Rechercher une page de manuel

sudoers

Langue: ja

Autres versions - même langue

1.6.6 (fedora - 25/11/07)

Version: 1.6.6 (openSuse - 09/10/07)

Section: 5 (Format de fichier)

Sommaire

Ì¾Á°
ÀâÌÀ
EBNF ¤Î´ÊÃ±¤Ê¥¬¥¤¥É
¥¨¥¤¥ê¥¢¥¹
¥Ç¥Õ¥©¥ë¥È
¥æ¡¼¥¶ÀßÄê
Runas_Spec
NOPASSWD ¤È PASSWD
¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌÌ¾¡¢¥á¥¿¥¥ã¥é¥¯¥¿):
¥ï¥¤¥ë¥É¥«¡¼¥É¤Îµ¬Â§¤Ë¤ª¤±¤ëÎã³°:
¤½¤ÎÂ¾¤ÎÆÃ¼ìÊ¸»ú¤ÈÍ½Ìó¸ì:
Îã
¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ
·Ù¹ð
¥Õ¥¡¥¤¥ë
´ØÏ¢¹àÌÜ

Ì¾Á°

sudoers - ¤É¤Î¥æ¡¼¥¶¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥È

ÀâÌÀ

sudoers ¥Õ¥¡¥¤¥ë¤Ï¡¢2 ¤Ä¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤«¤é¹½À®¤µ¤ì¤ë¡£ (´ðËÜÅª¤Ë¤ÏÊÑ¿ô¤Ç¤¢¤ë) ¥¨¥¤¥ê¥¢¥¹¤È (Ã¯¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò»ØÄê¤¹¤ë) ¥æ¡¼¥¶»ØÄê¤Ç¤¢¤ë¡£ sudoers ¤ÎÊ¸Ë¡¤Ï¡¢ Extended Backus-Naur Form (EBNF) (³ÈÄ¥¥Ð¥Ã¥«¥¹¡¦¥Ê¥¦¥¢µË¡) ¤òÍÑ¤¤¤¿¤«¤¿¤Á¤Ç°Ê²¼¤Ëµ½Ò¤¹¤ë¡£ EBNF ¤òÃÎ¤é¤Ê¤¯¤Æ¤âÄü¤á¤Ê¤¤¤Ç¤Û¤·¤¤¡£ EBNF ¤Ï³ä¤Ë´ÊÃ±¤À¤·¡¢°Ê²¼¤ÎÄêµÁ¤Ë¤ÏÃí¼á¤ò¤Ä¤±¤Æ¤¢¤ë¡£

EBNF ¤Î´ÊÃ±¤Ê¥¬¥¤¥É

EBNF ¤Ï¸À¸ì¤ÎÊ¸Ë¡¤òµ½Ò¤¹¤ë´ÊÃ±¤Ç¸·Ì©¤ÊÊýË¡¤Ç¤¢¤ë¡£ EBNF ¤Î³ÆÄêµÁ¤Ï¡¢À¸À®µ¬Â§¤«¤é¤Ê¤Ã¤Æ¤¤¤ë¡£




 ¥·¥ó¥Ü¥ë ::= ÄêµÁ | ÊÌ¤ÎÄêµÁ 1 | ÊÌ¤ÎÄêµÁ 2 ...

³ÆÀ¸À®µ¬Â§¤ÏÂ¾¤ÎÀ¸À®µ¬Â§¤ò»²¾È¤¹¤ë¡£ ¤³¤Î¤è¤¦¤Ë¤·¤Æ¸À¸ì¤ÎÊ¸Ë¡¤¬¤Ç¤¤¢¤¬¤ë¡£ EBNF ¤Ï°Ê²¼¤Î¤è¤¦¤Ê¥ª¥Ú¥ì¡¼¥¿¤ò´Þ¤à¡£ ¤³¤ì¤ÏÂ¿¤¯¤Î¿Í¤¬Àµµ¬É½¸½¤Ç¤ªÆëÀ÷¤ß¤À¤í¤¦¡£ ¤·¤«¤·¡¢¤³¤ì¤È¤Ï°Û¤Ê¤ë°ÕÌ£¤ò»ý¤Ã¤¿¡¢ ``¥ï¥¤¥ë¥É¥«¡¼¥É'' Ê¸»ú¤Èº®Æ±¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤ (ÌõÃí: ¸å¼Ô¤Ï¥·¥§¥ë¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¥Ñ¥¿¡¼¥ó¤Î¤³¤È¤À¤í¤¦¡£ regex(7) ¤È glob(7) ¤ò»²¾È¤Î¤³¤È)¡£

?: Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ ¾ÊÎ¬²ÄÇ½¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£ ¤Ä¤Þ¤ê¡¢¥·¥ó¥Ü¥ë¤¬ 1 ¸ÄÅÐ¾ì¤¹¤ë¤«¡¢¤¢¤ë¤¤¤ÏÁ´Á³ÅÐ¾ì¤·¤Ê¤¤¤«¤Ç¤¢¤ë¡£
*: Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 0 ¸Ä°Ê¾åÅÐ¾ì¤¹¤ë¡£
+: Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 1 ¸Ä°Ê¾åÅÐ¾ì¤¹¤ë¡£

¥¨¥¤¥ê¥¢¥¹

User_Alias , Runas_Alias , Host_Alias , Cmnd_Alias ¤È¤¤¤¦ 4 ¼ïÎà¤Î¥¨¥¤¥ê¥¢¥¹¤¬¤¢¤ë¡£




 Alias ::= 'User_Alias'  User_Alias (':' User_Alias)* |

           'Runas_Alias' Runas_Alias (':' Runas_Alias)* |

           'Host_Alias'  Host_Alias (':' Host_Alias)* |

           'Cmnd_Alias'  Cmnd_Alias (':' Cmnd_Alias)*




 User_Alias ::= NAME '=' User_List




 Runas_Alias ::= NAME '=' Runas_List




 Host_Alias ::= NAME '=' Host_List




 Cmnd_Alias ::= NAME '=' Cmnd_List




 NAME ::= [A-Z]([A-Z][0-9]_)*

³Æ¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤Ï¡¢¼¡¤Î·Á¼°¤ò¤È¤ë¡£




 Alias_Type NAME = item1, item2, ...

¤³¤³¤Ç Alias_Type ¤Ï¡¢ User_Alias , Runas_Alias , Host_Alias , Cmnd_Alias ¤Î¤¦¤Á¤Î 1 ¤Ä¤Ç¤¢¤ë¡£ NAME ¤Ï¡¢ÂçÊ¸»ú¡¦¿ô»ú¡¦ ¥¢¥ó¥À¡¼¥¹¥³¥¢Ê¸»ú ('_') ¤«¤é¹½À®¤µ¤ì¤ëÊ¸»úÎó¤Ç¤¢¤ë¡£ NAME ¤ÏÂçÊ¸»ú¤«¤é»Ï¤Þ¤Ã¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥³¥í¥ó (':') ¤Ç¤Ä¤Ê¤²¤ì¤Ð¡¢ Æ±°ì¥¿¥¤¥×¤ÎÊ£¿ô¤Î¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤ò 1 ¹Ô¤ËÃÖ¤¯¤³¤È¤¬¤Ç¤¤ë¡£ Îã¤òµó¤²¤ë¡£




 Alias_Type NAME = item1, item2, item3 : NAME = item4, item5

Â³¤±¤Æ¡¢Í¸ú¤Ê¥¨¥¤¥ê¥¢¥¹¥á¥ó¥Ð¤ò¹½À®¤¹¤ëÍ×ÁÇ¤ÎÄêµÁ¤òµ½Ò¤¹¤ë¡£




 User_List ::= User |

               User ',' User_List




 User ::= '!'* username |

          '!'* '%'group |

          '!'* '+'netgroup |

          '!'* User_Alias

User_List ¤Ë¤Ï¡¢¥æ¡¼¥¶Ì¾¡¦¥æ¡¼¥¶ ID ('#' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ¥·¥¹¥Æ¥à¥°¥ë¡¼¥× ('%' ¤òÁ°¤ËÉÕ¤±¤ë) ¡¦ ¥Í¥Ã¥È¥°¥ë¡¼¥× ('+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ÊÌ¤Î¥¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£ ¥ê¥¹¥È¤Î³Æ¥¢¥¤¥Æ¥à¤ÎÁ°¤Ë¤Ï¡¢1 ¸Ä°Ê¾å¤Î '!' ¥ª¥Ú¥ì¡¼¥¿¤òÃÖ¤¤¤Æ¤â¤è¤¤¡£ ´ñ¿ô¸Ä¤Î '!' ¥ª¥Ú¥ì¡¼¥¿¤Ï¥¢¥¤¥Æ¥à¤ÎÃÍ¤òÌµ¸ú¤Ë¤¹¤ë¡£ ¶ö¿ô¸Ä¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¡¢¸ß¤¤¤ËÁê»¦¤µ¤ì¤ë¤À¤±¤Ç¤¢¤ë¡£




 Runas_List ::= Runas_User |

                Runas_User ',' Runas_List




 Runas_User ::= '!'* username |

                '!'* '#'uid |

                '!'* '%'group |

                '!'* +netgroup |

                '!'* Runas_Alias

Runas_List ¤Ï User_List ¤È»÷¤Æ¤¤¤ë¤¬¡¢ ('#' ¤òÁ°¤ËÉÕ¤±¤¿) uid ¤ò´Þ¤á¤ë¤³¤È¤â¤Ç¤¤ë¡£ ¤Þ¤¿ User_Alias es ¤Ç¤Ï¤Ê¤¯¡¢ Runas_Alias es ¤ò´Þ¤á¤ë¤³¤È¤¬¤Ç¤¤ë¡£




