¢¥Û¥¹¥È̾¡¦IP ¥¢¥É¥ì¥¹¡¦ ¥Í¥Ã¥È¥ï¡¼¥¯Èֹ桦¥Í¥Ã¥È¥°¥ë¡¼¥× ('+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ¤½¤Î¾¤Î¥¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£ ¤³¤³¤Ç¤â¡¢¥¢¥¤¥Æ¥à¤ÎÃÍ¤Ï '!' ¥ª¥Ú¥ì¡¼¥¿¤Ë¤è¤Ã¤Æ̵¸ú¤Ë¤µ¤ì¤ë¡£ ¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¤Ë¥Í¥Ã¥È¥Þ¥¹¥¯¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢ ¥Û¥¹¥È¤Î¥¤¡¼¥µ¥Í¥Ã¥È¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬ ¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë»È¤ï¤ì¤ë¡£ ¥Í¥Ã¥È¥Þ¥¹¥¯¤Ï¡¢¥É¥Ã¥È¤Ç 4 ¤Ä¤Ë¶èÀڤä¿É½µ (Î㤨¤Ð 255.255.255.0) ¤È CIDR ɽµ (¥Ó¥Ã¥È¤Î¿ô¡¢Î㤨¤Ð 24) ¤Î¤É¤Á¤é¤Ç»ØÄꤷ¤Æ¤â¤è¤¤¡£ ¥Û¥¹¥È̾¤Ë¤Ï¡¢¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É (°Ê²¼¤Î¡Ö¥ï¥¤¥ë¥É¥«¡¼¥É¡×¤Î¥»¥¯¥·¥ç¥ó¤ò»²¾È) ¤ò»È¤Ã¤Æ¤â¤è¤¤¡£ ¤¿¤À¤·¡¢·×»»µ¡¤Î hostname
¥³¥Þ¥ó¥É¤¬ ´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¥Û¥¹¥È̾¤òÊÖ¤µ¤Ê¤¤¾ì¹ç¤Ë ¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¨¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢ fqdn ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¤À¤í¤¦¡£
Cmnd_List ::= Cmnd | Cmnd ',' Cmnd_List
commandname ::= filename | filename args | filename '""'
Cmnd ::= '!'* commandname | '!'* directory | '!'* Cmnd_AliasCmnd_List
¤Ï¡¢¥³¥Þ¥ó¥É̾¡¦¥Ç¥£¥ì¥¯¥È¥ê¡¦Ê̤Υ¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¥ê¥¹¥È¤Ç¤¢¤ë¡£ ¥³¥Þ¥ó¥É̾¤Ï´°Á´¤Ê¥Õ¥¡¥¤¥ë̾¤Ç¡¢¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É (°Ê²¼¤Î¡Ö¥ï¥¤¥ë¥É¥«¡¼¥É¡×¥»¥¯¥·¥ç¥ó¤ò»²¾È) ¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ñ¤Ê¤ë¥Õ¥¡¥¤¥ë̾¤Ë¤¹¤ë¤È¡¢Ë¾¤ß¤Î°ú¤¿ô¤È¤È¤â¤Ë¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ¤·¤«¤·¡¢¤µ¤é¤Ë (¥ï¥¤¥ë¥É¥«¡¼¥É¤ò¤â´Þ¤à) ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ò»ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë¡£ È¿ÂФˡ¢¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤Ê¤·¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤µ¤»¤ë¤Ë¤Ï¡¢ ""
¤ò»ØÄꤹ¤ì¤ÐÎɤ¤¡£ ¥Ç¥£¥ì¥¯¥È¥ê¤Ï '/' ¤Ç¤ª¤ï¤ë´°Á´¤Ê¥Ñ¥¹Ì¾¤Ç¤¢¤ë¡£ Cmnd_List
¤Ç¥Ç¥£¥ì¥¯¥È¥ê¤ò»ØÄꤹ¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï¤½¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ëÁ´¤Æ¤Î¥Õ¥¡¥¤¥ë¤ò¼Â¹Ô¤Ç¤¤ë (¤·¤«¤·¡¢¤½¤Î¥µ¥Ö¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë¤Ï¼Â¹Ô¤Ç¤¤Ê¤¤)¡£
Cmnd
¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È´ØÏ¢¤Å¤±¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ Cmnd
¤ÎÃæ¤Î°ú¤¿ô¤Ï¡¢ ¥æ¡¼¥¶¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄꤷ¤¿°ú¤¿ô¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ (¥ï¥¤¥ë¥É¥«¡¼¥É¤¬¤¢¤Ã¤¿¾ì¹ç¤Ï¡¢¤½¤ì¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤)¡£ ',', ':', '=', '\' ¤È¤¤¤¦Ê¸»ú¤ò ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È¤·¤Æ»È¤¦¾ì¹ç¡¢ '\' ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
¥Ç¥Õ¥©¥ë¥È
¤¢¤ëÀßÄꥪ¥×¥·¥ç¥ó¤ÎÃͤò¡¢ 1 ¹Ô°Ê¾å¤Î Default_Entry¹Ô¤ò»È¤Ã¤Æ¡¢ ¥Ç¥Õ¥©¥ë¥È¤ÎÃͤ«¤éÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤Î¹Ô¤¬¸ú²Ì¤ò»ý¤ÄÈϰϤϡ¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤¹¤ë¤³¤È¤â¡¢ »ØÄꤷ¤¿¥Û¥¹¥È¾å¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤¹¤ë¤³¤È¤â¡¢ »ØÄꤷ¤¿¥æ¡¼¥¶¤Ë¤¹¤ë¤³¤È¤â¤Ç¤¤ë¡£ Ê£¿ô¤Î¥¨¥ó¥È¥ê¤¬¥Þ¥Ã¥Á¤¹¤ë¾ì¹ç¤Ï¡¢½çÈÖ¤ËŬÍѤµ¤ì¤ë¡£ Ì·½â¤¹¤ëÃͤ¬¤¢¤ë¾ì¹ç¤Ï¡¢¥Þ¥Ã¥Á¤¹¤ë¹Ô¤ÎºÇ¸å¤ÎÃͤ¬¸ú²Ì¤ò»ý¤Ä¡£
Default_Type ::= 'Defaults' || 'Defaults' ':' User || 'Defaults' '@' Host
Default_Entry ::= Default_Type Parameter_List
Parameter ::= Parameter '=' Value || Parameter '+=' Value || Parameter '-=' Value || '!'* Parameter ||Parameter ¤Ï ¥Õ¥é¥°¡¦À°¿ô¡¦ ʸ»úÎ󡦥ꥹ¥È¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ë¡£ ¥Õ¥é¥°¤Ï¼Â¤Ï¿¿µ¶ÃͤǤ¢¤ê¡¢'!' ¥ª¥Ú¥ì¡¼¥¿¤Ç off ¤Ë¤Ç¤¤ë¡£ À°¿ô¡¦Ê¸»úÎ󡦥ꥹ¥È¤Î¥Ñ¥é¥á¡¼¥¿¤Î¤Ê¤«¤Ë¤â¿¿µ¶ÃͤΰÕÌ£¤Ç»È¤¨¤ë¤â¤Î¤¬¤¢¤ê¡¢ ¤½¤ì¤é¤Ï̵¸ú¤Ë¤Ç¤¤ë¡£ ÃͤËÊ£¿ô¤Î¥ï¡¼¥É¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ï¡¢ ¥À¥Ö¥ë¥¯¥ª¡¼¥È ( "
) ¤Ç°Ï¤Þ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ Æüìʸ»ú¤Ï¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ( \
) ¤Ç ¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
¥ê¥¹¥È¤Ë¤Ï¤½¤Î¾¤Ë 2 ¤Ä¤ÎÂåÆþ¥ª¥Ú¥ì¡¼¥¿ +=
¤È -=
¤¬¤¢¤ë¡£ ¤³¤ì¤é¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¤½¤ì¤¾¤ì¥ê¥¹¥È¤ÎÄɲäȺï½ü¤ò¹Ô¤¦¡£ -=
¥ª¥Ú¥ì¡¼¥¿¤ò»È¤Ã¤Æ ¥ê¥¹¥È¤Ë¸ºß¤·¤Ê¤¤Í×ÁǤòºï½ü¤¹¤ë¤È¥¨¥é¡¼¤Ë¤Ê¤ë¡£
sudoers ¥Õ¥¡¥¤¥ë¤ò½ç½øÀµ¤·¤¯²òÀϤµ¤»¤ë¤¿¤á¡¢ ¥Ç¥Õ¥©¥ë¥È¥»¥¯¥·¥ç¥ó¤Ï Host, User, Cmnd ¥¨¥¤¥ê¥¢¥¹¤è¤êÁ°¤Ç ¥æ¡¼¥¶»ØÄê¤è¤ê¸å¤Ë¤¹¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
¥Õ¥é¥°:
- long_otp_prompt
- (S/Key ¤ä OPIE ¤Ê¤É¤Î) ¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë¤³¤Î¥ª¥×¥·¥ç¥ó¤¬Í¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢ ¥í¡¼¥«¥ë¤Ê¥¦¥¤¥ó¥É¥¦¤ËÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤ò ´Êñ¤Ë¥«¥Ã¥È¡õ¥Ú¡¼¥¹¥È¤Ç¤¤ë¤è¤¦¤Ë¡¢2 ¹Ô¤Î¥×¥í¥ó¥×¥È¤¬»È¤ï¤ì¤ë¡£ ¤³¤ì¤ò¥Ç¥Õ¥©¥ë¥È¤Ë¤¹¤ë¤Î¤ÏÎɤ¯¤Ê¤¤¤¬¡¢ÊØÍø¤À¤È¸À¤¦¿Í¤â¤¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- ignore_dot
