Configuration Information
The sudoers
file can be quite
complicated. It is composed of two types of entries: aliases
(basically variables) and user specifications (which specify who
may run what). The installation installs a default configuration
that has no privileges installed for any user.
One example usage is to allow the system administrator to execute
any program without typing a password each time root privileges
are needed. This can be configured as:
# User alias specification
User_Alias ADMIN = YourLoginId
# Allow people in group ADMIN to run all commands without a password
ADMIN ALL = NOPASSWD: ALL
For details, see man
sudoers.
Note
The Sudo developers highly
recommend using the visudo program to edit the
sudoers
file. This will provide
basic sanity checking like syntax parsing and file permission
to avoid some possible mistakes that could lead to a vulnerable
configuration.
If you've built Sudo with
PAM support, issue the following
command as the root
user to
create the PAM configuration
file:
cat > /etc/pam.d/sudo << "EOF"
# Begin /etc/pam.d/sudo
# include the default auth settings
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
# End /etc/pam.d/sudo
EOF
chmod 644 /etc/pam.d/sudo