 Host_List ::= Host |

               Host ',' Host_List




 Host ::= '!'* hostname |

          '!'* ip_addr |

          '!'* network(/netmask)? |

          '!'* '+'netgroup |

          '!'* Host_Alias

Host_List ¤Ë¤Ï¡¢¥Û¥¹¥ÈÌ¾¡¦IP ¥¢¥É¥ì¥¹¡¦ ¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¡¦¥Í¥Ã¥È¥°¥ë¡¼¥× ('+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ¤½¤ÎÂ¾¤Î¥¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£ ¤³¤³¤Ç¤â¡¢¥¢¥¤¥Æ¥à¤ÎÃÍ¤Ï '!' ¥ª¥Ú¥ì¡¼¥¿¤Ë¤è¤Ã¤ÆÌµ¸ú¤Ë¤µ¤ì¤ë¡£ ¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¤Ë¥Í¥Ã¥È¥Þ¥¹¥¯¤ò»ØÄê¤·¤Ê¤¤¾ì¹ç¡¢ ¥Û¥¹¥È¤Î¥¤¡¼¥µ¥Í¥Ã¥È¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬ ¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë»È¤ï¤ì¤ë¡£ ¥Í¥Ã¥È¥Þ¥¹¥¯¤Ï¡¢¥É¥Ã¥È¤Ç 4 ¤Ä¤Ë¶èÀÚ¤Ã¤¿É½µ (Îã¤¨¤Ð 255.255.255.0) ¤È CIDR É½µ (¥Ó¥Ã¥È¤Î¿ô¡¢Îã¤¨¤Ð 24) ¤Î¤É¤Á¤é¤Ç»ØÄê¤·¤Æ¤â¤è¤¤¡£ ¥Û¥¹¥ÈÌ¾¤Ë¤Ï¡¢¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É (°Ê²¼¤Î¡Ö¥ï¥¤¥ë¥É¥«¡¼¥É¡×¤Î¥»¥¯¥·¥ç¥ó¤ò»²¾È) ¤ò»È¤Ã¤Æ¤â¤è¤¤¡£ ¤¿¤À¤·¡¢·×»»µ¡¤Î hostname ¥³¥Þ¥ó¥É¤¬ ´°Á´¤Ê¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î¥Û¥¹¥ÈÌ¾¤òÊÖ¤µ¤Ê¤¤¾ì¹ç¤Ë ¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¨¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢ fqdn ¥ª¥×¥·¥ç¥ó¤ò»ØÄê¤¹¤ëÉ¬Í×¤¬¤¢¤ë¤À¤í¤¦¡£




 Cmnd_List ::= Cmnd |

               Cmnd ',' Cmnd_List




 commandname ::= filename |

                 filename args |

                 filename '""'




 Cmnd ::= '!'* commandname |

          '!'* directory |

          '!'* Cmnd_Alias

Cmnd ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È´ØÏ¢¤Å¤±¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ Cmnd ¤ÎÃæ¤Î°ú¤¿ô¤Ï¡¢ ¥æ¡¼¥¶¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄê¤·¤¿°ú¤¿ô¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ (¥ï¥¤¥ë¥É¥«¡¼¥É¤¬¤¢¤Ã¤¿¾ì¹ç¤Ï¡¢¤½¤ì¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤)¡£ ',', ':', '=', '\' ¤È¤¤¤¦Ê¸»ú¤ò ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È¤·¤Æ»È¤¦¾ì¹ç¡¢ '\' ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

¥Ç¥Õ¥©¥ë¥È




 Default_Type ::= 'Defaults' ||

                  'Defaults' ':' User ||

                  'Defaults' '@' Host




 Default_Entry ::= Default_Type Parameter_List




 Parameter ::= Parameter '=' Value ||

               Parameter '+=' Value ||

               Parameter '-=' Value ||

               '!'* Parameter ||

Parameter ¤Ï ¥Õ¥é¥°¡¦À°¿ô¡¦ Ê¸»úÎó¡¦¥ê¥¹¥È¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ë¡£ ¥Õ¥é¥°¤Ï¼Â¤Ï¿¿µ¶ÃÍ¤Ç¤¢¤ê¡¢'!' ¥ª¥Ú¥ì¡¼¥¿¤Ç off ¤Ë¤Ç¤¤ë¡£ À°¿ô¡¦Ê¸»úÎó¡¦¥ê¥¹¥È¤Î¥Ñ¥é¥á¡¼¥¿¤Î¤Ê¤«¤Ë¤â¿¿µ¶ÃÍ¤Î°ÕÌ£¤Ç»È¤¨¤ë¤â¤Î¤¬¤¢¤ê¡¢ ¤½¤ì¤é¤ÏÌµ¸ú¤Ë¤Ç¤¤ë¡£ ÃÍ¤ËÊ£¿ô¤Î¥ï¡¼¥É¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ï¡¢ ¥À¥Ö¥ë¥¯¥ª¡¼¥È ( " ) ¤Ç°Ï¤Þ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ÆÃ¼ìÊ¸»ú¤Ï¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ( \ ) ¤Ç ¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

¥ê¥¹¥È¤Ë¤Ï¤½¤ÎÂ¾¤Ë 2 ¤Ä¤ÎÂåÆþ¥ª¥Ú¥ì¡¼¥¿ += ¤È -= ¤¬¤¢¤ë¡£ ¤³¤ì¤é¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¤½¤ì¤¾¤ì¥ê¥¹¥È¤ÎÄÉ²Ã¤Èºï½ü¤ò¹Ô¤¦¡£ -= ¥ª¥Ú¥ì¡¼¥¿¤ò»È¤Ã¤Æ ¥ê¥¹¥È¤ËÂ¸ºß¤·¤Ê¤¤Í×ÁÇ¤òºï½ü¤¹¤ë¤È¥¨¥é¡¼¤Ë¤Ê¤ë¡£

sudoers ¥Õ¥¡¥¤¥ë¤ò½ç½øÀµ¤·¤¯²òÀÏ¤µ¤»¤ë¤¿¤á¡¢ ¥Ç¥Õ¥©¥ë¥È¥»¥¯¥·¥ç¥ó¤Ï Host, User, Cmnd ¥¨¥¤¥ê¥¢¥¹¤è¤êÁ°¤Ç ¥æ¡¼¥¶»ØÄê¤è¤ê¸å¤Ë¤¹¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

¥Õ¥é¥°:

long_otp_prompt: (S/Key ¤ä OPIE ¤Ê¤É¤Î) ¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍÑ¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¤³¤Î¥ª¥×¥·¥ç¥ó¤¬Í¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢ ¥í¡¼¥«¥ë¤Ê¥¦¥¤¥ó¥É¥¦¤ËÆþÎÏ¤·¤¿¥Ñ¥¹¥ï¡¼¥É¤ò ´ÊÃ±¤Ë¥«¥Ã¥È¡õ¥Ú¡¼¥¹¥È¤Ç¤¤ë¤è¤¦¤Ë¡¢2 ¹Ô¤Î¥×¥í¥ó¥×¥È¤¬»È¤ï¤ì¤ë¡£ ¤³¤ì¤ò¥Ç¥Õ¥©¥ë¥È¤Ë¤¹¤ë¤Î¤ÏÎÉ¤¯¤Ê¤¤¤¬¡¢ÊØÍø¤À¤È¸À¤¦¿Í¤â¤¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
ignore_dot: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢´Ä¶ÊÑ¿ô PATH ¤Ë¤¢¤ë (¥«¥ì¥ó¥È¥Ç¥£¥ì¥¯¥È¥ê¤òÉ½¤¹) '.' ¤È '' ¤¬Ìµ»ë¤µ¤ì¤ë¡£ PATH ¤½¤Î¤â¤Î¤ÏÊÑ¹¹¤µ¤ì¤Ê¤¤¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_always: ¥æ¡¼¥¶¤¬ sudo ¤ò¼Â¹Ô¤¹¤ëÅÙ¤Ë¡¢mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_badpass: sudo ¤ò¼Â¹Ô¤·¤¿¥æ¡¼¥¶¤¬Àµ¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤Ê¤«¤Ã¤¿¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_no_user: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Ë¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
mail_no_host: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ sudoers ¥Õ¥¡¥¤¥ë¤ËÂ¸ºß¤¹¤ë¤¬¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_no_perms: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ sudo ¤ò»È¤¦¤³¤È¤Ïµö²Ä¤µ¤ì¤Æ¤¤¤ë¤¬¡¢ ¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¥³¥Þ¥ó¥É¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Î¥¨¥ó¥È¥ê¤Ë¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
tty_tickets: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï tty Ëè¤ËÇ§¾Ú¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ÄÌ¾ï¡¢sudo ¤Ï¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë ¼Â¹Ô¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤ÈÆ±¤¸Ì¾Á°¤Î¥Ç¥£¥ì¥¯¥È¥ê¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤¬ on ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢sudo ¤Ï ¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë ¥æ¡¼¥¶¤¬¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë tty ¤ËÂÐ±þ¤·¤¿¥Õ¥¡¥¤¥ëÌ¾¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
lecture: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ½é¤á¤Æ sudo ¤ò¼Â¹Ô¤·¤¿¤È¤¡¢¥æ¡¼¥¶¤ÏÃ»¤¤¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¼è¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
authenticate: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É (¤â¤·¤¯¤Ï¡¢ÊÌ¤ÎÇ§¾ÚÊýË¡) ¤Ç¼«Ê¬¼«¿È¤ËÂÐ¤·¤Æ Ç§¾Ú¤ò¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤³¤Î¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï PASSWD ¥¿¥°¤È NOPASSWD ¥¿¥°¤ò»È¤Ã¤ÆÊÑ¹¹¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
root_sudo: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢root ¤â sudo ¤¬¼Â¹Ô¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤ò off ¤Ë¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ "sudo sudo /bin/sh" ¤Î¤è¤¦¤Ë¤·¤Æ root ¤Î¥·¥§¥ë¤òÆþ¼ê¤·¤è¤¦¤È ``Ä©Àï¤¹¤ë'' ¤³¤È¤¬ËÉ»ß¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
log_host: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥Û¥¹¥ÈÌ¾¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
log_year: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ 4 ·å¤ÎÇ¯¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
shell_noargs: ¤³¤Î¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë sudo ¤¬°ú¤¿ô¤Ê¤·¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢ -s ¥Õ¥é¥°¤¬Í¿¤¨¤é¤ì¤¿¾ì¹ç¤ÈÆ±ÍÍ¤ËÆ°ºî¤¹¤ë¡£ ¤Ä¤Þ¤ê¡¢sudo ¤Ï¥·¥§¥ë¤ò root ¤È¤·¤Æ¼Â¹Ô¤¹¤ë (´Ä¶ÊÑ¿ô SHELL ¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¥·¥§¥ë¤Ï¤½¤Î´Ä¶ÊÑ¿ô¤Ç·èÄê¤µ¤ì¤ë¡£ ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î /etc/passwd ¤Î¥¨¥ó¥È¥ê¤Ë¤¢¤ë¥·¥§¥ë¤ò»È¤¦)¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
set_home: ¤³¤Î¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë sudo ¤¬ -s ¥Õ¥é¥°¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢ ´Ä¶ÊÑ¿ô HOME ¤¬ÂÐ¾Ý¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄê¤µ¤ì¤ë (¤³¤Î¾ì¹ç¤ÎÂÐ¾Ý¥æ¡¼¥¶¤Ï¡¢-u ¥ª¥×¥·¥ç¥ó¤Ç»ØÄê¤µ¤ì¤Ê¤¤¸Â¤ê root ¤Ç¤¢¤ë)¡£ ¤³¤Î¥Õ¥é¥°¤Ï¡¢-s ¥Õ¥é¥°¤¬»È¤ï¤ì¤¿¾ì¹ç¤Ë -H ¤ò°ÅÌÛ¤Î¤¦¤Á¤ËÍ¸ú¤Ë¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
always_set_home: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï´Ä¶ÊÑ¿ô HOME ¤ò ÂÐ¾Ý¥æ¡¼¥¶ (-u ¥ª¥×¥·¥ç¥ó¤ò»È¤ï¤Ê¤¤¸Â¤ê¤Ï root) ¤Î ¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄê¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï -H ¤ò°ÅÌÛ¤Î¤¦¤Á¤ËÍ¸ú¤Ë¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
path_info: ÄÌ¾ï sudo ¤Ï¥³¥Þ¥ó¥É¤¬ PATH ´Ä¶ÊÑ¿ô¤Ë¸«¤Ä¤«¤é¤Ê¤¤¾ì¹ç¥æ¡¼¥¶¤Ë¹ðÃÎ¤¹¤ë¡£ ÄÌ¾ï¤Î¥æ¡¼¥¶¤¬¡¢¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¤¼Â¹Ô¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤Ë´Ø¤¹¤ë ¾ðÊó¤ò¼ý½¸¤Ç¤¤Ê¤¤¤è¤¦¤Ë¡¢ ¥µ¥¤¥È¤Ë¤è¤Ã¤Æ¤Ï¤³¤Î¹ðÃÎ¤ò¥æ¡¼¥¶¤Ë¹Ô¤ï¤Ê¤¤¤è¤¦¤Ë¤·¤¿¤¤¤³¤È¤¬¤¢¤ë¤«¤â¤·¤ì¤Ê¤¤¡£ ¤·¤«¤·¹ðÃÎ¤ò¹Ô¤ï¤Ê¤¤¤È¡¢ Ã±¤Ë¼Â¹Ô¥Õ¥¡¥¤¥ë¤¬¥æ¡¼¥¶¤Î PATH ¤Ë¤Ê¤¤¤À¤±¤Î¾ì¹ç¤Ç¤â¡¢ sudo ¤Ï¥æ¡¼¥¶¤Ë¡Ö¼Â¹Ôµö²Ä¤¬¤Ê¤¤¡×¤ÈÅÁ¤¨¤Æ¤·¤Þ¤¤¡¢ Ê¶¤é¤ï¤·¤¯¤Ê¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
preserve_groups: ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢sudo ¤Ï¥°¥ë¡¼¥×¥Ù¥¯¥È¥ë¤ò ÂÐ¾Ý¥æ¡¼¥¶¤¬½êÂ°¤¹¤ë¥°¥ë¡¼¥×¤Î¥ê¥¹¥È¤Ç½é´ü²½¤¹¤ë¡£ preserve_groups ¤¬ÀßÄê¤µ¤ì¤¿¾ì¹ç¡¢ ¥æ¡¼¥¶¤¬´û¤Ë»ý¤Ã¤Æ¤¤¤ë¥°¥ë¡¼¥×¥Ù¥¯¥È¥ë¤ÏÊÑ¹¹¤µ¤ì¤Ê¤¤¡£ ¤À¤À¤·¼Â¥°¥ë¡¼¥× ID ¤È¼Â¸ú¥°¥ë¡¼¥× ID ¤Ï¡¢ ÂÐ¾Ý¥æ¡¼¥¶¤Ë¥Þ¥Ã¥Á¤¹¤ë¤è¤¦¤ËÀßÄê¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
fqdn: sudoers ¥Õ¥¡¥¤¥ë¤Ë´°Á´¤Ê¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î¥Û¥¹¥ÈÌ¾¤òÆþ¤ì¤¿¤¤¾ì¹ç¤Ï¡¢ ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¡£ ¤¹¤Ê¤ï¤Á myhost ¤Ç¤Ï¤Ê¤¯ myhost.mydomain.edu ¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ç¤¢¤ë¡£ ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤·¤Æ¤â¡¢»È¤¤¤¿¤±¤ì¤ÐÃ»¤¤·Á¼°¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë (Ã»¤¤·Á¼°¤È´°Á´¤Ê·Á¼°¤òº®¤¼¤Æ»È¤¦¤³¤È¤â¤Ç¤¤ë)¡£ fqdn ¤ò on ¤Ë¤¹¤ë¤È¡¢sudo ¤Ï DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤¬É¬Í×¤Ë¤Ê¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤ò¤¹¤ë¤È¡¢ DNS ¤¬²ÔÆ¯¤·¤Æ¤¤¤Ê¤¤¤È¤ (·×»»µ¡¤¬¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀÜÂ³¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ê¤É) sudo ¤Ï°ÂÁ´¤Ç¤Ê¤¯¤Ê¤ë¡£ DNS ¤Ë¤¢¤ë¥Û¥¹¥È¤ÎÀµ¼°¤ÊÌ¾Á°¤ò»È¤ï¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤Ë¤âÃí°Õ¤¹¤ë¤³¤È¡£ ¤Ä¤Þ¤ê¡¢¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤ÎÌäÂê¤È DNS ¤«¤éÁ´¤Æ¤Î¥¨¥¤¥ê¥¢¥¹¤ò¼èÆÀ¤Ç¤¤Ê¤¤¤È¤¤¤¦ÌäÂê¤«¤é¡¢ ¥Û¥¹¥ÈÌ¾¤Î¥¨¥¤¥ê¥¢¥¹ ( CNAME ¥¨¥ó¥È¥ê) ¤ò»È¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£ ( hostname ¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë) ·×»»µ¡¤Î¥Û¥¹¥ÈÌ¾¤¬ ´û¤Ë¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î´°Á´¤Ê¤â¤Î¤Ç¤¢¤ë¾ì¹ç¡¢ fqdn ¤òÀßÄê¤¹¤ë¤Ù¤¤Ç¤Ï¤Ê¤¤¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
insults: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤¿¥æ¡¼¥¶¤òÉî¿«¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
requiretty: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ real tty ¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¤È¤¤Î¤ß sudo ¤¬¼Â¹Ô¤Ç¤¤ë¡£ rsh(1) ¤Ï tty ¤ò³ÎÊÝ¤·¤Ê¤¤¤Î¤Ç¡¢ "rsh somehost sudo ls" ¤È¤¤¤Ã¤¿¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¯¤Ê¤ë¡£ tty ¤¬¤Ê¤¤¤È¥¨¥³¡¼¤¬¾Ã¤»¤Ê¤¤¤Î¤Ç¡¢ ÆþÎÏ»þ¤Ë¥Ñ¥¹¥ï¡¼¥É¤¬¸½¤ì¤Æ¤·¤Þ¤¦¤Î¤òËÉ»ß¤¹¤ë¤¿¤á¤Ë¡¢ ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤·¤¿¤¤¤È»×¤¦¥µ¥¤¥È¤â¤¢¤ë¤À¤í¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
env_editor: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢visudo ¤Ï ¥Ç¥Õ¥©¥ë¥È¤Î¥¨¥Ç¥£¥¿¥ê¥¹¥È¤ò»È¤¦Á°¤Ë¡¢ ´Ä¶ÊÑ¿ô EDITOR ¤È VISUAL ¤ÎÃÍ¤ò»È¤¦¡£ ¥æ¡¼¥¶¤Ï¥í¥°¤ËµÏ¿¤µ¤ì¤ë¤³¤È¤Ê¤¯ Ç¤°Õ¤Î¥³¥Þ¥ó¥É¤ò root ¤È¤·¤Æ¼Â¹Ô¤Ç¤¤Æ¤·¤Þ¤¦¤Î¤Ç¡¢ ¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤òºî¤Ã¤Æ¤·¤Þ¤¦¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ °ÂÁ´¤ÊÂåÂØ°Æ¤È¤·¤Æ¤Ï¡¢ ¥³¥ó¥Þ¤Ç¶èÀÚ¤Ã¤¿¥¨¥Ç¥£¥¿¤Î¥ê¥¹¥È¤ò editor ÊÑ¿ô¤ËÀßÄê¤¹¤ë¤³¤È¤Ç¤¢¤ë¡£ ¤½¤¦¤¹¤ë¤Èvisudo ¤Ï¡¢ editor ¤Ë»ØÄê¤µ¤ì¤¿ÃÍ¤Ë EDITOR ¤Þ¤¿¤Ï VISUAL ¤¬¥Þ¥Ã¥Á¤¹¤ë¤È¤¤Ë¤Î¤ß¡¢ ¤½¤Î´Ä¶ÊÑ¿ô¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
rootpw: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
runaspw: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ runas_default ¥ª¥×¥·¥ç¥ó¤ÇÄêµÁ¤µ¤ì¤¿¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï root ) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
targetpw: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ -u ¥Õ¥é¥°¤Ç»ØÄê¤µ¤ì¤¿¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï root ) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
set_logname: ÄÌ¾ï sudo ¤Ï´Ä¶ÊÑ¿ô LOGNAME ¤È USER ¤òÂÐ¾Ý¥æ¡¼¥¶ (-u ¥Õ¥é¥°¤Ç»ØÄê¤µ¤ì¤Ê¤¤¤±¤ì¤Ð¤Õ¤Ä¤¦¤Ï root) ¤ÎÌ¾Á°¤ËÀßÄê¤¹¤ë¡£ ¤·¤«¤·¡¢¼ÂºÝ¤Î¥æ¡¼¥¶¤Î¼±ÊÌ¤Ë LOGNAME ¤ò»È¤¦¥×¥í¥°¥é¥à (RCS revision control system ¤Ê¤É¤¬´Þ¤Þ¤ì¤ë) ¤¬¤¢¤ë¤Î¤Ç¡¢ ¤³¤ÎµóÆ°¤òÊÑ¹¹¤·¤¿¤¤¤³¤È¤â¤¢¤ë¡£ ¤³¤ì¤Ë¤Ï set_logname ¥ª¥×¥·¥ç¥ó¤ò off ¤Ë¤¹¤ì¤Ð¤è¤¤¡£
stay_setuid: ÄÌ¾ï sudo ¤¬¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¡¢ ¼Â UID ¤È¼Â¹Ô UID ¤ÏÂÐ¾Ý¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ï root) ¤ËÀßÄê¤µ¤ì¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¼Â UID ¤ò µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î UID ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤è¤¦¤ËÆ°ºî¤òÊÑ¹¹¤¹¤ë¡£ ¸À¤¤´¹¤¨¤ë¤È¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï sudo ¤ò setuid ¥é¥Ã¥Ñ¡¼¤È¤·¤Æ Æ°ºî¤µ¤»¤ë¤È¤¤¤¦¤³¤È¤Ç¤¢¤ë¡£ ¤³¤ì¤Ï¥×¥í¥°¥é¥à¤¬ setuid ¤µ¤ì¤Æ¼Â¹Ô¤µ¤ì¤ë¤È¤¤Î ÀøºßÅª¤Ë´í¸±¤Êµ¡Ç½¤òÌµ¸ú¤Ë¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤ÇÌòÎ©¤Ä¡£ ¤¿¤À¤· sudo ¤Ïµ¯Æ°¤·¤¿¥æ¡¼¥¶¡¼¤Î¼Â UID ¤Ç¼Â¹Ô¤µ¤ì¤ë¤Î¤Ç¡¢ OS ¤Ë¤ª¤±¤ë¥·¥°¥Ê¥ë¤È setuid ¥×¥í¥»¥¹¤ÎÁê¸ßºîÍÑ¤ÎÄêµÁ¤Ë¤è¤Ã¤Æ¤Ï¡¢ sudo ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¤¬ kill ¤Ç¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
env_reset: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï°Ê²¼¤ÎÊÑ¿ô¤Î¤ß¤ò´Þ¤à¤è¤¦¤Ë ´Ä¶¤ò¥ê¥»¥Ã¥È¤¹¤ë: HOME , LOGNAME , PATH , SHELL , TERM , USER ( SUDO_* °Ê³°¤Ë)¡£ ¤³¤ì¤é¤Î¤¦¤Á¤Ç TERM ¤À¤±¤¬ °ÊÁ°¤Î´Ä¶¤«¤é¥³¥Ô¡¼¤µ¤ì¤ë¡£ Â¾¤ÎÊÑ¿ô¤Ï¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤ËÀßÄê¤µ¤ì¤ë (set_logname ¥ª¥×¥·¥ç¥ó¤ÎÃÍ¤ÇÊÑ¹¹²ÄÇ½)¡£ sudo ¤¬ SECURE_PATH ¥ª¥×¥·¥ç¥ó¤òÉÕ¤±¤Æ ¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¤½¤ÎÃÍ¤Ï´Ä¶ÊÑ¿ô PATH ¤Ë»È¤ï¤ì¤ë¡£ Â¾¤ÎÊÑ¿ô¤Ï env_keep ¥ª¥×¥·¥ç¥ó¤ÇÊÝÂ¸¤¹¤ë¤³¤È¤â¤Ç¤¤ë¡£
use_loginclass: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï¡¢ ÂÐ¾Ý¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó¥¯¥é¥¹¤¬¤¢¤ì¤Ð¡¢¤½¤ì¤Ë»ØÄê¤µ¤ì¤¿¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤òÅ¬ÍÑ¤¹¤ë¡£ sudo ¤Î (¥³¥ó¥Ñ¥¤¥ë»þ¤Ë) --with-logincap ¥ª¥×¥·¥ç¥ó¤¬ ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ß¡¢Í¸ú¤Ç¤¢¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£