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢´Ä¶ÊÑ¿ô PATH
¤Ë¤¢¤ë (¥«¥ì¥ó¥È¥Ç¥£¥ì¥¯¥È¥ê¤òɽ¤¹) '.' ¤È '' ¤¬Ìµ»ë¤µ¤ì¤ë¡£ PATH
¤½¤Î¤â¤Î¤ÏÊѹ¹¤µ¤ì¤Ê¤¤¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - mail_always
- ¥æ¡¼¥¶¤¬ sudo ¤ò¼Â¹Ô¤¹¤ëÅ٤ˡ¢mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- mail_badpass
- sudo ¤ò¼Â¹Ô¤·¤¿¥æ¡¼¥¶¤¬Àµ¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤«¤Ã¤¿¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- mail_no_user
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Ë¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
- mail_no_host
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Ë¸ºß¤¹¤ë¤¬¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- mail_no_perms
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ sudo ¤ò»È¤¦¤³¤È¤Ïµö²Ä¤µ¤ì¤Æ¤¤¤ë¤¬¡¢ ¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¥³¥Þ¥ó¥É¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Î¥¨¥ó¥È¥ê¤Ë¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- tty_tickets
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï tty Ëè¤Ëǧ¾Ú¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ Ä̾sudo ¤Ï¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë ¼Â¹Ô¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤ÈƱ¤¸Ì¾Á°¤Î¥Ç¥£¥ì¥¯¥È¥ê¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤¬ on ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢sudo ¤Ï ¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë ¥æ¡¼¥¶¤¬¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë tty ¤ËÂбþ¤·¤¿¥Õ¥¡¥¤¥ë̾¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- lecture
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ ½é¤á¤Æ sudo ¤ò¼Â¹Ô¤·¤¿¤È¤¡¢¥æ¡¼¥¶¤Ïû¤¤¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¼è¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
- authenticate
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É (¤â¤·¤¯¤Ï¡¢Ê̤Îǧ¾ÚÊýË¡) ¤Ç¼«Ê¬¼«¿È¤ËÂФ·¤Æ ǧ¾Ú¤ò¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤³¤Î¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï PASSWD
¥¿¥°¤È NOPASSWD
¥¿¥°¤ò»È¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£ - root_sudo
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢root ¤â sudo ¤¬¼Â¹Ô¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤ò off ¤Ë¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ "sudo sudo /bin/sh"
¤Î¤è¤¦¤Ë¤·¤Æ root ¤Î¥·¥§¥ë¤òÆþ¼ê¤·¤è¤¦¤È ``Ä©À魯¤ë'' ¤³¤È¤¬ËɻߤǤ¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£ - log_host
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ ¥Û¥¹¥È̾¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- log_year
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ 4 ·å¤Îǯ¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- shell_noargs
- ¤³¤Î¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë sudo ¤¬°ú¤¿ô¤Ê¤·¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢ -s ¥Õ¥é¥°¤¬Í¿¤¨¤é¤ì¤¿¾ì¹ç¤ÈƱÍͤËÆ°ºî¤¹¤ë¡£ ¤Ä¤Þ¤ê¡¢sudo ¤Ï¥·¥§¥ë¤ò root ¤È¤·¤Æ¼Â¹Ô¤¹¤ë (´Ä¶ÊÑ¿ô SHELL
¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¥·¥§¥ë¤Ï¤½¤Î´Ä¶ÊÑ¿ô¤Ç·èÄꤵ¤ì¤ë¡£ ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î /etc/passwd ¤Î¥¨¥ó¥È¥ê¤Ë¤¢¤ë¥·¥§¥ë¤ò»È¤¦)¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - set_home
- ¤³¤Î¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë sudo ¤¬ -s ¥Õ¥é¥°¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢ ´Ä¶ÊÑ¿ô HOME
¤¬Âоݥ桼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄꤵ¤ì¤ë (¤³¤Î¾ì¹ç¤ÎÂоݥ桼¥¶¤Ï¡¢-u ¥ª¥×¥·¥ç¥ó¤Ç»ØÄꤵ¤ì¤Ê¤¤¸Â¤ê root ¤Ç¤¢¤ë)¡£ ¤³¤Î¥Õ¥é¥°¤Ï¡¢-s ¥Õ¥é¥°¤¬»È¤ï¤ì¤¿¾ì¹ç¤Ë -H ¤ò°ÅÌۤΤ¦¤Á¤Ë͸ú¤Ë¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - always_set_home
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï´Ä¶ÊÑ¿ô HOME
¤ò Âоݥ桼¥¶ (-u ¥ª¥×¥·¥ç¥ó¤ò»È¤ï¤Ê¤¤¸Â¤ê¤Ï root) ¤Î ¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄꤹ¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï -H ¤ò°ÅÌۤΤ¦¤Á¤Ë͸ú¤Ë¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - path_info
- Ä̾ï sudo ¤Ï¥³¥Þ¥ó¥É¤¬ PATH
´Ä¶ÊÑ¿ô¤Ë¸«¤Ä¤«¤é¤Ê¤¤¾ì¹ç¥æ¡¼¥¶¤Ë¹ðÃΤ¹¤ë¡£ Ä̾ï¤Î¥æ¡¼¥¶¤¬¡¢¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¤¼Â¹Ô¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤Ë´Ø¤¹¤ë ¾ðÊó¤ò¼ý½¸¤Ç¤¤Ê¤¤¤è¤¦¤Ë¡¢ ¥µ¥¤¥È¤Ë¤è¤Ã¤Æ¤Ï¤³¤Î¹ðÃΤò¥æ¡¼¥¶¤Ë¹Ô¤ï¤Ê¤¤¤è¤¦¤Ë¤·¤¿¤¤¤³¤È¤¬¤¢¤ë¤«¤â¤·¤ì¤Ê¤¤¡£ ¤·¤«¤·¹ðÃΤò¹Ô¤ï¤Ê¤¤¤È¡¢ ñ¤Ë¼Â¹Ô¥Õ¥¡¥¤¥ë¤¬¥æ¡¼¥¶¤Î PATH
¤Ë¤Ê¤¤¤À¤±¤Î¾ì¹ç¤Ç¤â¡¢ sudo ¤Ï¥æ¡¼¥¶¤Ë¡Ö¼Â¹Ôµö²Ä¤¬¤Ê¤¤¡×¤ÈÅÁ¤¨¤Æ¤·¤Þ¤¤¡¢ ʶ¤é¤ï¤·¤¯¤Ê¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - preserve_groups
- ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢sudo ¤Ï¥°¥ë¡¼¥×¥Ù¥¯¥È¥ë¤ò Âоݥ桼¥¶¤¬½ê°¤¹¤ë¥°¥ë¡¼¥×¤Î¥ê¥¹¥È¤Ç½é´ü²½¤¹¤ë¡£ preserve_groups ¤¬ÀßÄꤵ¤ì¤¿¾ì¹ç¡¢ ¥æ¡¼¥¶¤¬´û¤Ë»ý¤Ã¤Æ¤¤¤ë¥°¥ë¡¼¥×¥Ù¥¯¥È¥ë¤ÏÊѹ¹¤µ¤ì¤Ê¤¤¡£ ¤À¤À¤·¼Â¥°¥ë¡¼¥× ID ¤È¼Â¸ú¥°¥ë¡¼¥× ID ¤Ï¡¢ Âоݥ桼¥¶¤Ë¥Þ¥Ã¥Á¤¹¤ë¤è¤¦¤ËÀßÄꤵ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- fqdn
- sudoers ¥Õ¥¡¥¤¥ë¤Ë´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¥Û¥¹¥È̾¤òÆþ¤ì¤¿¤¤¾ì¹ç¤Ï¡¢ ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¡£ ¤¹¤Ê¤ï¤Á myhost ¤Ç¤Ï¤Ê¤¯ myhost.mydomain.edu ¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ç¤¢¤ë¡£ ¤³¤Î¥Õ¥é¥°¤òÀßÄꤷ¤Æ¤â¡¢»È¤¤¤¿¤±¤ì¤Ðû¤¤·Á¼°¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë (û¤¤·Á¼°¤È´°Á´¤Ê·Á¼°¤òº®¤¼¤Æ»È¤¦¤³¤È¤â¤Ç¤¤ë)¡£ fqdn ¤ò on ¤Ë¤¹¤ë¤È¡¢sudo ¤Ï DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤¬É¬Íפˤʤ뤳¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤ò¤¹¤ë¤È¡¢ DNS ¤¬²ÔƯ¤·¤Æ¤¤¤Ê¤¤¤È¤ (·×»»µ¡¤¬¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ê¤É) sudo ¤Ï°ÂÁ´¤Ç¤Ê¤¯¤Ê¤ë¡£ DNS ¤Ë¤¢¤ë¥Û¥¹¥È¤ÎÀµ¼°¤Ê̾Á°¤ò»È¤ï¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤Ë¤âÃí°Õ¤¹¤ë¤³¤È¡£ ¤Ä¤Þ¤ê¡¢¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤ÎÌäÂê¤È DNS ¤«¤éÁ´¤Æ¤Î¥¨¥¤¥ê¥¢¥¹¤ò¼èÆÀ¤Ç¤¤Ê¤¤¤È¤¤¤¦ÌäÂ꤫¤é¡¢ ¥Û¥¹¥È̾¤Î¥¨¥¤¥ê¥¢¥¹ ( CNAME
¥¨¥ó¥È¥ê) ¤ò»È¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£ ( hostname
¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë) ·×»»µ¡¤Î¥Û¥¹¥È̾¤¬ ´û¤Ë¥É¥á¥¤¥ó̾ÉÕ¤¤Î´°Á´¤Ê¤â¤Î¤Ç¤¢¤ë¾ì¹ç¡¢ fqdn ¤òÀßÄꤹ¤ë¤Ù¤¤Ç¤Ï¤Ê¤¤¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - insults
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤¿¥æ¡¼¥¶¤òÉî¿«¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- requiretty
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ real tty ¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¤È¤¤Î¤ß sudo ¤¬¼Â¹Ô¤Ç¤¤ë¡£ rsh(1) ¤Ï tty ¤ò³ÎÊݤ·¤Ê¤¤¤Î¤Ç¡¢ "rsh somehost sudo ls"
¤È¤¤¤Ã¤¿¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¯¤Ê¤ë¡£ tty ¤¬¤Ê¤¤¤È¥¨¥³¡¼¤¬¾Ã¤»¤Ê¤¤¤Î¤Ç¡¢ ÆþÎÏ»þ¤Ë¥Ñ¥¹¥ï¡¼¥É¤¬¸½¤ì¤Æ¤·¤Þ¤¦¤Î¤òËɻߤ¹¤ë¤¿¤á¤Ë¡¢ ¤³¤Î¥Õ¥é¥°¤òÀßÄꤷ¤¿¤¤¤È»×¤¦¥µ¥¤¥È¤â¤¢¤ë¤À¤í¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - env_editor
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢visudo ¤Ï ¥Ç¥Õ¥©¥ë¥È¤Î¥¨¥Ç¥£¥¿¥ê¥¹¥È¤ò»È¤¦Á°¤Ë¡¢ ´Ä¶ÊÑ¿ô EDITOR ¤È VISUAL ¤ÎÃͤò»È¤¦¡£ ¥æ¡¼¥¶¤Ï¥í¥°¤ËµÏ¿¤µ¤ì¤ë¤³¤È¤Ê¤¯ Ǥ°Õ¤Î¥³¥Þ¥ó¥É¤ò root ¤È¤·¤Æ¼Â¹Ô¤Ç¤¤Æ¤·¤Þ¤¦¤Î¤Ç¡¢ ¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤òºî¤Ã¤Æ¤·¤Þ¤¦¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ °ÂÁ´¤ÊÂåÂذƤȤ·¤Æ¤Ï¡¢ ¥³¥ó¥Þ¤Ç¶èÀڤä¿¥¨¥Ç¥£¥¿¤Î¥ê¥¹¥È¤ò editor
ÊÑ¿ô¤ËÀßÄꤹ¤ë¤³¤È¤Ç¤¢¤ë¡£ ¤½¤¦¤¹¤ë¤Èvisudo ¤Ï¡¢ editor
¤Ë»ØÄꤵ¤ì¤¿ÃÍ¤Ë EDITOR ¤Þ¤¿¤Ï VISUAL ¤¬¥Þ¥Ã¥Á¤¹¤ë¤È¤¤Ë¤Î¤ß¡¢ ¤½¤Î´Ä¶ÊÑ¿ô¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - rootpw
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ׵᤹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
- runaspw
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ runas_default ¥ª¥×¥·¥ç¥ó¤ÇÄêµÁ¤µ¤ì¤¿¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï root
) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ׵᤹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - targetpw
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ -u ¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤¿¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï root
) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ׵᤹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£ - set_logname
- Ä̾ï sudo ¤Ï´Ä¶ÊÑ¿ô LOGNAME
¤È USER
¤òÂоݥ桼¥¶ (-u ¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤Ê¤¤¤±¤ì¤Ð¤Õ¤Ä¤¦¤Ï root) ¤Î̾Á°¤ËÀßÄꤹ¤ë¡£ ¤·¤«¤·¡¢¼ÂºÝ¤Î¥æ¡¼¥¶¤Î¼±ÊÌ¤Ë LOGNAME
¤ò»È¤¦¥×¥í¥°¥é¥à (RCS revision control system ¤Ê¤É¤¬´Þ¤Þ¤ì¤ë) ¤¬¤¢¤ë¤Î¤Ç¡¢ ¤³¤ÎµóÆ°¤òÊѹ¹¤·¤¿¤¤¤³¤È¤â¤¢¤ë¡£ ¤³¤ì¤Ë¤Ï set_logname ¥ª¥×¥·¥ç¥ó¤ò off ¤Ë¤¹¤ì¤Ð¤è¤¤¡£ - stay_setuid
- Ä̾ï sudo ¤¬¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¡¢ ¼Â UID ¤È¼Â¹Ô UID ¤ÏÂоݥ桼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ï root) ¤ËÀßÄꤵ¤ì¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¼Â UID ¤ò µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î UID ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤è¤¦¤ËÆ°ºî¤òÊѹ¹¤¹¤ë¡£ ¸À¤¤´¹¤¨¤ë¤È¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï sudo ¤ò setuid ¥é¥Ã¥Ñ¡¼¤È¤·¤Æ Æ°ºî¤µ¤»¤ë¤È¤¤¤¦¤³¤È¤Ç¤¢¤ë¡£ ¤³¤ì¤Ï¥×¥í¥°¥é¥à¤¬ setuid ¤µ¤ì¤Æ¼Â¹Ô¤µ¤ì¤ë¤È¤¤Î ÀøºßŪ¤Ë´í¸±¤Êµ¡Ç½¤ò̵¸ú¤Ë¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤ÇÌòΩ¤Ä¡£ ¤¿¤À¤· sudo ¤Ïµ¯Æ°¤·¤¿¥æ¡¼¥¶¡¼¤Î¼Â UID ¤Ç¼Â¹Ô¤µ¤ì¤ë¤Î¤Ç¡¢ OS ¤Ë¤ª¤±¤ë¥·¥°¥Ê¥ë¤È setuid ¥×¥í¥»¥¹¤ÎÁê¸ßºîÍѤÎÄêµÁ¤Ë¤è¤Ã¤Æ¤Ï¡¢ sudo ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¤¬ kill ¤Ç¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
- env_reset
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï°Ê²¼¤ÎÊÑ¿ô¤Î¤ß¤ò´Þ¤à¤è¤¦¤Ë ´Ä¶¤ò¥ê¥»¥Ã¥È¤¹¤ë: HOME
, LOGNAME
, PATH
, SHELL
, TERM
, USER
( SUDO_*
°Ê³°¤Ë)¡£ ¤³¤ì¤é¤Î¤¦¤Á¤Ç TERM
¤À¤±¤¬ °ÊÁ°¤Î´Ä¶¤«¤é¥³¥Ô¡¼¤µ¤ì¤ë¡£ ¾¤ÎÊÑ¿ô¤Ï¥Ç¥Õ¥©¥ë¥È¤ÎÃͤËÀßÄꤵ¤ì¤ë (set_logname ¥ª¥×¥·¥ç¥ó¤ÎÃͤÇÊѹ¹²Äǽ)¡£ sudo ¤¬ SECURE_PATH
¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤Æ ¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¤½¤ÎÃͤϴĶÊÑ¿ô PATH
¤Ë»È¤ï¤ì¤ë¡£ ¾¤ÎÊÑ¿ô¤Ï env_keep ¥ª¥×¥·¥ç¥ó¤ÇÊݸ¤¹¤ë¤³¤È¤â¤Ç¤¤ë¡£ - use_loginclass
- ¤³¤Î¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È¡¢sudo ¤Ï¡¢ Âоݥ桼¥¶¤Î¥í¥°¥¤¥ó¥¯¥é¥¹¤¬¤¢¤ì¤Ð¡¢¤½¤ì¤Ë»ØÄꤵ¤ì¤¿¥Ç¥Õ¥©¥ë¥È¤ÎÃͤòŬÍѤ¹¤ë¡£ sudo ¤Î (¥³¥ó¥Ñ¥¤¥ë»þ¤Ë) --with-logincap ¥ª¥×¥·¥ç¥ó¤¬ ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ß¡¢Í¸ú¤Ç¤¢¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
À°¿ô:
- passwd_tries
- sudo ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤·¤Æ½ªÎ»¤¹¤ë¤Þ¤Ç¤Ë¡¢ ¥æ¡¼¥¶¤¬¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤǤ¤ë²ó¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 3
¡£
¿¿µ¶ÃͤȤ·¤Æ¤â»ÈÍѤµ¤ì¤ëÀ°¿ô:
- loglinelen
- ¥Õ¥¡¥¤¥ë¥í¥°¤Î 1 ¹ÔÅö¤¿¤ê¤Îʸ»ú¿ô¡£ ¤³¤ÎÃͤϡ¢¥í¥°¥Õ¥¡¥¤¥ë¤ò¸«¤ä¤¹¤¯¤¹¤ë¤¿¤á¤Ë¡¢ ¹Ô¤ò²¿·å¤ÇÀÞ¤êÊÖ¤¹¤«¤ò·èÄꤹ¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ syslog ¥Õ¥¡¥¤¥ë¤Ë¤Ï²¿¤â±Æ¶Á¤»¤º¡¢¥Õ¥¡¥¤¥ë¥í¥°¤À¤±¤Ë±Æ¶Á¤¹¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 80
(ÀÞ¤êÊÖ¤·¤ò¤·¤Ê¤¤¾ì¹ç¤Ï 0 ¤ò»ØÄꤹ¤ë)¡£ - timestamp_timeout
- sudo ¤¬ºÆÅ٥ѥ¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤Þ¤Ç¤Ë·Ð²á¤¹¤ëʬ¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5
¡£ ¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÍ׵ᤵ¤»¤ë¤Ë¤Ï 0
¤ËÀßÄꤹ¤ë¡£ 0
¤è¤ê¾®¤µ¤¤ÃͤËÀßÄꤹ¤ë¤È¡¢ ¥æ¡¼¥¶¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ï¼º¸ú¤·¤Ê¤¤¡£ ¤³¤ì¤Ï¥æ¡¼¥¶¤¬¼«¿È¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤ÎºîÀ®¡¦ºï½ü¤ò sudo -v
¤ä sudo -k
¤Ç²Äǽ¤Ë¤¹¤ë¤¿¤á¤Ë»È¤¦¡£ - passwd_timeout
- sudo ¤Î¥Ñ¥¹¥ï¡¼¥ÉÍ׵᤬»þ´ÖÀÚ¤ì¤Ë¤Ê¤ë¤Þ¤Ç¤Îʬ¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5
¡£ ¥Ñ¥¹¥ï¡¼¥ÉÍ×µá¤Î»þ´ÖÀÚ¤ì¤ò¤Ê¤¯¤¹¤Ë¤Ï 0
¤ËÀßÄꤹ¤ë¡£ - umask
- ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤Î umask¡£ ¥æ¡¼¥¶¤Î umask ¤ò¾å½ñ¤¤·¤Ê¤¤¤¿¤á¤Ë¤Ï¡¢ ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò̵¸ú¤Ë¤¹¤ë¤« 0777 ¤ËÀßÄꤹ¤ë¤³¤È¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 0022
¡£
ʸ»úÎó:
- mailsub
- mailto ¥æ¡¼¥¶¤ËÁ÷¤é¤ì¤ë¥á¡¼¥ë¤Î Subject (Âê̾)¡£ ¥¨¥¹¥±¡¼¥× %h
¤Ï·×»»µ¡¤Î¥Û¥¹¥È̾¤ËŸ³«¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï *** SECURITY information for %h ***
¡£ - badpass_message
- ¥æ¡¼¥¶¤¬ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤¿¾ì¹ç¤Ëɽ¼¨¤µ¤ì¤ë¥á¥Ã¥»¡¼¥¸¡£ insults ¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¸Â¤ê¡¢ ¥Ç¥Õ¥©¥ë¥È¤Ï Sorry, try again.
¡£ - timestampdir
- sudo ¤¬¥¿¥¤¥à¥¹¥¿¥ó¥×¥Õ¥¡¥¤¥ë¤òÃÖ¤¯¥Ç¥£¥ì¥¯¥È¥ê¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï /var/run/sudo¡£
- passprompt
- ¥Ñ¥¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤È¤¤Ë»È¤ï¤ì¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥×¥í¥ó¥×¥È¡£ -p ¥ª¥×¥·¥ç¥ó¤ä´Ä¶ÊÑ¿ô SUDO_PROMPT
¤ò»È¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£ 2 ¤Ä¤Î¥¨¥¹¥±¡¼¥×¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£ ``%u'' ¤Ï¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó̾¤ËŸ³«¤µ¤ì¡¢ ``%h'' ¤Ï¥í¡¼¥«¥ë¥Û¥¹¥È̾¤ËŸ³«¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï Password:
¡£ - runas_default
- -u ¥Õ¥é¥°¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë¡¢ ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥æ¡¼¥¶¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï root
¡£ - syslog_goodpri
- ¥æ¡¼¥¶¤¬Ç§¾Ú¤ËÀ®¸ù¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤Î priority¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï notice
¡£ - syslog_badpri
- ¥æ¡¼¥¶¤¬Ç§¾Ú¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤Î priority¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï alert
¡£ - editor
- visudo ¤Ç»ÈÍѲÄǽ¤Ê¥¨¥Ç¥£¥¿¤Î¥ê¥¹¥È¡£ ¥ê¥¹¥È¤Ï¥³¥í¥ó (':') ¤Ç¶èÀڤ롣 visudo ¤Ï¥æ¡¼¥¶¡¼¤Î USER ´Ä¶ÊÑ¿ô¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢ ¤½¤ì¤Ë¥Þ¥Ã¥Á¤¹¤ë¥¨¥Ç¥£¥¿¤òÁªÂò¤¹¤ë¡£ ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¥ê¥¹¥È¤ÎºÇ½é¤Ë½ñ¤«¤ì¤Æ¤¤¤ë ¥¨¥Ç¥£¥¿¤¬Â¸ºß¤·¤Æ¼Â¹Ô²Äǽ¤Ç¤¢¤ì¤Ð¡¢¤½¤ì¤òÁªÂò¤¹¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï¥·¥¹¥Æ¥à¾å¤Î vi ¤Î¥Ñ¥¹¡£
¿¿µ¶ÃͤȤ·¤Æ¤â»ÈÍѤµ¤ì¤ëʸ»úÎó:
- logfile
- (syslog ¥í¥°¥Õ¥¡¥¤¥ë¤Ç¤Ï¤Ê¤¯) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤Ø¤Î¥Ñ¥¹¡£ ¥Ñ¥¹¤òÀßÄꤹ¤ë¤È¡¢¤½¤Î¥Õ¥¡¥¤¥ë¤Ø¥í¥°¤¬µÏ¿¤µ¤ì¤ë¡£ ÀßÄꤷ¤Ê¤±¤ì¤Ð¡¢µÏ¿¤µ¤ì¤Ê¤¤¡£
- syslog
- ¥í¥°¤ÎµÏ¿¤Ë syslog ¤¬»È¤ï¤ì¤Æ¤¤¤ë¾ì¹ç¤Î syslog ¤Î facility (syslog ¤Ë¤è¤ë¥í¥°¤ÎµÏ¿¤ò¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄꤷ¤Ê¤¤¤³¤È)¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï local2
¡£ - mailerpath
- ·Ù¹ð¥á¡¼¥ë¤òÁ÷¤ë¤Î¤Ë»È¤ï¤ì¤ë¥á¡¼¥ë¥×¥í¥°¥é¥à¤Î¥Ñ¥¹¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï¡¢ÀßÄê»þ¤Ë¸«¤Ä¤«¤Ã¤¿ sendmail ¤Î¥Ñ¥¹¡£