À°¿ô:

passwd_tries: sudo ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤·¤Æ½ªÎ»¤¹¤ë¤Þ¤Ç¤Ë¡¢ ¥æ¡¼¥¶¤¬¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤Ç¤¤ë²ó¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 3 ¡£

¿¿µ¶ÃÍ¤È¤·¤Æ¤â»ÈÍÑ¤µ¤ì¤ëÀ°¿ô:

loglinelen: ¥Õ¥¡¥¤¥ë¥í¥°¤Î 1 ¹ÔÅö¤¿¤ê¤ÎÊ¸»ú¿ô¡£ ¤³¤ÎÃÍ¤Ï¡¢¥í¥°¥Õ¥¡¥¤¥ë¤ò¸«¤ä¤¹¤¯¤¹¤ë¤¿¤á¤Ë¡¢ ¹Ô¤ò²¿·å¤ÇÀÞ¤êÊÖ¤¹¤«¤ò·èÄê¤¹¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ syslog ¥Õ¥¡¥¤¥ë¤Ë¤Ï²¿¤â±Æ¶Á¤»¤º¡¢¥Õ¥¡¥¤¥ë¥í¥°¤À¤±¤Ë±Æ¶Á¤¹¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 80 (ÀÞ¤êÊÖ¤·¤ò¤·¤Ê¤¤¾ì¹ç¤Ï 0 ¤ò»ØÄê¤¹¤ë)¡£
timestamp_timeout: sudo ¤¬ºÆÅÙ¥Ñ¥¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤Þ¤Ç¤Ë·Ð²á¤¹¤ëÊ¬¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5 ¡£ ¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤µ¤»¤ë¤Ë¤Ï 0 ¤ËÀßÄê¤¹¤ë¡£ 0 ¤è¤ê¾®¤µ¤¤ÃÍ¤ËÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ï¼º¸ú¤·¤Ê¤¤¡£ ¤³¤ì¤Ï¥æ¡¼¥¶¤¬¼«¿È¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤ÎºîÀ®¡¦ºï½ü¤ò sudo -v ¤ä sudo -k ¤Ç²ÄÇ½¤Ë¤¹¤ë¤¿¤á¤Ë»È¤¦¡£
passwd_timeout: sudo ¤Î¥Ñ¥¹¥ï¡¼¥ÉÍ×µá¤¬»þ´ÖÀÚ¤ì¤Ë¤Ê¤ë¤Þ¤Ç¤ÎÊ¬¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5 ¡£ ¥Ñ¥¹¥ï¡¼¥ÉÍ×µá¤Î»þ´ÖÀÚ¤ì¤ò¤Ê¤¯¤¹¤Ë¤Ï 0 ¤ËÀßÄê¤¹¤ë¡£
umask: ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤Î umask¡£ ¥æ¡¼¥¶¤Î umask ¤ò¾å½ñ¤¤·¤Ê¤¤¤¿¤á¤Ë¤Ï¡¢ ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÌµ¸ú¤Ë¤¹¤ë¤« 0777 ¤ËÀßÄê¤¹¤ë¤³¤È¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 0022 ¡£

Ê¸»úÎó:

mailsub: mailto ¥æ¡¼¥¶¤ËÁ÷¤é¤ì¤ë¥á¡¼¥ë¤Î Subject (ÂêÌ¾)¡£ ¥¨¥¹¥±¡¼¥× %h ¤Ï·×»»µ¡¤Î¥Û¥¹¥ÈÌ¾¤ËÅ¸³«¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï *** SECURITY information for %h *** ¡£
badpass_message: ¥æ¡¼¥¶¤¬ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤¿¾ì¹ç¤ËÉ½¼¨¤µ¤ì¤ë¥á¥Ã¥»¡¼¥¸¡£ insults ¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¸Â¤ê¡¢ ¥Ç¥Õ¥©¥ë¥È¤Ï Sorry, try again. ¡£
timestampdir: sudo ¤¬¥¿¥¤¥à¥¹¥¿¥ó¥×¥Õ¥¡¥¤¥ë¤òÃÖ¤¯¥Ç¥£¥ì¥¯¥È¥ê¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï /var/run/sudo¡£
passprompt: ¥Ñ¥¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤È¤¤Ë»È¤ï¤ì¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥×¥í¥ó¥×¥È¡£ -p ¥ª¥×¥·¥ç¥ó¤ä´Ä¶ÊÑ¿ô SUDO_PROMPT ¤ò»È¤Ã¤ÆÊÑ¹¹¤Ç¤¤ë¡£ 2 ¤Ä¤Î¥¨¥¹¥±¡¼¥×¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£ ``%u'' ¤Ï¥æ¡¼¥¶¤Î¥í¥°¥¤¥óÌ¾¤ËÅ¸³«¤µ¤ì¡¢ ``%h'' ¤Ï¥í¡¼¥«¥ë¥Û¥¹¥ÈÌ¾¤ËÅ¸³«¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï Password: ¡£
runas_default: -u ¥Õ¥é¥°¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë¡¢ ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥æ¡¼¥¶¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï root ¡£
syslog_goodpri: ¥æ¡¼¥¶¤¬Ç§¾Ú¤ËÀ®¸ù¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤Î priority¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï notice ¡£
syslog_badpri: ¥æ¡¼¥¶¤¬Ç§¾Ú¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤Î priority¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï alert ¡£
editor: visudo ¤Ç»ÈÍÑ²ÄÇ½¤Ê¥¨¥Ç¥£¥¿¤Î¥ê¥¹¥È¡£ ¥ê¥¹¥È¤Ï¥³¥í¥ó (':') ¤Ç¶èÀÚ¤ë¡£ visudo ¤Ï¥æ¡¼¥¶¡¼¤Î USER ´Ä¶ÊÑ¿ô¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢ ¤½¤ì¤Ë¥Þ¥Ã¥Á¤¹¤ë¥¨¥Ç¥£¥¿¤òÁªÂò¤¹¤ë¡£ ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢¥ê¥¹¥È¤ÎºÇ½é¤Ë½ñ¤«¤ì¤Æ¤¤¤ë ¥¨¥Ç¥£¥¿¤¬Â¸ºß¤·¤Æ¼Â¹Ô²ÄÇ½¤Ç¤¢¤ì¤Ð¡¢¤½¤ì¤òÁªÂò¤¹¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï¥·¥¹¥Æ¥à¾å¤Î vi ¤Î¥Ñ¥¹¡£

¿¿µ¶ÃÍ¤È¤·¤Æ¤â»ÈÍÑ¤µ¤ì¤ëÊ¸»úÎó:

logfile

(syslog ¥í¥°¥Õ¥¡¥¤¥ë¤Ç¤Ï¤Ê¤¯) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤Ø¤Î¥Ñ¥¹¡£ ¥Ñ¥¹¤òÀßÄê¤¹¤ë¤È¡¢¤½¤Î¥Õ¥¡¥¤¥ë¤Ø¥í¥°¤¬µÏ¿¤µ¤ì¤ë¡£ ÀßÄê¤·¤Ê¤±¤ì¤Ð¡¢µÏ¿¤µ¤ì¤Ê¤¤¡£

syslog

¥í¥°¤ÎµÏ¿¤Ë syslog ¤¬»È¤ï¤ì¤Æ¤¤¤ë¾ì¹ç¤Î syslog ¤Î facility (syslog ¤Ë¤è¤ë¥í¥°¤ÎµÏ¿¤ò¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄê¤·¤Ê¤¤¤³¤È)¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï local2 ¡£

mailerpath

mailerflags

mailto

·Ù¹ð¥á¡¼¥ë¤È¥¨¥é¡¼¥á¡¼¥ë¤òÁ÷¤ë¥¢¥É¥ì¥¹¡£ ¥¢¥É¥ì¥¹¤Ï¡¢sudo ¤¬ @ µ¹æ¤ò²ò¼á¤·¤Ê¤¤¤è¤¦¤Ë¡¢ ¥À¥Ö¥ë¥¯¥©¡¼¥È ( " ) ¤Ç³ç¤é¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï root ¡£

exempt_group

¤³¤Î¥°¥ë¡¼¥×¤ËÂ°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤È PATH ¤¬É¬Í×¤Ê¤¤¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¡£

verifypw

¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ sudo ¤ò -v ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢ ¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬Í×¤È¤µ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃÍ¤Î¤¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£

all: ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
any: ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥Õ¥é¥°¤¬ ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
never: ¥æ¡¼¥¶¤Ï¡¢-v ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÉ¬Í×¤È¤·¤Ê¤¤¡£
always: ¥æ¡¼¥¶¤Ï¡¢-v ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `all' ¤Ç¤¢¤ë¡£

listpw

¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ sudo ¤ò -l ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢ ¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬Í×¤È¤µ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃÍ¤Î¤¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£

all: ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
any: ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î sudoers ¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£
never: ¥æ¡¼¥¶¤Ï¡¢-l ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÉ¬Í×¤È¤·¤Ê¤¤¡£
always: ¥æ¡¼¥¶¤Ï¡¢-l ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `any' ¤Ç¤¢¤ë¡£

¿¿µ¶ÃÍ¤È¤·¤Æ¤â»ÈÍÑ¤µ¤ì¤ë¥ê¥¹¥È:

env_check: ÊÑ¿ô¤ÎÃÍ¤Ë % Ê¸»ú¤Þ¤¿¤Ï / Ê¸»ú¤ò ´Þ¤ó¤Ç¤¤¤ë¾ì¹ç¤Ë¡¢¥æ¡¼¥¶¡¼¤Î´Ä¶¤«¤éºï½ü¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£ ¤³¤ì¤ÏÎÉ¤¯¹Í¤¨¤º¤Ë½ñ¤«¤ì¤¿¥×¥í¥°¥é¥à¤Ë¤ª¤±¤ë printf ·Á¼°¤ÎÀÈ¼åÀ¤òËÉ¤°¤¿¤á¤Ë¤¢¤ë¡£ °ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢ ¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃÍ¤Ç¤¢¤ë¡£ ¥ê¥¹¥È¤ÎÃÖ´¹¡¦ÄÉ²Ã¡¦ºï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì = , += , -= , ! ¥ª¥Ú¥ì¡¼¥¿¤Ç½ÐÍè¤ë¡£ ¥Á¥§¥Ã¥¯¤µ¤ì¤ë´Ä¶ÊÑ¿ô¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥ê¥¹¥È¤Ï¡¢ sudo ¤Ë -V ¤ò¤Ä¤±¤Æ¼Â¹Ô¤¹¤ë¤ÈÉ½¼¨¤µ¤ì¤ë¡£
env_delete: ¥æ¡¼¥¶¡¼¤Î´Ä¶¤«¤éºï½ü¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£ °ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢ ¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃÍ¤Ç¤¢¤ë¡£ ¥ê¥¹¥È¤ÎÃÖ´¹¡¦ÄÉ²Ã¡¦ºï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì = , += , -= , ! ¥ª¥Ú¥ì¡¼¥¿¤Ç½ÐÍè¤ë¡£ ¥Á¥§¥Ã¥¯¤µ¤ì¤ë´Ä¶ÊÑ¿ô¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥ê¥¹¥È¤Ï¡¢ sudo ¤Ë -V ¤ò¤Ä¤±¤Æ¼Â¹Ô¤¹¤ë¤ÈÉ½¼¨¤µ¤ì¤ë¡£
env_keep: env_reset ¥ª¥×¥·¥ç¥ó¤¬¼Â¹Ô¤µ¤ì¤ë¤È¤¤Ë¡¢ ¥æ¡¼¥¶¡¼¤Î´Ä¶¤ÇÊÝÂ¸¤µ¤ì¤ë´Ä¶ÊÑ¿ô¡£ ¤³¤ì¤Ë¤è¤ê sudo ¤¬µ¯Æ°¤·¤¿¥×¥í¥»¥¹¤¬¼õ¤±¼è¤ë´Ä¶¤òºÙ¤«¤¯À©¸æ¤Ç¤¤ë¡£ °ú¤¿ô¤Ï¥À¥Ö¥ë¥¯¥©¡¼¥Æ¡¼¥·¥ç¥ó¤Ç°Ï¤ó¤À¥¹¥Ú¡¼¥¹¶èÀÚ¤ê¤Î¥ê¥¹¥È¡¢ ¤Þ¤¿¤Ï¥¯¥©¡¼¥È¤·¤Ê¤¤ 1 ¸Ä¤ÎÃÍ¤Ç¤¢¤ë¡£ ¥ê¥¹¥È¤ÎÃÖ´¹¡¦ÄÉ²Ã¡¦ºï½ü¡¦Ìµ¸ú²½¤Ï¡¢¤½¤ì¤¾¤ì = , += , -= , ! ¥ª¥Ú¥ì¡¼¥¿¤Ç½ÐÍè¤ë¡£ ¤³¤Î¥ê¥¹¥È¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï²¿¤â´Þ¤Þ¤Ê¤¤¡£

syslog(3) ¤Ç¥í¥°¤òµÏ¿¤·¤Æ¤¤¤ë¾ì¹ç¡¢ sudo ¤Ï syslog ¤Î facility (syslog ¥Ñ¥é¥á¡¼¥¿¤ÎÃÍ) ¤È¤·¤Æ¡¢ authpriv (OS ¤¬¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾ì¹ç), auth, daemon, user, local0, local1, local2, local3, local4, local5, local6, local7 ¤ò¼õ¤±ÉÕ¤±¤ë¡£ syslog ¤Î priority ¤È¤·¤Æ¤Ï¡¢ alert, crit, debug, emerg, err, info, notice, warning ¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£

¥æ¡¼¥¶ÀßÄê




 User_Spec ::= User_list Host_List '=' Cmnd_Spec_List \

               (':' User_Spec)*




 Cmnd_Spec_List ::= Cmnd_Spec |

                    Cmnd_Spec ',' Cmnd_Spec_List




 Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd




 Runas_Spec ::= '(' Runas_List ')'

¥æ¡¼¥¶ÀßÄê¤ò¹½À®Í×ÁÇ¤´¤È¤ËÊ¬¤±¤Æ¤ß¤ë¡£

Runas_Spec

Runas_Spec ¤ÏÃ±¤Ë (¾å¤ÇÄêµÁ¤·¤¿) Runas_List ¤ò³ç¸Ì¤Ç³ç¤Ã¤¿¤â¤Î¤Ç¤¢¤ë¡£ ¥æ¡¼¥¶ÀßÄê¤Ç Runas_Spec ¤ò»ØÄê¤·¤Ê¤¤¤È¡¢ root ¤Î¥Ç¥Õ¥©¥ë¥È¤Î Runas_Spec ¤¬»È¤ï¤ì¤ë¡£ Runas_Spec ¤Ï¡¢¤½¤Î¸å¤ËÂ³¤¯¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤òÀßÄê¤¹¤ë¡£ ¤Ä¤Þ¤ê:




 dgb    boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who

¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤¬¤¢¤ë¾ì¹ç¡¢ ¥æ¡¼¥¶ dgb ¤Ï¡¢/bin/ls, /bin/kill, /usr/bin/lprm ¤ò ¼Â¹Ô¤Ç¤¤ë¡£--- ¤¿¤À¤· operator ¤È¤·¤Æ¤Î¤ß¡£Îã¤¨¤Ð:




    sudo -u operator /bin/ls.




 dgb    boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm

¤Î¤è¤¦¤Ë½¤Àµ¤¹¤ë¤È¡¢ ¥æ¡¼¥¶ dgb ¤Ï /bin/ls ¤ò operator ¤È¤·¤Æ¡¢ ¤Þ¤¿ /bin/kill ¤È /usr/bin/lprm ¤ò root ¤È¤·¤Æ ¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤ë¡£

NOPASSWD ¤È PASSWD

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢sudo ¤Ï ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¼«¿È¤ÎÇ§¾Ú¤òÉ¬Í×¤È¤¹¤ë¡£ ¤³¤ÎÆ°ºî¤Ï NOPASSWD ¥¿¥°¤ÇÊÑ¹¹¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ Runas_Spec ¤ÈÆ±ÍÍ¤Ë¡¢ NOPASSWD ¥¿¥°¤Ï ¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤ò¤½¤Î¸å¤ËÂ³¤¯ Cmnd_Spec_List ¤ËÀßÄê¤¹¤ë¡£ µÕ¤Ë PASSWD ¤Ï¤³¤ì¤ò¸µ¤ËÌá¤¹¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ Îã¤¨¤Ð:




 ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

¤È¤¹¤ë¤È¡¢¥æ¡¼¥¶ ray ¤ÏÈà¼«¿È¤Ø¤ÎÇ§¾Ú¤Ê¤·¤Ç ·×»»µ¡ rushmore ¤Î root ¤È¤·¤Æ /bin/kill, /bin/ls, /usr/bin/lprm ¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ray ¤Ë /bin/kill ¤À¤±¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤·¤¿¤¤¾ì¹ç¡¢¥¨¥ó¥È¥ê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ë¡£




 ray    rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm

¤¿¤À¤·¡¢ PASSWD ¥¿¥°¤Ï exempt_group ¥ª¥×¥·¥ç¥ó¤Ç »ØÄê¤µ¤ì¤¿¥°¥ë¡¼¥×¤ËÂ°¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ë¤Ï¸ú²Ì¤¬¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¸½ºß¤Î¥Û¥¹¥È¾å¤Î¤¢¤ë¥æ¡¼¥¶¤Î¤É¤ì¤«¤Î¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥¿¥°¤¬Å¬ÍÑ¤µ¤ì¤Æ¤¤¤ì¤Ð¡¢ ¤½¤Î¥æ¡¼¥¶¤Ï sudo -l ¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£ ¤µ¤é¤Ë¡¢¤¢¤ë¥æ¡¼¥¶¤Î¸½ºß¤Î¥Û¥¹¥È¤Ë´ØÏ¢¤¹¤ëÁ´¤Æ¤Î¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥¿¥°¤¬¤¢¤ë¾ì¹ç¤Ë¸Â¤ê¡¢ ¤½¤Î¥æ¡¼¥¶¤Ï sudo -v ¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£ ¤³¤ÎÆ°ºî¤Ï verifypw ¤È listpw ¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤ÆÊÑ¹¹¤Ç¤¤ë¡£

¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌÌ¾¡¢¥á¥¿¥¥ã¥é¥¯¥¿):

sudo ¤Ï sudoers ¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ¡¢ ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ä¥Ñ¥¹Ì¾¤ËÂÐ¤·¤Æ ¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¥ï¥¤¥ë¥É¥«¡¼¥É¤Î¥Þ¥Ã¥Á¥ó¥°¤Ï¡¢ POSIX ¤Î fnmatch(3) ¥ë¡¼¥Á¥ó¤ò»È¤Ã¤Æ¹Ô¤ï¤ì¤ë¡£ Àµµ¬É½¸½¤Ç¤Ï¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

*: Ç¤°Õ¤Î 0 ¸Ä°Ê¾å¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
?: Ç¤°Õ¤Î 1 ¸Ä¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
[...]: »ØÄê¤·¤¿ÈÏ°Ï¤Ë¤¢¤ëÇ¤°Õ¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
[!...]: »ØÄê¤·¤¿ÈÏ°Ï¤Ë¤Ê¤¤Ç¤°Õ¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
\x: ``x'' ¤ÇÉ¾²Á¤µ¤ì¤ëÇ¤°Õ¤ÎÊ¸»ú ``x''¡£ ¤³¤ì¤Ï¡¢``*'', ``?'', ``['', ``}'' ¤Î¤è¤¦¤Ê ¥¨¥¹¥±¡¼¥×Ê¸»ú¤ËÂÐ¤·¤Æ»È¤ï¤ì¤ë¡£




    /usr/bin/*

¤Î¤è¤¦¤Ê¥Ñ¥¹¤ò¡¢ /usr/bin/who ¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¡¢ /usr/bin/X11/xterm ¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£

¥ï¥¤¥ë¥É¥«¡¼¥É¤Îµ¬Â§¤Ë¤ª¤±¤ëÎã³°:

¾å¤Îµ¬Â§¤ËÂÐ¤·¤Æ¡¢¼¡¤ÎÎã³°¤¬Å¬ÍÑ¤µ¤ì¤ë¡£

``'': ¶õ¤ÎÊ¸»úÎó "" ¤¬ sudoers ¥¨¥ó¥È¥ê¤Î Í£°ì¤Î¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤Ç¤¢¤ë¾ì¹ç¡¢ ¡Ö¥³¥Þ¥ó¥É¤Ë°ú¤¿ô¤ò¤Ä¤±¤¿¤È¤¤Ï¡¢¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¤¡× ¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤¹¤ë¡£

¤½¤ÎÂ¾¤ÎÆÃ¼ìÊ¸»ú¤ÈÍ½Ìó¸ì:

Í½Ìó¸ì ALL ¤ÏÁÈ¹þ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤Ç¡¢ ¾ï¤Ë¥Þ¥Ã¥Á¤òÀ®¸ù¤µ¤»¤ë¡£ ¤³¤ÎÍ½Ìó¸ì¤Ï¤É¤³¤Ç¤â»È¤¨¤ë¡£ ¤³¤ì¤ò»È¤¤¤¿¤¯¤Ê¤¤¾ì¹ç¤Ï¡¢ Cmnd_Alias , User_Alias , Runas_Alias , Host_Alias ¤ò»È¤¦¤³¤È¡£ ALL ¤È¤¤¤¦ ¥¨¥¤¥ê¥¢¥¹ ¤ò¼«Ê¬¤ÇÄêµÁ¤·¤è¤¦¤È¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£ ÁÈ¹þ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤¬Í¥Àè¤µ¤ì¤ë¤«¤é¤Ç¤¢¤ë¡£ ALL ¤ò»È¤¦¤È´í¸±¤Ë¤Ê¤ë²ÄÇ½À¤¬¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤Ê¤¼¤Ê¤é¡¢¤³¤ì¤ò¥³¥Þ¥ó¥É¤Î»ØÄê¤Ç»È¤¦¤È¡¢ ¥æ¡¼¥¶¤Ï¥·¥¹¥Æ¥à¾å¤ÎÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤«¤é¤Ç¤¢¤ë¡£

´¶Ã²Éä ('!') ¤Ï¡¢¥¨¥¤¥ê¥¢¥¹¤ÎÃæ¤È Cmnd ¤ÎÁ°¤Ç¡¢ ÏÀÍý³Ø¤Î not ¥ª¥Ú¥ì¡¼¥¿¤È¤·¤Æ»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤Ë¤è¤ê¡¢¤¢¤ëÃÍ¤òÇÓ½ü¤Ç¤¤ë¡£ ¤·¤«¤· ! ¤ò ÁÈ¹þ¤ß¤Î ALL ¥¨¥¤¥ê¥¢¥¹¤ÈÁÈ¤ß¹ç¤ï¤»¤Æ¡¢ ¥æ¡¼¥¶¤¬ ``Á´¤Æ¤Ç¤Ï¤Ê¤¯°ìÉô¤Î'' ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë ¤·¤è¤¦¤È¤·¤Æ¤â¡¢°Õ¿Þ¤·¤¿¤è¤¦¤ËÆ°ºî¤¹¤ë¤³¤È¤Ïµ©¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È (°Ê²¼¤Î¡Ö¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ¡×¤ò»²¾È)¡£

¥ê¥¹¥È¤Ë¤ª¤±¤ë¹½À®Í×ÁÇ´Ö¤Î¶õÇò¤ä¡¢ ¥æ¡¼¥¶ÀßÄê¤Ë¤ª¤±¤ëÆÃ¼ì¤Ê¹½Ê¸Ê¸»ú ('=', ':', '(', ')') ¤Ï¡¢¤Ê¤¯¤Æ¤â¤è¤¤¡£

'@', '!', '=', ':', ',', '(', ')', '\' ¤È¤¤¤¦Ê¸»ú¤ò¥ï¡¼¥É (Îã¤¨¤Ð¡¢¥æ¡¼¥¶Ì¾¤ä¥Û¥¹¥ÈÌ¾) ¤Î°ìÉô¤È¤·¤Æ»È¤¦¾ì¹ç¤Ï¡¢ ¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ('\') ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

Îã

°Ê²¼¤Ï sudoers ¥¨¥ó¥È¥ê¤ÎÎã¤Ç¤¢¤ë¡£ ÀµÄ¾¤Ê¤È¤³¤í¡¢¤¤¤¯¤Ä¤«¤Ï¾¯¤·¤ï¤¶¤È¤é¤·¤¤¡£ »Ï¤á¤Ë¥¨¥¤¥ê¥¢¥¹¤òÄêµÁ¤¹¤ë¡£




 # User alias specification

 User_Alias     FULLTIMERS = millert, mikef, dowdy

 User_Alias     PARTTIMERS = bostley, jwfox, crawl

 User_Alias     WEBMASTERS = will, wendy, wim




 # Runas alias specification

 Runas_Alias    OP = root, operator

 Runas_Alias    DB = oracle, sybase




 # Host alias specification

 Host_Alias     SPARC = bigtime, eclipse, moet, anchor :\

                SGI = grolsch, dandelion, black :\

                ALPHA = widget, thalamus, foobar :\

                HPPA = boa, nag, python

 Host_Alias     CUNETS = 128.138.0.0/255.255.0.0

 Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0

 Host_Alias     SERVERS = master, mail, www, ns

 Host_Alias     CDROM = orion, perseus, hercules




 # Cmnd alias specification

 Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\

                        /usr/sbin/restore, /usr/sbin/rrestore

 Cmnd_Alias     KILL = /usr/bin/kill

 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm

 Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown

 Cmnd_Alias     HALT = /usr/sbin/halt, /usr/sbin/fasthalt

 Cmnd_Alias     REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot

 Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \

                         /usr/local/bin/tcsh, /usr/bin/rsh, \

                         /usr/local/bin/zsh

 Cmnd_Alias     SU = /usr/bin/su

°Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢¥³¥ó¥Ñ¥¤¥ë»þ¤Î¥Ç¥Õ¥©¥ë¥ÈÃÍ¤Î¤¤¤¯¤Ä¤«¤ò¾å½ñ¤¤¹¤ë¡£ sudo ¤Ë syslog(3) ¤ò»È¤Ã¤Æ Á´¤Æ¤Î¾ì¹ç¤Ë¤Ä¤¤¤Æ auth facility ¤Ç¥í¥°¤òµÏ¿¤µ¤»¤ë¡£ ¥Õ¥ë¥¿¥¤¥à¤Î¥¹¥¿¥Ã¥Õ¤Ë¤Ï¡¢sudo ¤Î¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¤ëÉ¬Í×¤ò¤Ê¤¯¤¹¡£ ¤Þ¤¿¥æ¡¼¥¶ millert ¤Ï¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤Ê¤¯¤Æ¤è¤¤¤è¤¦¤Ë¤¹¤ë¡£ ¤µ¤é¤Ë Host_Alias ¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡¤Ë (syslog ¤È¤ÏÊÌ¤Ë) ¥í¡¼¥«¥ë¤Î¥í¥°¥Õ¥¡¥¤¥ë¤òÊÝÂ¸¤·¡¢ Ä¹¤¤¥í¥°¥¨¥ó¥È¥ê¤ò¿ôÇ¯¤ËÅÏ¤êÊÝÂ¸¤¹¤ë¤¿¤á¤Ë¥í¥°¤Î³Æ¹Ô¤ËÇ¯¤òµÏ¿¤¹¤ë¡£




 # Override built in defaults

 Defaults               syslog=auth

 Defaults:FULLTIMERS    !lecture

 Defaults:millert       !authenticate

 Defaults@SERVERS       log_year, logfile=/var/log/sudo.log




 root           ALL = (ALL) ALL

 %wheel         ALL = (ALL) ALL

root ¤È wheel ¥°¥ë¡¼¥×¤Î¥æ¡¼¥¶¤Ë¡¢ Á´¤Æ¤Î¥æ¡¼¥¶¤È¤·¤Æ¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤¤¤ë¡£




 FULLTIMERS     ALL = NOPASSWD: ALL

¥Õ¥ë¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (millert, mikef, dowdy) ¤Ï¡¢ ¼«Ê¬¼«¿È¤ÎÇ§¾Ú¤ò¤¹¤ë¤³¤È¤Ê¤¯¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¡£




 PARTTIMERS     ALL = ALL

¥Ñ¡¼¥È¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (bostley, jwfox, crawl) ¤Ï¡¢ Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¤¬¡¢ (¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥¿¥°¤¬¤Ê¤¤¤Î¤Ç) ºÇ½é¤Ë¼«Ê¬¼«¿È¤ÎÇ§¾Ú¤¬É¬Í×¤Ç¤¢¤ë¡£




 jack           CSNETS = ALL

¥æ¡¼¥¶ jack ¤Ï¡¢CSNETS ¥¨¥¤¥ê¥¢¥¹ (¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.243.0 , 128.138.204.0 , 128.138.242.0 ) ¤Ë¤¢¤ë·×»»µ¡¾å¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤³¤ì¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤¦¤Á¡¢ ¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.204.0 ¤À¤±¤Ë ¥¯¥é¥¹ C ¥Í¥Ã¥È¥ï¡¼¥¯¤ò¼¨¤¹ÌÀ¼¨Åª¤Ê (CIDR É½µ¤Î) ¥Í¥Ã¥È¥Þ¥¹¥¯¤¬¤¢¤ë¡£ CSNETS ¤Ë¤¢¤ëÂ¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤Ä¤¤¤Æ¤Ï¡¢ ¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë¥í¡¼¥«¥ë¤Î·×»»µ¡¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬»È¤ï¤ì¤ë¡£




 lisa           CUNETS = ALL

¥æ¡¼¥¶ lisa ¤Ï¡¢CUNETS ¥¨¥¤¥ê¥¢¥¹ (¥¯¥é¥¹ B ¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.0.0 ) ¤Ë¤¢¤ë Á´¤Æ¤Î¥Û¥¹¥È¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£




 operator       ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\

                /usr/oper/bin/

¥æ¡¼¥¶ operator ¤Ï¡¢ ´ÊÃ±¤Ê¥á¥ó¥Æ¥Ê¥ó¥¹ÍÑ¤Î¥³¥Þ¥ó¥É¤Ë¸Â¤Ã¤Æ¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤é¤Ï¥Ç¥£¥ì¥¯¥È¥ê /usr/oper/bin/ ¤Ë¤¢¤ë¥³¥Þ¥ó¥ÉÁ´¤Æ¤Ç¡¢ ¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥×¥í¥»¥¹¤Î kill¡¦°õºþ¥·¥¹¥Æ¥à¡¦¥·¥¹¥Æ¥à¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¡¢ ¤È¤¤¤Ã¤¿¤³¤È¤Ë´ØÏ¢¤·¤¿¤â¤Î¤Ç¤¢¤ë¡£




 joe            ALL = /usr/bin/su operator

¥æ¡¼¥¶ joe ¤Ï¡¢operator ¤Ë¤Ê¤ë¤¿¤á¤Î su(1) ¤·¤«¼Â¹Ô¤Ç¤¤Ê¤¤¡£




 pete           HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

¥æ¡¼¥¶ pete ¤Ï¡¢HPPA ·×»»µ¡¾å¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤òÊÑ¹¹¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£ ¤³¤³¤Ç¤Ï¡¢passwd(1) ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤«¤é Ê£¿ô¤Î¥æ¡¼¥¶Ì¾¤ò¼õ¤±ÉÕ¤±¤Ê¤¤¤³¤È¤ò²¾Äê¤·¤Æ¤¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£




 bob            SPARC = (OP) ALL : SGI = (OP) ALL

¥æ¡¼¥¶ bob ¤Ï¡¢SPARC ¤È SGI ·×»»µ¡¾å¤Ç¡¢ Runas_Alias ¤Î OP ¤Ë¥ê¥¹¥È¤µ¤ì¤¿¥æ¡¼¥¶ (root ¤È operator) ¤È¤·¤Æ¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£




 jim            +biglab = ALL

¥æ¡¼¥¶ jim ¤Ï¡¢biglab ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë¤¢¤ëÁ´¤Æ¤Î·×»»µ¡¤Ç¡¢ Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ sudo ¤Ï¡¢``biglab'' ¤¬¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ç¤¢¤ë¤³¤È¤ò ¥×¥ì¥Õ¥£¥Ã¥¯¥¹ '+' ¤Ë¤è¤Ã¤ÆÃÎ¤ë¡£




 +secretaries   ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser

secretaries ¥Í¥Ã¥È¥°¥ë¡¼¥×¤ËÂ°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢ ¥æ¡¼¥¶¤ÎÄÉ²Ã¡¦ºï½ü¤À¤±¤Ç¤Ê¤¯¥×¥ê¥ó¥¿´ÉÍý¤ÎÊä½õ¤ò¤¹¤ëÉ¬Í×¤¬¤¢¤ë¤Î¤Ç¡¢ ¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÁ´¤Æ¤Î·×»»µ¡¾å¤Ç¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£




 fred           ALL = (DB) NOPASSWD: ALL

¥æ¡¼¥¶ fred ¤Ï¡¢ Runas_Alias ¤Î DB ¤Ë¤¢¤ë¥æ¡¼¥¶ (oracle ¤È sybase) ¤È¤·¤Æ¡¢¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£




 john           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*

ALPHA ·×»»µ¡¾å¤Ç¡¢¥æ¡¼¥¶ john ¤Ï¡¢ su ¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤Ê¤ì¤ë¡£ ¤·¤«¤· su(1) ¤Ë¥Õ¥é¥°¤ò»ØÄê¤¹¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£




 jen            ALL, !SERVERS = ALL

¥æ¡¼¥¶ jen ¤Ï¡¢ Host_Alias ¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡ (master, mail, www, ns) °Ê³°¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£




 jill           SERVERS = /usr/bin/, !SU, !SHELLS

Host_Alias ¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡¤Ç¡¢ jill ¤Ï /usr/bin ¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ëÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤¿¤À¤·¡¢ Cmnd_Aliases ¤Î SU ¤È SHELLS ¤ËÂ°¤·¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤Ï½ü¤¯¡£




 steve          CSNETS = (operator) /usr/local/op_commands/

¥æ¡¼¥¶ steve ¤Ï¡¢¥Ç¥£¥ì¥¯¥È¥ê /usr/local/op_commands/ ¤Ë¤¢¤ë Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£¤¿¤À¤·¡¢¥æ¡¼¥¶ operator ¤È¤·¤Æ¤Î¤ß¼Â¹Ô¤Ç¤¤ë¡£




 matt           valkyrie = KILL

matt ¤Ï¡¢Èà¤Î¸Ä¿Í¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó valkyrie ¤Ç¡¢ ¥Ï¥ó¥°¤·¤¿¥×¥í¥»¥¹¤ò kill ¤Ç¤¤ëÉ¬Í×¤¬¤¢¤ë¡£




 WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www

¥Û¥¹¥È www ¤Ç¡¢ User_Alias ¤Î WEBMASTERS ¤Ë¤¢¤ë¥æ¡¼¥¶ (will, wendy, wim) ¤Ï¡¢(web ¥Ú¡¼¥¸¤ò½êÍ¤·¤Æ¤¤¤ë) ¥æ¡¼¥¶ www ¤È¤·¤Æ Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤Þ¤¿¡¢Ã±¤Ë su(1) ¤Ç www ¤Ë¤Ê¤ì¤ë¡£




 ALL            CDROM = NOPASSWD: /sbin/umount /CDROM,\

                /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM

Á´¤Æ¤Î¥æ¡¼¥¶¤Ï¡¢ Host_Alias ¤Î CD-ROM ¤Ë¤¢¤ë·×»»µ¡ (orion, perseus, hercules) ¤Ç ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç CD-ROM ¤Î¥Þ¥¦¥ó¥È¤È¥¢¥ó¥Þ¥¦¥ó¥È¤¬¤Ç¤¤ë¡£ ¤³¤Î¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤¬ÆþÎÏ¤¹¤ë¤Î¤ÏÄ¹¤¯¤ÆÂçÊÑ¤Ê¤Î¤Ç¡¢ ¥·¥§¥ë¥¹¥¯¥ê¥×¥È¤Ë½ñ¤¤¤Æ¥«¥×¥»¥ë²½¤·¤Æ¤·¤Þ¤¦Êý¤¬¤è¤¤¡£

¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ

'!' ¥ª¥Ú¥ì¡¼¥¿¤ò»È¤Ã¤Æ ALL ¤«¤é ¥³¥Þ¥ó¥É¤ò ``º¹¤·°ú¤¯'' ¤³¤È¤Ï¡¢°ìÈÌ¤ËÍ¸ú¤Ç¤Ê¤¤¡£ ¥æ¡¼¥¶¤Ï¡¢Íß¤·¤¤¥³¥Þ¥ó¥É¤òÊÌ¤ÊÌ¾Á°¤Ç¥³¥Ô¡¼¤·¤Æ¼Â¹Ô¤¹¤ì¤Ð¡¢ ¤³¤ì¤ò´ÊÃ±¤Ë²óÈò¤Ç¤¤Æ¤·¤Þ¤¦¡£ Îã¤òµó¤²¤ë¡£




    bill        ALL = ALL, !SU, !SHELLS

¾å¤ÎÎã¤Ç¤Ï¡¢¼ÂºÝ¤Ë¤Ï SU ¤È SHELLS ¤Ë¥ê¥¹¥È¤µ¤ì¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤ò bill ¤Ë¼Â¹Ô¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¡£ ¤Ê¤¼¤Ê¤é¡¢bill ¤Ï¡¢¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÊÌ¤ÊÌ¾Á°¤Ë¥³¥Ô¡¼¤·¤¿¤ê¡¢ ¥¨¥Ç¥£¥¿¤äÂ¾¤Î¥³¥Þ¥ó¥É¤Î¥·¥§¥ë¥¨¥¹¥±¡¼¥×¤«¤é»È¤¨¤ë¤«¤é¤Ç¤¢¤ë¡£ ¤è¤Ã¤Æ¡¢¤³¤Î¤è¤¦¤ÊÀ©¸Â¤Ï¡¢¤»¤¤¤¼¤¤Êä½õÅª¤Ê¤â¤Î¤È¹Í¤¨¤ë¤Ù¤¤Ç¤¢¤ë (¤µ¤é¤Ë¥Ý¥ê¥·¡¼¤Ç¶¯²½¤¹¤Ù¤¤Ç¤¢¤ë)¡£

·Ù¹ð

sudoers ¥Õ¥¡¥¤¥ë¤Ï¡¢¾ï¤Ë visudo ¥³¥Þ¥ó¥É¤ÇÊÔ½¸¤¹¤Ù¤¤Ç¤¢¤ë¡£ ¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥Õ¥¡¥¤¥ë¤ò¥í¥Ã¥¯¤·¡¢Ê¸Ë¡¥Á¥§¥Ã¥¯¤ò¤¹¤ë¡£ sudo ¤Ï sudoers ¥Õ¥¡¥¤¥ë¤¬Ê¸Ë¡Åª¤Ë´Ö°ã¤Ã¤Æ¤¤¤ë¤È¼Â¹Ô¤Ç¤¤Ê¤¤¤Î¤Ç¡¢ sudoers ¤Ë¤Ï¥¨¥é¡¼¤¬¤Ò¤È¤Ä¤âÌµ¤¤¤è¤¦¤Ë¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

(¥æ¡¼¥¶¤Î¤Ç¤Ï¤Ê¤¯) ·×»»µ¡¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×¤ò»È¤¦¾ì¹ç¡¢ (¤è¤¯¤¢¤ë¤è¤¦¤Ë) ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë ´°Á´¤Ê¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î¥Û¥¹¥ÈÌ¾¤òÆþ¤ì¤ë¾ì¹ç¡¢ ¥Û¥¹¥ÈÌ¾¤Ï hostname ¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë ´°Á´¤Ê¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î¤â¤Î¤Ç¤¢¤ëÉ¬Í×¤¬¤¢¤ë¡£ ¤Þ¤¿ sudoers ¤Ë fqdn ¥ª¥×¥·¥ç¥ó¤ò»ØÄê¤¹¤ëÉ¬Í×¤¬¤¢¤ë¡£

¥Õ¥¡¥¤¥ë




 /etc/sudoers           Ã¯¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥È

 /etc/group             ¥í¡¼¥«¥ë¤Î¥°¥ë¡¼¥×¥Õ¥¡¥¤¥ë

 /etc/netgroup          ¥Í¥Ã¥È¥ï¡¼¥¯¥°¥ë¡¼¥×¤Î¥ê¥¹¥È

´ØÏ¢¹àÌÜ

rsh(1), sudo(8), visudo(8), su(1), fnmatch(3).

Linux Certif

Toute la documentation sur la certification Linux LPI

Rechercher une page de manuel

sudoers

Sommaire

Ì¾Á°

ÀâÌÀ

EBNF ¤Î´ÊÃ±¤Ê¥¬¥¤¥É

¥¨¥¤¥ê¥¢¥¹

¥Ç¥Õ¥©¥ë¥È

¥æ¡¼¥¶ÀßÄê

Runas_Spec

NOPASSWD ¤È PASSWD

¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌÌ¾¡¢¥á¥¿¥¥ã¥é¥¯¥¿):

¥ï¥¤¥ë¥É¥«¡¼¥É¤Îµ¬Â§¤Ë¤ª¤±¤ëÎã³°:

¤½¤ÎÂ¾¤ÎÆÃ¼ìÊ¸»ú¤ÈÍ½Ìó¸ì:

Îã

¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ

·Ù¹ð

¥Õ¥¡¥¤¥ë

´ØÏ¢¹àÌÜ

Découvrir

Apprendre

Linux Certif

Toute la documentation sur la certification Linux LPI

Rechercher une page de manuel

sudoers

Sommaire

Ì¾Á°

ÀâÌÀ

EBNF ¤Î´ÊÃ±¤Ê¥¬¥¤¥É

¥¨¥¤¥ê¥¢¥¹

¥Ç¥Õ¥©¥ë¥È

¥æ¡¼¥¶ÀßÄê

Runas_Spec

NOPASSWD ¤È PASSWD

¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌÌ¾¡¢¥á¥¿¥­¥ã¥é¥¯¥¿):

¥ï¥¤¥ë¥É¥«¡¼¥É¤Îµ¬Â§¤Ë¤ª¤±¤ëÎã³°:

¤½¤ÎÂ¾¤ÎÆÃ¼ìÊ¸»ú¤ÈÍ½Ìó¸ì:

Îã

¥»¥­¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ

·Ù¹ð

¥Õ¥¡¥¤¥ë

´ØÏ¢¹àÌÜ

Découvrir

Apprendre

Partager

¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌÌ¾¡¢¥á¥¿¥¥ã¥é¥¯¥¿):

¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