- mailerflags
- ¥á¡¼¥é¡¼¤òµ¯Æ°¤¹¤ë¤È¤¤Ë»È¤ï¤ì¤ë¥Õ¥é¥°¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï -t¡£
- mailto
- ·Ù¹ð¥á¡¼¥ë¤È¥¨¥é¡¼¥á¡¼¥ë¤òÁ÷¤ë¥¢¥É¥ì¥¹¡£ ¥¢¥É¥ì¥¹¤Ï¡¢sudo ¤¬ @
µ¹æ¤ò²ò¼á¤·¤Ê¤¤¤è¤¦¤Ë¡¢ ¥À¥Ö¥ë¥¯¥©¡¼¥È ( "
) ¤Ç³ç¤é¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï root
¡£ - exempt_group
- ¤³¤Î¥°¥ë¡¼¥×¤Ë°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤È PATH ¤¬É¬Íפʤ¤¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¡£
- verifypw
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ sudo ¤ò -v ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢ ¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפȤµ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃͤΤ¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£
-
- all
- ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ - any
- ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥Õ¥é¥°¤¬ ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ - never
- ¥æ¡¼¥¶¤Ï¡¢-v ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¥Ñ¥¹¥ï¡¼¥É¤òɬÍפȤ·¤Ê¤¤¡£
- always
- ¥æ¡¼¥¶¤Ï¡¢-v ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `all' ¤Ç¤¢¤ë¡£
- listpw
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ sudo ¤ò -l ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢ ¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפȤµ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃͤΤ¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£
-
- all
- ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ - any
- ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎϤò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ - never
- ¥æ¡¼¥¶¤Ï¡¢-l ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¥Ñ¥¹¥ï¡¼¥É¤òɬÍפȤ·¤Ê¤¤¡£
- always
- ¥æ¡¼¥¶¤Ï¡¢-l ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `any' ¤Ç¤¢¤ë¡£
¿¿µ¶ÃͤȤ·¤Æ¤â»ÈÍѤµ¤ì¤ë¥ê¥¹¥È:
- env_check
- ÊÑ¿ô¤ÎÃÍ¤Ë %
ʸ»ú¤Þ¤¿¤Ï /
ʸ»ú¤ò ´Þ¤ó¤Ç¤¤¤ë¾ì¹ç¤Ë¡¢¥æ¡¼¥¶¡¼¤Î´Ä¶¤«¤éºï½ü¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£ ¤³¤ì¤ÏÎɤ¯¹Í¤¨¤º¤Ë½ñ¤«¤ì¤¿¥×¥í¥°¥é¥à¤Ë¤ª¤±¤ë printf ·Á¼°¤ÎÀȼåÀ¤òËɤ°¤¿¤á¤Ë¤¢¤ë¡£ °ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢ ¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃͤǤ¢¤ë¡£ ¥ê¥¹¥È¤ÎÃÖ´¹¡¦Äɲᦺï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì =
, +=
, -=
, !
¥ª¥Ú¥ì¡¼¥¿¤Ç½ÐÍè¤ë¡£ ¥Á¥§¥Ã¥¯¤µ¤ì¤ë´Ä¶ÊÑ¿ô¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥ê¥¹¥È¤Ï¡¢ sudo ¤Ë -V ¤ò¤Ä¤±¤Æ¼Â¹Ô¤¹¤ë¤Èɽ¼¨¤µ¤ì¤ë¡£ - env_delete
- ¥æ¡¼¥¶¡¼¤Î´Ä¶¤«¤éºï½ü¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£ °ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢ ¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃͤǤ¢¤ë¡£ ¥ê¥¹¥È¤ÎÃÖ´¹¡¦Äɲᦺï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì =
, +=
, -=
, !
¥ª¥Ú¥ì¡¼¥¿¤Ç½ÐÍè¤ë¡£ ¥Á¥§¥Ã¥¯¤µ¤ì¤ë´Ä¶ÊÑ¿ô¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥ê¥¹¥È¤Ï¡¢ sudo ¤Ë -V ¤ò¤Ä¤±¤Æ¼Â¹Ô¤¹¤ë¤Èɽ¼¨¤µ¤ì¤ë¡£ - env_keep
- env_reset ¥ª¥×¥·¥ç¥ó¤¬¼Â¹Ô¤µ¤ì¤ë¤È¤¤Ë¡¢ ¥æ¡¼¥¶¡¼¤Î´Ä¶¤ÇÊݸ¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£ ¤³¤ì¤Ë¤è¤ê sudo ¤¬µ¯Æ°¤·¤¿¥×¥í¥»¥¹¤¬¼õ¤±¼è¤ë´Ä¶¤òºÙ¤«¤¯À©¸æ¤Ç¤¤ë¡£ °ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢ ¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃͤǤ¢¤ë¡£ ¥ê¥¹¥È¤ÎÃÖ´¹¡¦Äɲᦺï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì =
, +=
, -=
, !
¥ª¥Ú¥ì¡¼¥¿¤Ç½ÐÍè¤ë¡£ ¤³¤Î¥ê¥¹¥È¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï²¿¤â´Þ¤Þ¤Ê¤¤¡£
syslog(3) ¤Ç¥í¥°¤òµÏ¿¤·¤Æ¤¤¤ë¾ì¹ç¡¢ sudo ¤Ï syslog ¤Î facility (syslog ¥Ñ¥é¥á¡¼¥¿¤ÎÃÍ) ¤È¤·¤Æ¡¢ authpriv (OS ¤¬¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾ì¹ç), auth, daemon, user, local0, local1, local2, local3, local4, local5, local6, local7 ¤ò¼õ¤±ÉÕ¤±¤ë¡£ syslog ¤Î priority ¤È¤·¤Æ¤Ï¡¢ alert, crit, debug, emerg, err, info, notice, warning ¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£
¥æ¡¼¥¶ÀßÄê
User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \ (':' User_Spec)*
Cmnd_Spec_List ::= Cmnd_Spec | Cmnd_Spec ',' Cmnd_Spec_List
Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd
Runas_Spec ::= '(' Runas_List ')'¥æ¡¼¥¶ÀßÄê¤Ï¡¢»ØÄꤷ¤¿¥Û¥¹¥È¾å¤Ç¥æ¡¼¥¶¤¬ (¤É¤Î¥æ¡¼¥¶¤È¤·¤Æ) ¤É¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò·èÄꤹ¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥³¥Þ¥ó¥É¤Ï root ¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¤¬¡¢ ¤³¤ì¤Ï¥³¥Þ¥ó¥ÉËè¤ËÊѹ¹²Äǽ¤Ç¤¢¤ë¡£
¥æ¡¼¥¶ÀßÄê¤ò¹½À®Í×ÁǤ´¤È¤Ëʬ¤±¤Æ¤ß¤ë¡£
Runas_Spec
Runas_Spec¤Ïñ¤Ë (¾å¤ÇÄêµÁ¤·¤¿) Runas_List
¤ò³ç¸Ì¤Ç³ç¤Ã¤¿¤â¤Î¤Ç¤¢¤ë¡£ ¥æ¡¼¥¶ÀßÄê¤Ç Runas_Spec
¤ò»ØÄꤷ¤Ê¤¤¤È¡¢ root ¤Î¥Ç¥Õ¥©¥ë¥È¤Î Runas_Spec
¤¬»È¤ï¤ì¤ë¡£ Runas_Spec
¤Ï¡¢¤½¤Î¸å¤Ë³¤¯¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤òÀßÄꤹ¤ë¡£ ¤Ä¤Þ¤ê:
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤¬¤¢¤ë¾ì¹ç¡¢ ¥æ¡¼¥¶ dgb ¤Ï¡¢/bin/ls, /bin/kill, /usr/bin/lprm ¤ò ¼Â¹Ô¤Ç¤¤ë¡£--- ¤¿¤À¤· operator ¤È¤·¤Æ¤Î¤ß¡£Î㤨¤Ð:
sudo -u operator /bin/ls.Runas_Spec ¤ò¸å¤«¤é¥¨¥ó¥È¥ê¤ÎÃæ¤Ç¾å½ñ¤¤¹¤ë¤³¤È¤â²Äǽ¤Ç¤¢¤ë¡£
dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm¤Î¤è¤¦¤Ë½¤Àµ¤¹¤ë¤È¡¢ ¥æ¡¼¥¶ dgb ¤Ï /bin/ls ¤ò operator ¤È¤·¤Æ¡¢ ¤Þ¤¿ /bin/kill ¤È /usr/bin/lprm ¤ò root ¤È¤·¤Æ ¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤ë¡£
NOPASSWD ¤È PASSWD
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢sudo ¤Ï ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¼«¿È¤Îǧ¾Ú¤òɬÍפȤ¹¤ë¡£ ¤³¤ÎÆ°ºî¤Ï NOPASSWD¥¿¥°¤ÇÊѹ¹¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ Runas_Spec
¤ÈƱÍͤˡ¢ NOPASSWD
¥¿¥°¤Ï ¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤ò¤½¤Î¸å¤Ë³¤¯ Cmnd_Spec_List
¤ËÀßÄꤹ¤ë¡£ µÕ¤Ë PASSWD
¤Ï¤³¤ì¤ò¸µ¤ËÌ᤹¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ Î㤨¤Ð:
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm¤È¤¹¤ë¤È¡¢¥æ¡¼¥¶ ray ¤ÏÈ༫¿È¤Ø¤Îǧ¾Ú¤Ê¤·¤Ç ·×»»µ¡ rushmore ¤Î root ¤È¤·¤Æ /bin/kill, /bin/ls, /usr/bin/lprm ¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ray ¤Ë /bin/kill ¤À¤±¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤·¤¿¤¤¾ì¹ç¡¢¥¨¥ó¥È¥ê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ë¡£
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm¤¿¤À¤·¡¢ PASSWD
¥¿¥°¤Ï exempt_group ¥ª¥×¥·¥ç¥ó¤Ç »ØÄꤵ¤ì¤¿¥°¥ë¡¼¥×¤Ë°¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ë¤Ï¸ú²Ì¤¬¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¸½ºß¤Î¥Û¥¹¥È¾å¤Î¤¢¤ë¥æ¡¼¥¶¤Î¤É¤ì¤«¤Î¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥¿¥°¤¬Å¬ÍѤµ¤ì¤Æ¤¤¤ì¤Ð¡¢ ¤½¤Î¥æ¡¼¥¶¤Ï sudo -l
¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£ ¤µ¤é¤Ë¡¢¤¢¤ë¥æ¡¼¥¶¤Î¸½ºß¤Î¥Û¥¹¥È¤Ë´ØÏ¢¤¹¤ëÁ´¤Æ¤Î¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥¿¥°¤¬¤¢¤ë¾ì¹ç¤Ë¸Â¤ê¡¢ ¤½¤Î¥æ¡¼¥¶¤Ï sudo -v
¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£ ¤³¤ÎÆ°ºî¤Ï verifypw ¤È listpw ¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤ÆÊѹ¹¤Ç¤¤ë¡£
¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌ̾¡¢¥á¥¿¥¥ã¥é¥¯¥¿):
sudo ¤Ï sudoers ¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ¡¢ ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ä¥Ñ¥¹Ì¾¤ËÂФ·¤Æ ¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¥ï¥¤¥ë¥É¥«¡¼¥É¤Î¥Þ¥Ã¥Á¥ó¥°¤Ï¡¢ POSIX ¤Î fnmatch(3)
¥ë¡¼¥Á¥ó¤ò»È¤Ã¤Æ¹Ô¤ï¤ì¤ë¡£ Àµµ¬É½¸½¤Ç¤Ï¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
- *
- Ǥ°Õ¤Î 0 ¸Ä°Ê¾å¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- ?
- Ǥ°Õ¤Î 1 ¸Ä¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- [...]
- »ØÄꤷ¤¿ÈϰϤˤ¢¤ëǤ°Õ¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- [!...]
- »ØÄꤷ¤¿ÈϰϤˤʤ¤Ç¤°Õ¤Îʸ»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- \x
- ``x'' ¤Çɾ²Á¤µ¤ì¤ëǤ°Õ¤Îʸ»ú ``x''¡£ ¤³¤ì¤Ï¡¢``*'', ``?'', ``['', ``}'' ¤Î¤è¤¦¤Ê ¥¨¥¹¥±¡¼¥×ʸ»ú¤ËÂФ·¤Æ»È¤ï¤ì¤ë¡£
¥Õ¥©¥ï¡¼¥É¥¹¥é¥Ã¥·¥å ('/') ¤Ï¡¢¥Ñ¥¹Ì¾¤Ç»È¤ï¤ì¤ë¥ï¥¤¥ë¥É¥«¡¼¥É¤ËÂФ·¤Æ¤Ï ¥Þ¥Ã¥Á¤·¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ËÂФ·¤Æ¥Þ¥Ã¥Á¥ó¥°¤ò¤¹¤ë¾ì¹ç¡¢ ¥¹¥é¥Ã¥·¥å¤Ï¥ï¥¤¥ë¥É¥«¡¼¥É¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£ ¤³¤ì¤Ï
/usr/bin/*¤Î¤è¤¦¤Ê¥Ñ¥¹¤ò¡¢ /usr/bin/who
¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¡¢ /usr/bin/X11/xterm
¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£
¥ï¥¤¥ë¥É¥«¡¼¥É¤Îµ¬Â§¤Ë¤ª¤±¤ëÎã³°:
¾å¤Îµ¬Â§¤ËÂФ·¤Æ¡¢¼¡¤ÎÎã³°¤¬Å¬ÍѤµ¤ì¤ë¡£- ``''
- ¶õ¤Îʸ»úÎó ""
¤¬ sudoers ¥¨¥ó¥È¥ê¤Î Í£°ì¤Î¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤Ç¤¢¤ë¾ì¹ç¡¢ ¡Ö¥³¥Þ¥ó¥É¤Ë°ú¤¿ô¤ò¤Ä¤±¤¿¤È¤¤Ï¡¢¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¤¡× ¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤¹¤ë¡£
¤½¤Î¾¤ÎÆüìʸ»ú¤ÈͽÌó¸ì:
¥·¥ã¡¼¥×µ¹æ ('#') ¤Ï¥³¥á¥ó¥È¤òɽ¤¹¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ (¥æ¡¼¥¶Ì¾¤Ç»È¤ï¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï½ü¤¯¡£ ¤Þ¤¿¡¢1 ¸Ä°Ê¾å¤Î¿ô»ú¤¬Â³¤¤¤Æ¤¤¤Æ¡¢¥æ¡¼¥¶ ID ¤È¤·¤Æ°·¤ï¤ì¤ë¾ì¹ç¤â½ü¤¯¡£) ¥³¥á¥ó¥Èʸ»ú¤È¤½¤ì°Ê¹ß¤Î¥Æ¥¥¹¥È¤Ï¡¢¹ÔËö¤Þ¤Ç̵»ë¤µ¤ì¤ë¡£Í½Ìó¸ì ALL ¤ÏÁȹþ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤Ç¡¢ ¾ï¤Ë¥Þ¥Ã¥Á¤òÀ®¸ù¤µ¤»¤ë¡£ ¤³¤ÎͽÌó¸ì¤Ï¤É¤³¤Ç¤â»È¤¨¤ë¡£ ¤³¤ì¤ò»È¤¤¤¿¤¯¤Ê¤¤¾ì¹ç¤Ï¡¢ Cmnd_Alias
, User_Alias
, Runas_Alias
, Host_Alias
¤ò»È¤¦¤³¤È¡£ ALL ¤È¤¤¤¦ ¥¨¥¤¥ê¥¢¥¹ ¤ò¼«Ê¬¤ÇÄêµÁ¤·¤è¤¦¤È¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£ Áȹþ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤¬Í¥À褵¤ì¤ë¤«¤é¤Ç¤¢¤ë¡£ ALL ¤ò»È¤¦¤È´í¸±¤Ë¤Ê¤ë²ÄǽÀ¤¬¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤Ê¤¼¤Ê¤é¡¢¤³¤ì¤ò¥³¥Þ¥ó¥É¤Î»ØÄê¤Ç»È¤¦¤È¡¢ ¥æ¡¼¥¶¤Ï¥·¥¹¥Æ¥à¾å¤ÎÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤«¤é¤Ç¤¢¤ë¡£
´¶Ã²Éä ('!') ¤Ï¡¢¥¨¥¤¥ê¥¢¥¹¤ÎÃæ¤È Cmnd
¤ÎÁ°¤Ç¡¢ ÏÀÍý³Ø¤Î not ¥ª¥Ú¥ì¡¼¥¿¤È¤·¤Æ»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤Ë¤è¤ê¡¢¤¢¤ëÃͤòÇÓ½ü¤Ç¤¤ë¡£ ¤·¤«¤· !
¤ò Áȹþ¤ß¤Î ALL
¥¨¥¤¥ê¥¢¥¹¤ÈÁȤ߹ç¤ï¤»¤Æ¡¢ ¥æ¡¼¥¶¤¬ ``Á´¤Æ¤Ç¤Ï¤Ê¤¯°ìÉô¤Î'' ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë ¤·¤è¤¦¤È¤·¤Æ¤â¡¢°Õ¿Þ¤·¤¿¤è¤¦¤ËÆ°ºî¤¹¤ë¤³¤È¤Ïµ©¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È (°Ê²¼¤Î¡Ö¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ¡×¤ò»²¾È)¡£
Ť¤¹Ô¤Ï¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ('\') ¤ò¹Ô¤ÎºÇ¸å¤Îʸ»ú¤Ë¤¹¤ì¤Ð ³¤±¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¥ê¥¹¥È¤Ë¤ª¤±¤ë¹½À®Í×ÁǴ֤ζõÇò¤ä¡¢ ¥æ¡¼¥¶ÀßÄê¤Ë¤ª¤±¤ëÆüì¤Ê¹½Ê¸Ê¸»ú ('=', ':', '(', ')') ¤Ï¡¢¤Ê¤¯¤Æ¤â¤è¤¤¡£
'@', '!', '=', ':', ',', '(', ')', '\' ¤È¤¤¤¦Ê¸»ú¤ò¥ï¡¼¥É (Î㤨¤Ð¡¢¥æ¡¼¥¶Ì¾¤ä¥Û¥¹¥È̾) ¤Î°ìÉô¤È¤·¤Æ»È¤¦¾ì¹ç¤Ï¡¢ ¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ('\') ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
Îã
°Ê²¼¤Ï sudoers ¥¨¥ó¥È¥ê¤ÎÎã¤Ç¤¢¤ë¡£ ÀµÄ¾¤Ê¤È¤³¤í¡¢¤¤¤¯¤Ä¤«¤Ï¾¯¤·¤ï¤¶¤È¤é¤·¤¤¡£ »Ï¤á¤Ë¥¨¥¤¥ê¥¢¥¹¤òÄêµÁ¤¹¤ë¡£# User alias specification User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim
# Runas alias specification Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase
# Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ SGI = grolsch, dandelion, black :\ ALPHA = widget, thalamus, foobar :\ HPPA = boa, nag, python Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ /usr/sbin/restore, /usr/sbin/rrestore Cmnd_Alias KILL = /usr/bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ /usr/local/bin/tcsh, /usr/bin/rsh, \ /usr/local/bin/zsh Cmnd_Alias SU = /usr/bin/su°Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢¥³¥ó¥Ñ¥¤¥ë»þ¤Î¥Ç¥Õ¥©¥ë¥ÈÃͤΤ¤¤¯¤Ä¤«¤ò¾å½ñ¤¤¹¤ë¡£ sudo ¤Ë syslog(3) ¤ò»È¤Ã¤Æ Á´¤Æ¤Î¾ì¹ç¤Ë¤Ä¤¤¤Æ auth facility ¤Ç¥í¥°¤òµÏ¿¤µ¤»¤ë¡£ ¥Õ¥ë¥¿¥¤¥à¤Î¥¹¥¿¥Ã¥Õ¤Ë¤Ï¡¢sudo ¤Î¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¤ëɬÍפò¤Ê¤¯¤¹¡£ ¤Þ¤¿¥æ¡¼¥¶ millert ¤Ï¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ·¤Ê¤¯¤Æ¤è¤¤¤è¤¦¤Ë¤¹¤ë¡£ ¤µ¤é¤Ë Host_Alias
¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡¤Ë (syslog ¤È¤ÏÊ̤Ë) ¥í¡¼¥«¥ë¤Î¥í¥°¥Õ¥¡¥¤¥ë¤òÊݸ¤·¡¢ Ť¤¥í¥°¥¨¥ó¥È¥ê¤ò¿ôǯ¤ËÅϤêÊݸ¤¹¤ë¤¿¤á¤Ë¥í¥°¤Î³Æ¹Ô¤Ëǯ¤òµÏ¿¤¹¤ë¡£
# Override built in defaults Defaults syslog=auth Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=/var/log/sudo.log¥æ¡¼¥¶ÀßÄê¤Ï¡¢Ã¯¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò¼ÂºÝ¤Ë·èÄꤷ¤Æ¤¤¤ëÉôʬ¤Ç¤¢¤ë¡£
root ALL = (ALL) ALL %wheel ALL = (ALL) ALLroot ¤È wheel ¥°¥ë¡¼¥×¤Î¥æ¡¼¥¶¤Ë¡¢ Á´¤Æ¤Î¥æ¡¼¥¶¤È¤·¤Æ¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤¤¤ë¡£
FULLTIMERS ALL = NOPASSWD: ALL¥Õ¥ë¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (millert, mikef, dowdy) ¤Ï¡¢ ¼«Ê¬¼«¿È¤Îǧ¾Ú¤ò¤¹¤ë¤³¤È¤Ê¤¯¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¡£
PARTTIMERS ALL = ALL¥Ñ¡¼¥È¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (bostley, jwfox, crawl) ¤Ï¡¢ Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¤¬¡¢ (¥¨¥ó¥È¥ê¤Ë NOPASSWD
¥¿¥°¤¬¤Ê¤¤¤Î¤Ç) ºÇ½é¤Ë¼«Ê¬¼«¿È¤Îǧ¾Ú¤¬É¬ÍפǤ¢¤ë¡£
jack CSNETS = ALL¥æ¡¼¥¶ jack ¤Ï¡¢CSNETS ¥¨¥¤¥ê¥¢¥¹ (¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.243.0
, 128.138.204.0
, 128.138.242.0
) ¤Ë¤¢¤ë·×»»µ¡¾å¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤³¤ì¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤¦¤Á¡¢ ¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.204.0
¤À¤±¤Ë ¥¯¥é¥¹ C ¥Í¥Ã¥È¥ï¡¼¥¯¤ò¼¨¤¹ÌÀ¼¨Åª¤Ê (CIDR ɽµ¤Î) ¥Í¥Ã¥È¥Þ¥¹¥¯¤¬¤¢¤ë¡£ CSNETS ¤Ë¤¢¤ë¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤Ä¤¤¤Æ¤Ï¡¢ ¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë¥í¡¼¥«¥ë¤Î·×»»µ¡¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬»È¤ï¤ì¤ë¡£
lisa CUNETS = ALL¥æ¡¼¥¶ lisa ¤Ï¡¢CUNETS ¥¨¥¤¥ê¥¢¥¹ (¥¯¥é¥¹ B ¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.0.0
) ¤Ë¤¢¤ë Á´¤Æ¤Î¥Û¥¹¥È¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\ /usr/oper/bin/¥æ¡¼¥¶ operator ¤Ï¡¢ ´Êñ¤Ê¥á¥ó¥Æ¥Ê¥ó¥¹ÍѤΥ³¥Þ¥ó¥É¤Ë¸Â¤Ã¤Æ¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤é¤Ï¥Ç¥£¥ì¥¯¥È¥ê /usr/oper/bin/ ¤Ë¤¢¤ë¥³¥Þ¥ó¥ÉÁ´¤Æ¤Ç¡¢ ¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥×¥í¥»¥¹¤Î kill¡¦°õºþ¥·¥¹¥Æ¥à¡¦¥·¥¹¥Æ¥à¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¡¢ ¤È¤¤¤Ã¤¿¤³¤È¤Ë´ØÏ¢¤·¤¿¤â¤Î¤Ç¤¢¤ë¡£
joe ALL = /usr/bin/su operator¥æ¡¼¥¶ joe ¤Ï¡¢operator ¤Ë¤Ê¤ë¤¿¤á¤Î su(1) ¤·¤«¼Â¹Ô¤Ç¤¤Ê¤¤¡£
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root¥æ¡¼¥¶ pete ¤Ï¡¢HPPA ·×»»µ¡¾å¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£ ¤³¤³¤Ç¤Ï¡¢passwd(1) ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤«¤é Ê£¿ô¤Î¥æ¡¼¥¶Ì¾¤ò¼õ¤±ÉÕ¤±¤Ê¤¤¤³¤È¤ò²¾Äꤷ¤Æ¤¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
bob SPARC = (OP) ALL : SGI = (OP) ALL¥æ¡¼¥¶ bob ¤Ï¡¢SPARC ¤È SGI ·×»»µ¡¾å¤Ç¡¢ Runas_Alias
¤Î OP ¤Ë¥ê¥¹¥È¤µ¤ì¤¿¥æ¡¼¥¶ (root ¤È operator) ¤È¤·¤Æ¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
jim +biglab = ALL¥æ¡¼¥¶ jim ¤Ï¡¢biglab ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë¤¢¤ëÁ´¤Æ¤Î·×»»µ¡¤Ç¡¢ Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ sudo ¤Ï¡¢``biglab'' ¤¬¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ç¤¢¤ë¤³¤È¤ò ¥×¥ì¥Õ¥£¥Ã¥¯¥¹ '+' ¤Ë¤è¤Ã¤ÆÃΤ롣
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmusersecretaries ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢ ¥æ¡¼¥¶¤ÎÄɲᦺï½ü¤À¤±¤Ç¤Ê¤¯¥×¥ê¥ó¥¿´ÉÍý¤ÎÊä½õ¤ò¤¹¤ëɬÍפ¬¤¢¤ë¤Î¤Ç¡¢ ¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÁ´¤Æ¤Î·×»»µ¡¾å¤Ç¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£
fred ALL = (DB) NOPASSWD: ALL¥æ¡¼¥¶ fred ¤Ï¡¢ Runas_Alias
¤Î DB ¤Ë¤¢¤ë¥æ¡¼¥¶ (oracle ¤È sybase) ¤È¤·¤Æ¡¢¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*ALPHA ·×»»µ¡¾å¤Ç¡¢¥æ¡¼¥¶ john ¤Ï¡¢ su ¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤Ê¤ì¤ë¡£ ¤·¤«¤· su(1) ¤Ë¥Õ¥é¥°¤ò»ØÄꤹ¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£
jen ALL, !SERVERS = ALL
¥æ¡¼¥¶ jen ¤Ï¡¢ Host_Alias
¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡ (master, mail, www, ns) °Ê³°¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£
jill SERVERS = /usr/bin/, !SU, !SHELLSHost_Alias
¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡¤Ç¡¢ jill ¤Ï /usr/bin ¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ëÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤¿¤À¤·¡¢ Cmnd_Aliases
¤Î SU ¤È SHELLS ¤Ë°¤·¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤Ï½ü¤¯¡£
steve CSNETS = (operator) /usr/local/op_commands/¥æ¡¼¥¶ steve ¤Ï¡¢¥Ç¥£¥ì¥¯¥È¥ê /usr/local/op_commands/ ¤Ë¤¢¤ë Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£¤¿¤À¤·¡¢¥æ¡¼¥¶ operator ¤È¤·¤Æ¤Î¤ß¼Â¹Ô¤Ç¤¤ë¡£
matt valkyrie = KILLmatt ¤Ï¡¢Èà¤Î¸Ä¿Í¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó valkyrie ¤Ç¡¢ ¥Ï¥ó¥°¤·¤¿¥×¥í¥»¥¹¤ò kill ¤Ç¤¤ëɬÍפ¬¤¢¤ë¡£
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www¥Û¥¹¥È www ¤Ç¡¢ User_Alias
¤Î WEBMASTERS ¤Ë¤¢¤ë¥æ¡¼¥¶ (will, wendy, wim) ¤Ï¡¢(web ¥Ú¡¼¥¸¤ò½êͤ·¤Æ¤¤¤ë) ¥æ¡¼¥¶ www ¤È¤·¤Æ Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤Þ¤¿¡¢Ã±¤Ë su(1) ¤Ç www ¤Ë¤Ê¤ì¤ë¡£
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROMÁ´¤Æ¤Î¥æ¡¼¥¶¤Ï¡¢ Host_Alias
¤Î CD-ROM ¤Ë¤¢¤ë·×»»µ¡ (orion, perseus, hercules) ¤Ç ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç CD-ROM ¤Î¥Þ¥¦¥ó¥È¤È¥¢¥ó¥Þ¥¦¥ó¥È¤¬¤Ç¤¤ë¡£ ¤³¤Î¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤¬ÆþÎϤ¹¤ë¤Î¤ÏŤ¯¤ÆÂçÊѤʤΤǡ¢ ¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤Ë½ñ¤¤¤Æ¥«¥×¥»¥ë²½¤·¤Æ¤·¤Þ¤¦Êý¤¬¤è¤¤¡£
¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ
'!' ¥ª¥Ú¥ì¡¼¥¿¤ò»È¤Ã¤Æ ALL¤«¤é ¥³¥Þ¥ó¥É¤ò ``º¹¤·°ú¤¯'' ¤³¤È¤Ï¡¢°ìÈ̤Ë͸ú¤Ç¤Ê¤¤¡£ ¥æ¡¼¥¶¤Ï¡¢Íߤ·¤¤¥³¥Þ¥ó¥É¤òÊ̤Ê̾Á°¤Ç¥³¥Ô¡¼¤·¤Æ¼Â¹Ô¤¹¤ì¤Ð¡¢ ¤³¤ì¤ò´Êñ¤Ë²óÈò¤Ç¤¤Æ¤·¤Þ¤¦¡£ Îã¤òµó¤²¤ë¡£
bill ALL = ALL, !SU, !SHELLS¾å¤ÎÎã¤Ç¤Ï¡¢¼ÂºÝ¤Ë¤Ï SU ¤È SHELLS ¤Ë¥ê¥¹¥È¤µ¤ì¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤ò bill ¤Ë¼Â¹Ô¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¡£ ¤Ê¤¼¤Ê¤é¡¢bill ¤Ï¡¢¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÊ̤Ê̾Á°¤Ë¥³¥Ô¡¼¤·¤¿¤ê¡¢ ¥¨¥Ç¥£¥¿¤ä¾¤Î¥³¥Þ¥ó¥É¤Î¥·¥§¥ë¥¨¥¹¥±¡¼¥×¤«¤é»È¤¨¤ë¤«¤é¤Ç¤¢¤ë¡£ ¤è¤Ã¤Æ¡¢¤³¤Î¤è¤¦¤ÊÀ©¸Â¤Ï¡¢¤»¤¤¤¼¤¤Êä½õŪ¤Ê¤â¤Î¤È¹Í¤¨¤ë¤Ù¤¤Ç¤¢¤ë (¤µ¤é¤Ë¥Ý¥ê¥·¡¼¤Ç¶¯²½¤¹¤Ù¤¤Ç¤¢¤ë)¡£
·Ù¹ð
sudoers ¥Õ¥¡¥¤¥ë¤Ï¡¢¾ï¤Ë visudo ¥³¥Þ¥ó¥É¤ÇÊÔ½¸¤¹¤Ù¤¤Ç¤¢¤ë¡£ ¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Õ¥¡¥¤¥ë¤ò¥í¥Ã¥¯¤·¡¢Ê¸Ë¡¥Á¥§¥Ã¥¯¤ò¤¹¤ë¡£ sudo ¤Ï sudoers ¥Õ¥¡¥¤¥ë¤¬Ê¸Ë¡Åª¤Ë´Ö°ã¤Ã¤Æ¤¤¤ë¤È¼Â¹Ô¤Ç¤¤Ê¤¤¤Î¤Ç¡¢ sudoers ¤Ë¤Ï¥¨¥é¡¼¤¬¤Ò¤È¤Ä¤â̵¤¤¤è¤¦¤Ë¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£(¥æ¡¼¥¶¤Î¤Ç¤Ï¤Ê¤¯) ·×»»µ¡¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×¤ò»È¤¦¾ì¹ç¡¢ (¤è¤¯¤¢¤ë¤è¤¦¤Ë) ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë ´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¥Û¥¹¥È̾¤òÆþ¤ì¤ë¾ì¹ç¡¢ ¥Û¥¹¥È̾¤Ï hostname
¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë ´°Á´¤Ê¥É¥á¥¤¥ó̾ÉÕ¤¤Î¤â¤Î¤Ç¤¢¤ëɬÍפ¬¤¢¤ë¡£ ¤Þ¤¿ sudoers ¤Ë fqdn ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ëɬÍפ¬¤¢¤ë¡£
¥Õ¥¡¥¤¥ë
/etc/sudoers 郎²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥È /etc/group ¥í¡¼¥«¥ë¤Î¥°¥ë¡¼¥×¥Õ¥¡¥¤¥ë /etc/netgroup ¥Í¥Ã¥È¥ï¡¼¥¯¥°¥ë¡¼¥×¤Î¥ê¥¹¥È
´ØÏ¢¹àÌÜ
rsh(1), sudo(8), visudo(8), su(1), fnmatch(3).Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre