Home :: International :: Manuals :: Howto :: FAQ :: Man Pages :: Email Login

sudoers

Section: FILE FORMATS (5)
Updated: 1.6.3
Index Return to Main Contents

Ì¾Á°

sudoers - ¤É¤Î¥æ¡¼¥¶¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤Î¥ê¥¹¥È

½ñ¼°

sudoers ¥Õ¥¡¥¤¥ë¤Ï¡¢2 ¤Ä¤Î¥¿¥¤¥×¤Î¥¨¥ó¥È¥ê¤«¤é¹½À®¤µ¤ì¤ë¡£ (´ðËÜÅª¤Ë¤ÏÊÑ¿ô¤Ç¤¢¤ë) ¥¨¥¤¥ê¥¢¥¹¤È (Ã¯¤¬²¿¤ò¼Â¹Ô¤Ç¤¤ë¤«¤ò»ØÄê¤¹¤ë) ¥æ¡¼¥¶»ØÄê¤Ç¤¢¤ë¡£ sudoers ¤ÎÊ¸Ë¡¤Ï¡¢ Extended Backus-Naur Form (EBNF) (³ÈÄ¥¥Ð¥Ã¥«¥¹¡¦¥Ê¥¦¥¢µË¡) ¤òÍÑ¤¤¤¿¤«¤¿¤Á¤Ç°Ê²¼¤Ëµ½Ò¤¹¤ë¡£ EBNF ¤òÃÎ¤é¤Ê¤¯¤Æ¤âÄü¤á¤Ê¤¤¤Ç¤Û¤·¤¤¡£ EBNF ¤Ï³ä¤Ë´ÊÃ±¤À¤·¡¢°Ê²¼¤ÎÄêµÁ¤Ë¤ÏÃí¼á¤ò¤Ä¤±¤Æ¤¢¤ë¡£

EBNF ¤Î´ÊÃ±¤Ê¥¬¥¤¥É

EBNF ¤Ï¸À¸ì¤ÎÊ¸Ë¡¤òµ½Ò¤¹¤ë´ÊÃ±¤Ç¸·Ì©¤ÊÊýË¡¤Ç¤¢¤ë¡£ EBNF ¤Î³ÆÄêµÁ¤Ï¡¢À¸À®µ¬Â§¤«¤é¤Ê¤Ã¤Æ¤¤¤ë¡£

 ¥·¥ó¥Ü¥ë ::= ÄêµÁ | ÊÌ¤ÎÄêµÁ 1 | ÊÌ¤ÎÄêµÁ 2 ...

³ÆÀ¸À®µ¬Â§¤ÏÂ¾¤ÎÀ¸À®µ¬Â§¤ò»²¾È¤¹¤ë¡£ ¤³¤Î¤è¤¦¤Ë¤·¤Æ¸À¸ì¤ÎÊ¸Ë¡¤¬¤Ç¤¤¢¤¬¤ë¡£ EBNF ¤Ï°Ê²¼¤Î¤è¤¦¤Ê¥ª¥Ú¥ì¡¼¥¿¤ò´Þ¤à¡£ ¤³¤ì¤ÏÂ¿¤¯¤Î¿Í¤¬Àµµ¬É½¸½¤Ç¤ªÆëÀ÷¤ß¤À¤í¤¦¡£ ¤·¤«¤·¡¢¤³¤ì¤È¤Ï°Û¤Ê¤ë°ÕÌ£¤ò»ý¤Ã¤¿¡¢ ``¥ï¥¤¥ë¥É¥«¡¼¥É'' Ê¸»ú¤Èº®Æ±¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤ (ÌõÃí: ¸å¼Ô¤Ï¥·¥§¥ë¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¥Ñ¥¿¡¼¥ó¤Î¤³¤È¤À¤í¤¦¡£ regex(7) ¤È glob(7) ¤ò»²¾È¤Î¤³¤È)¡£

?: Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ ¾ÊÎ¬²ÄÇ½¤Ç¤¢¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë¡£ ¤Ä¤Þ¤ê¡¢¥·¥ó¥Ü¥ë¤¬ 1 ¸ÄÅÐ¾ì¤¹¤ë¤«¡¢¤¢¤ë¤¤¤ÏÁ´Á³ÅÐ¾ì¤·¤Ê¤¤¤«¤Ç¤¢¤ë¡£
*: Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 0 ¸Ä°Ê¾åÅÐ¾ì¤Ç¤¤ë¡£
+: Á°¤ËÃÖ¤«¤ì¤¿¥·¥ó¥Ü¥ë (¤Þ¤¿¤Ï¡¢¥·¥ó¥Ü¥ë¤Î¥°¥ë¡¼¥×) ¤¬ 1 ¸Ä°Ê¾åÅÐ¾ì¤¹¤ë¡£

¥¨¥¤¥ê¥¢¥¹

User_Alias, Runas_Alias, Host_Alias, Cmnd_Alias ¤È¤¤¤¦ 4 ¼ïÎà¤Î¥¨¥¤¥ê¥¢¥¹¤¬¤¢¤ë¡£

 Alias ::= 'User_Alias' = User_Alias (':' User_Alias)* |
           'Runas_Alias' = Runas_Alias (':' Runas_Alias)* |
           'Host_Alias' = Host_Alias (':' Host_Alias)* |
           'Cmnd_Alias' = Cmnd_Alias (':' Cmnd_Alias)*

 User_Alias ::= NAME '=' User_List

 Runas_Alias ::= NAME '=' Runas_User_List

 Host_Alias ::= NAME '=' Host_List

 Cmnd_Alias ::= NAME '=' Cmnd_List

 NAME ::= [A-Z]([A-Z][0-9]_)*

³Æ¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤Ï¡¢¼¡¤Î·Á¼°¤ò¤È¤ë¡£

 Alias_Type NAME = item1, item2, ...

¤³¤³¤Ç Alias_Type ¤Ï¡¢User_Alias, Runas_Alias, Host_Alias, Cmnd_Alias ¤Î¤¦¤Á¤Î 1 ¤Ä¤Ç¤¢¤ë¡£ NAME ¤Ï¡¢ÂçÊ¸»ú¡¦¿ô»ú¡¦ ¥¢¥ó¥À¡¼¥¹¥³¥¢Ê¸»ú ('_') ¤«¤é¹½À®¤µ¤ì¤ëÊ¸»úÎó¤Ç¤¢¤ë¡£ NAME ¤ÏÂçÊ¸»ú¤«¤é»Ï¤Þ¤Ã¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥»¥ß¥³¥í¥ó (':') ¤Ç¤Ä¤Ê¤²¤ì¤Ð¡¢ Æ±°ì¥¿¥¤¥×¤ÎÊ£¿ô¤Î¥¨¥¤¥ê¥¢¥¹ÄêµÁ¤ò 1 ¹Ô¤ËÃÖ¤¯¤³¤È¤¬¤Ç¤¤ë¡£ Îã¤òµó¤²¤ë¡£

 Alias_Type NAME = item1, item2, item3 : NAME = item4, item5

Â³¤±¤Æ¡¢Í¸ú¤Ê¥¨¥¤¥ê¥¢¥¹¥á¥ó¥Ð¤ò¹½À®¤¹¤ëÍ×ÁÇ¤ÎÄêµÁ¤òµ½Ò¤¹¤ë¡£

 User_List ::= User |
               User ',' User_List

 User ::= '!'* username |
          '!'* '#'uid |
          '!'* '%'group |
          '!'* '+'netgroup |
          '!'* User_Alias

User_List ¤Ë¤Ï¡¢¥æ¡¼¥¶Ì¾¡¦¥æ¡¼¥¶ ID (`#' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ¥·¥¹¥Æ¥à¥°¥ë¡¼¥× (`%' ¤òÁ°¤ËÉÕ¤±¤ë) ¡¦ ¥Í¥Ã¥È¥°¥ë¡¼¥× (`+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ÊÌ¤Î¥¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£ ¥ê¥¹¥È¤Î³Æ¥¢¥¤¥Æ¥à¤ÎÁ°¤Ë¤Ï¡¢1 ¸Ä°Ê¾å¤Î `!' ¥ª¥Ú¥ì¡¼¥¿¤òÃÖ¤¤¤Æ¤â¤è¤¤¡£ ´ñ¿ô¸Ä¤Î `!' ¥ª¥Ú¥ì¡¼¥¿¤Ï¥¢¥¤¥Æ¥à¤ÎÃÍ¤òÌµ¸ú¤Ë¤¹¤ë¡£ ¶ö¿ô¸Ä¤Î¥ª¥Ú¥ì¡¼¥¿¤Ï¡¢¸ß¤¤¤ËÁê»¦¤µ¤ì¤ë¤À¤±¤Ç¤¢¤ë¡£

 Runas_List ::= Runas_User |
                Runas_User ',' Runas_List

 Runas_User ::= '!'* username |
                '!'* '#'uid |
                '!'* '%'group |
                '!'* +netgroup |
                '!'* Runas_Alias

Æ±ÍÍ¤Ë¡¢Runas_List ¤Ï User_List ¤ÈÆ±¤¸Í×ÁÇ¤ò»ý¤Ä¤³¤È¤¬¤Ç¤¤ë¡£ ¤¿¤À¤·¡¢User_Alias ¤Ç¤Ï¤Ê¤¯ Runas_Alias ¤ò´Þ¤àÅÀ¤¬°Û¤Ê¤ë¡£

 Host_List ::= Host |
               Host ',' Host_List

 Host ::= '!'* hostname |
          '!'* ip_addr |
          '!'* network(/netmask)? |
          '!'* '+'netgroup |
          '!'* Host_Alias

Host_List ¤Ë¤Ï¡¢¥Û¥¹¥ÈÌ¾¡¦IP ¥¢¥É¥ì¥¹¡¦ ¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¡¦¥Í¥Ã¥È¥°¥ë¡¼¥× (`+' ¤òÁ°¤ËÉÕ¤±¤ë)¡¦ ¤½¤ÎÂ¾¤Î¥¨¥¤¥ê¥¢¥¹¡¢¤¬ 1 ¸Ä°Ê¾å´Þ¤Þ¤ì¤ë¡£ ¤³¤³¤Ç¤â¡¢¥¢¥¤¥Æ¥à¤ÎÃÍ¤Ï `!' ¥ª¥Ú¥ì¡¼¥¿¤Ë¤è¤Ã¤ÆÌµ¸ú¤Ë¤µ¤ì¤ë¡£ ¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¤Ë¥Í¥Ã¥È¥Þ¥¹¥¯¤ò»ØÄê¤·¤Ê¤¤¾ì¹ç¡¢ ¥Û¥¹¥È¤Î¥¤¡¼¥µ¥Í¥Ã¥È¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬ ¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë»È¤ï¤ì¤ë¡£ ¥Í¥Ã¥È¥Þ¥¹¥¯¤Ï¡¢¥É¥Ã¥È¤Ç 4 ¤Ä¤Ë¶èÀÚ¤Ã¤¿É½µ (Îã¤¨¤Ð 255.255.255.0) ¤È CIDR É½µ (¥Ó¥Ã¥È¤Î¿ô¡¢Îã¤¨¤Ð 24) ¤Î¤É¤Á¤é¤Ç»ØÄê¤·¤Æ¤â¤è¤¤¡£ ¥Û¥¹¥ÈÌ¾¤Ë¤Ï¡¢¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É (°Ê²¼¤Î `¥ï¥¤¥ë¥É¥«¡¼¥É' ¤Î¥»¥¯¥·¥ç¥ó¤ò»²¾È) ¤ò»È¤Ã¤Æ¤â¤è¤¤¡£ ¤¿¤À¤·¡¢·×»»µ¡¤Î hostname ¥³¥Þ¥ó¥É¤¬ ´°Á´¤Ê¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î¥Û¥¹¥ÈÌ¾¤òÊÖ¤µ¤Ê¤¤¾ì¹ç¤Ë ¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¨¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢ fqdn ¥ª¥×¥·¥ç¥ó¤ò»ØÄê¤¹¤ëÉ¬Í×¤¬¤¢¤ë¤À¤í¤¦¡£

 Cmnd_List ::= Cmnd |
               Cmnd ',' Cmnd_List

 commandname ::= filename |
                 filename args |
                 filename '""'

 Cmnd ::= '!'* commandname |
          '!'* directory |
          '!'* Cmnd_Alias

Cmnd ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È´ØÏ¢¤Å¤±¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ Cmnd ¤ÎÃæ¤Î°ú¤¿ô¤Ï¡¢ ¥æ¡¼¥¶¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄê¤·¤¿°ú¤¿ô¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ (¥ï¥¤¥ë¥É¥«¡¼¥É¤¬¤¢¤Ã¤¿¾ì¹ç¤Ï¡¢¤½¤ì¤È´°Á´¤Ë¥Þ¥Ã¥Á¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤)¡£ /`,', `:', `=', `\' ¤È¤¤¤¦Ê¸»ú¤ò ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤È¤·¤Æ»È¤¦¾ì¹ç¡¢ /`\' ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

¥Ç¥Õ¥©¥ë¥È

 Default_Type ::= 'Defaults' ||
                  'Defaults' ':' User ||
                  'Defaults' '@' Host

 Default_Entry ::= Default_Type Parameter_List

 Parameter ::= Parameter '=' Value ||
               '!'* Parameter ||

Parameter ¤Ï ¥Õ¥é¥°¡¦À°¿ô¡¦Ê¸»úÎó ¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ë¡£ ¥Õ¥é¥°¤Ï¼Â¤Ï¿¿µ¶ÃÍ¤Ç¤¢¤ê¡¢`!' ¥ª¥Ú¥ì¡¼¥¿¤Ç off ¤Ë¤Ç¤¤ë¡£ À°¿ô¤ÈÊ¸»úÎó¥Ñ¥é¥á¡¼¥¿¤Î¤Ê¤«¤Ë¤â¿¿µ¶ÃÍ¤Î°ÕÌ£¤Ç»È¤¨¤ë¤â¤Î¤¬¤¢¤ê¡¢ ¤½¤ì¤é¤ÏÌµ¸ú¤Ë¤Ç¤¤ë¡£ ÃÍ¤ËÊ£¿ô¤Î¥ï¡¼¥É¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¤Ï¡¢ ¥À¥Ö¥ë¥¯¥ª¡¼¥È (") ¤Ç°Ï¤Þ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ÆÃ¼ìÊ¸»ú¤Ï¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å (\) ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

¥Õ¥é¥°:

long_otp_prompt: (S/Key ¤ä OPIE ¤Ê¤É¤Î) ¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍÑ¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¤³¤Î¥ª¥×¥·¥ç¥ó¤¬Í¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢ ¥í¡¼¥«¥ë¤Ê¥¦¥¤¥ó¥É¥¦¤ËÆþÎÏ¤·¤¿¥Ñ¥¹¥ï¡¼¥É¤ò ´ÊÃ±¤Ë¥«¥Ã¥È¡õ¥Ú¡¼¥¹¥È¤Ç¤¤ë¤è¤¦¤Ë¡¢2 ¹Ô¤Î¥×¥í¥ó¥×¥È¤¬»È¤ï¤ì¤ë¡£ ¤³¤ì¤ò¥Ç¥Õ¥©¥ë¥È¤Ë¤¹¤ë¤Î¤ÏÎÉ¤¯¤Ê¤¤¤¬¡¢ÊØÍø¤À¤È¸À¤¦¿Í¤â¤¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
ignore_dot: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢$PATH ¤Ë¤¢¤ë (¥«¥ì¥ó¥È¥Ç¥£¥ì¥¯¥È¥ê¤òÉ½¤¹) `.' ¤È `' ¤¬Ìµ»ë¤µ¤ì¤ë¡£ $PATH ¤½¤Î¤â¤Î¤ÏÊÑ¹¹¤µ¤ì¤Ê¤¤¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_always: ¥æ¡¼¥¶¤¬ sudo ¤ò¼Â¹Ô¤¹¤ëÅÙ¤Ë¡¢mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_no_user: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Ë¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
mail_no_host: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ sudo ¤òµ¯Æ°¤·¤¿¥æ¡¼¥¶¤¬ sudoers ¥Õ¥¡¥¤¥ë¤ËÂ¸ºß¤¹¤ë¤¬¡¢ ¸½ºß¤Î¥Û¥¹¥È¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
mail_no_perms: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ sudo ¤ò»È¤¦¤³¤È¤Ïµö²Ä¤µ¤ì¤Æ¤¤¤ë¤¬¡¢ ¼Â¹Ô¤·¤è¤¦¤È¤·¤¿¥³¥Þ¥ó¥É¤¬ sudoers ¥Õ¥¡¥¤¥ë¤Î¥¨¥ó¥È¥ê¤Ë¤Ê¤¤¾ì¹ç¡¢ mailto ¥æ¡¼¥¶¤Ë¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
tty_tickets: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï tty Ëè¤ËÇ§¾Ú¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ÄÌ¾ï¡¢sudo ¤Ï¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë ¼Â¹Ô¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤ÈÆ±¤¸Ì¾Á°¤Î¥Ç¥£¥ì¥¯¥È¥ê¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤¬ on ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¡¢sudo ¤Ï ¥Á¥±¥Ã¥È¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¤Ë¤¢¤ë ¥æ¡¼¥¶¤¬¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë tty ¤ËÂÐ±þ¤·¤¿¥Õ¥¡¥¤¥ëÌ¾¤ò»È¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
lecture: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ½é¤á¤Æ sudo ¤ò¼Â¹Ô¤·¤¿¤È¤¡¢¥æ¡¼¥¶¤ÏÃ»¤¤¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¼è¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
authenticate: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤Ï¥Ñ¥¹¥ï¡¼¥É (¤â¤·¤¯¤Ï¡¢ÊÌ¤ÎÇ§¾ÚÊýË¡) ¤Ç¼«Ê¬¼«¿È¤ËÂÐ¤·¤Æ Ç§¾Ú¤ò¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¤³¤Î¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï PASSWD ¥¿¥°¤È NOPASSWD ¥¿¥°¤ò»È¤Ã¤ÆÊÑ¹¹¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
root_sudo: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢root ¤â sudo ¤¬¼Â¹Ô¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤ò off ¤Ë¤¹¤ë¤È¡¢¥æ¡¼¥¶¤¬ "sudo sudo /bin/sh" ¤Î¤è¤¦¤Ë¤·¤Æ root ¤Î¥·¥§¥ë¤òÆþ¼ê¤·¤è¤¦¤È ``Ä©Àï¤¹¤ë'' ¤³¤È¤¬ËÉ»ß¤Ç¤¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï on ¤Ç¤¢¤ë¡£
log_host: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥Û¥¹¥ÈÌ¾¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
log_year: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ 4 ·å¤ÎÇ¯¤¬ (syslog ¤Ç¤Ï¤Ê¤¤) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
shell_noargs: ¤³¤Î¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë sudo ¤¬°ú¤¿ô¤Ê¤·¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢ -s ¥Õ¥é¥°¤¬Í¿¤¨¤é¤ì¤¿¾ì¹ç¤ÈÆ±ÍÍ¤ËÆ°ºî¤¹¤ë¡£ ¤Ä¤Þ¤ê¡¢sudo ¤Ï¥·¥§¥ë¤ò root ¤È¤·¤Æ¼Â¹Ô¤¹¤ë (´Ä¶ÊÑ¿ô SHELL ¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¥·¥§¥ë¤Ï¤½¤Î´Ä¶ÊÑ¿ô¤Ç·èÄê¤µ¤ì¤ë¡£ ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î /etc/passwd ¤Î¥¨¥ó¥È¥ê¤Ë¤¢¤ë¥·¥§¥ë¤ò»È¤¦)¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
set_home: ¤³¤Î¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë sudo ¤¬ -s ¥Õ¥é¥°¤Çµ¯Æ°¤µ¤ì¤ë¤È¡¢ ´Ä¶ÊÑ¿ô HOME ¤¬ÂÐ¾Ý¥æ¡¼¥¶¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤ËÀßÄê¤µ¤ì¤ë (¤³¤Î¾ì¹ç¤ÎÂÐ¾Ý¥æ¡¼¥¶¤Ï¡¢-u ¥ª¥×¥·¥ç¥ó¤Ç»ØÄê¤µ¤ì¤Ê¤¤¸Â¤ê root ¤Ç¤¢¤ë)¡£ ¤³¤Î¥Õ¥é¥°¤Ï¡¢-s ¥Õ¥é¥°¤¬»È¤ï¤ì¤¿¾ì¹ç¤Ë -H ¤ò°ÅÌÛ¤Î¤¦¤Á¤ËÍ¸ú¤Ë¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
path_info: ÄÌ¾ï sudo ¤Ï¥³¥Þ¥ó¥É¤¬ $PATH ¤Ë¸«¤Ä¤«¤é¤Ê¤¤¾ì¹ç¥æ¡¼¥¶¤Ë¹ðÃÎ¤¹¤ë¡£ ÄÌ¾ï¤Î¥æ¡¼¥¶¤¬¡¢¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¤¼Â¹Ô¥Õ¥¡¥¤¥ë¤Î¾ì½ê¤Ë´Ø¤¹¤ë ¾ðÊó¤ò¼ý½¸¤Ç¤¤Ê¤¤¤è¤¦¤Ë¡¢ ¥µ¥¤¥È¤Ë¤è¤Ã¤Æ¤Ï¤³¤Î¹ðÃÎ¤ò¥æ¡¼¥¶¤Ë¹Ô¤ï¤Ê¤¤¤è¤¦¤Ë¤·¤¿¤¤¤³¤È¤¬¤¢¤ë¤«¤â¤·¤ì¤Ê¤¤¡£ ¤·¤«¤·¹ðÃÎ¤ò¹Ô¤ï¤Ê¤¤¤È¡¢ Ã±¤Ë¼Â¹Ô¥Õ¥¡¥¤¥ë¤¬¥æ¡¼¥¶¤Î $PATH ¤Ë¤Ê¤¤¤À¤±¤Î¾ì¹ç¤Ç¤â¡¢ sudo ¤Ï¥æ¡¼¥¶¤Ë¡Ö¼Â¹Ôµö²Ä¤¬¤Ê¤¤¡×¤ÈÅÁ¤¨¤Æ¤·¤Þ¤¤¡¢ Ê¶¤é¤ï¤·¤¯¤Ê¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
fqdn: sudoers ¥Õ¥¡¥¤¥ë¤Ë´°Á´¤Ê¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î¥Û¥¹¥ÈÌ¾¤òÆþ¤ì¤¿¤¤¾ì¹ç¤Ï¡¢ ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¡£ ¤¹¤Ê¤ï¤Á myhost ¤Ç¤Ï¤Ê¤¯ myhost.mydomain.edu ¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ç¤¢¤ë¡£ ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤·¤Æ¤â¡¢»È¤¤¤¿¤±¤ì¤ÐÃ»¤¤·Á¼°¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë (Ã»¤¤·Á¼°¤È´°Á´¤Ê·Á¼°¤òº®¤¼¤Æ»È¤¦¤³¤È¤â¤Ç¤¤ë)¡£ fqdn ¤ò on ¤Ë¤¹¤ë¤È¡¢sudo ¤Ï DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤¬É¬Í×¤Ë¤Ê¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ DNS ¤Î¥ë¥Ã¥¯¥¢¥Ã¥×¤ò¤¹¤ë¤È¡¢ DNS ¤¬²ÔÆ¯¤·¤Æ¤¤¤Ê¤¤¤È¤ (·×»»µ¡¤¬¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀÜÂ³¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ê¤É) sudo ¤Ï°ÂÁ´¤Ç¤Ê¤¯¤Ê¤ë¡£ DNS ¤Ë¤¢¤ë¥Û¥¹¥È¤ÎÀµ¼°¤ÊÌ¾Á°¤ò»È¤ï¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ÅÀ¤Ë¤âÃí°Õ¤¹¤ë¤³¤È¡£ ¤Ä¤Þ¤ê¡¢¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤ÎÌäÂê¤È DNS ¤«¤éÁ´¤Æ¤Î¥¨¥¤¥ê¥¢¥¹¤ò¼èÆÀ¤Ç¤¤Ê¤¤¤È¤¤¤¦ÌäÂê¤«¤é¡¢ ¥Û¥¹¥ÈÌ¾¤Î¥¨¥¤¥ê¥¢¥¹ (CNAME ¥¨¥ó¥È¥ê) ¤ò»È¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£ (hostname ¥³¥Þ¥ó¥É¤ÇÊÖ¤µ¤ì¤ë) ·×»»µ¡¤Î¥Û¥¹¥ÈÌ¾¤¬ ´û¤Ë¥É¥á¥¤¥óÌ¾ÉÕ¤¤Î´°Á´¤Ê¤â¤Î¤Ç¤¢¤ë¾ì¹ç¡¢ fqdn ¤òÀßÄê¤¹¤ë¤Ù¤¤Ç¤Ï¤Ê¤¤¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
insults: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤¿¥æ¡¼¥¶¤òÉî¿«¤¹¤ë¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
requiretty: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢ ¥æ¡¼¥¶¤¬ real tty ¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¤È¤¤Î¤ß sudo ¤¬¼Â¹Ô¤Ç¤¤ë¡£ rsh(1) ¤Ï tty ¤ò³ÎÊÝ¤·¤Ê¤¤¤Î¤Ç¡¢ "rsh somehost sudo ls" ¤È¤¤¤Ã¤¿¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¯¤Ê¤ë¡£ tty ¤¬¤Ê¤¤¤È¥¨¥³¡¼¤¬¾Ã¤»¤Ê¤¤¤Î¤Ç¡¢ ÆþÎÏ»þ¤Ë¥Ñ¥¹¥ï¡¼¥É¤¬¸½¤ì¤Æ¤·¤Þ¤¦¤Î¤òËÉ»ß¤¹¤ë¤¿¤á¤Ë¡¢ ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤·¤¿¤¤¤È»×¤¦¥µ¥¤¥È¤â¤¢¤ë¤À¤í¤¦¡£ ¤³¤Î¥Õ¥é¥°¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï off ¤Ç¤¢¤ë¡£
env_editor: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢visudo ¤Ï ¥Ç¥Õ¥©¥ë¥È¤Î¥¨¥Ç¥£¥¿¤È¤·¤Æ´Ä¶ÊÑ¿ô EDITOR ¤È VISUAL ¤ÎÃÍ¤ò»È¤¦¡£ ÂçÉôÊ¬¤Î¥¨¥Ç¥£¥¿¤Ç¤Ï¥æ¡¼¥¶¤¬¥·¥§¥ë (root ¤Î¥·¥§¥ë¤Î¾ì¹ç¤â¤¢¤ê¡¢¥í¥°¤ËµÏ¿¤µ¤ì¤Ê¤¤) ¤ò¼èÆÀ¤Ç¤¤Æ¤·¤Þ¤¦¤Î¤Ç¡¢ ¤³¤ì¤Ï¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤òºî¤Ã¤Æ¤·¤Þ¤¦¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£
rootpw: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤¹¤ë¡£
runaspw: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ runas_default ¥ª¥×¥·¥ç¥ó¤ÇÄêµÁ¤µ¤ì¤¿¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï root) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤¹¤ë¡£
targetpw: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï µ¯Æ°¤·¤¿¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ç¤Ï¤Ê¤¯¡¢ -u ¥Õ¥é¥°¤Ç»ØÄê¤µ¤ì¤¿¥æ¡¼¥¶ (¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï root) ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤¹¤ë¡£
set_logname: ÄÌ¾ï sudo ¤Ï´Ä¶ÊÑ¿ô LOGNAME ¤È USER ¤òÂÐ¾Ý¥æ¡¼¥¶ (-u ¥Õ¥é¥°¤Ç»ØÄê¤µ¤ì¤Ê¤¤¤±¤ì¤Ð¤Õ¤Ä¤¦¤Ï root) ¤ÎÌ¾Á°¤ËÀßÄê¤¹¤ë¡£ ¤·¤«¤·¡¢¼ÂºÝ¤Î¥æ¡¼¥¶¤Î¼±ÊÌ¤Ë LOGNAME ¤ò»È¤¦¥×¥í¥°¥é¥à (RCS revision control system ¤Ê¤É¤¬´Þ¤Þ¤ì¤ë) ¤¬¤¢¤ë¤Î¤Ç¡¢ ¤³¤ÎµóÆ°¤òÊÑ¹¹¤·¤¿¤¤¤³¤È¤â¤¢¤ë¡£ ¤³¤ì¤Ë¤Ï set_logname ¤ò off ¤Ë¤¹¤ì¤Ð¤è¤¤¡£
use_loginclass: ¤³¤Î¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È¡¢sudo ¤Ï¡¢ ÂÐ¾Ý¥æ¡¼¥¶¤Î¥í¥°¥¤¥ó¥¯¥é¥¹¤¬¤¢¤ì¤Ð¡¢¤½¤ì¤Ë»ØÄê¤µ¤ì¤¿¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤òÅ¬ÍÑ¤¹¤ë¡£ sudo ¤Î (¥³¥ó¥Ñ¥¤¥ë»þ¤Ë) --with-logincap ¥ª¥×¥·¥ç¥ó¤¬ ÀßÄê¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ß¡¢Í¸ú¤Ç¤¢¤ë¡£

À°¿ô:

passwd_tries: sudo ¤¬¼ºÇÔ¤ò¥í¥°¤ËµÏ¿¤·¤Æ½ªÎ»¤¹¤ë¤Þ¤Ç¤Ë¡¢ ¥æ¡¼¥¶¤¬¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤Ç¤¤ë²ó¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 3¡£

¿¿µ¶ÃÍ¤È¤·¤Æ¤â»ÈÍÑ¤µ¤ì¤ëÀ°¿ô:

loglinelen: ¥Õ¥¡¥¤¥ë¥í¥°¤Î 1 ¹ÔÅö¤¿¤ê¤ÎÊ¸»ú¿ô¡£ ¤³¤ÎÃÍ¤Ï¡¢¥í¥°¥Õ¥¡¥¤¥ë¤ò¸«¤ä¤¹¤¯¤¹¤ë¤¿¤á¤Ë¡¢ ¹Ô¤ò²¿·å¤ÇÀÞ¤êÊÖ¤¹¤«¤ò·èÄê¤¹¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ syslog ¥Õ¥¡¥¤¥ë¤Ë¤Ï²¿¤â±Æ¶Á¤»¤º¡¢¥Õ¥¡¥¤¥ë¥í¥°¤À¤±¤Ë±Æ¶Á¤¹¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 80 (ÀÞ¤êÊÖ¤·¤ò¤·¤Ê¤¤¾ì¹ç¤Ï 0 ¤ò»ØÄê¤¹¤ë)¡£
timestamp_timeout: sudo ¤¬ºÆÅÙ¥Ñ¥¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤Þ¤Ç¤Ë·Ð²á¤¹¤ëÊ¬¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5¡£ ¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÍ×µá¤µ¤»¤ë¤Ë¤Ï 0 ¤ËÀßÄê¤¹¤ë¡£
passwd_timeout: sudo ¤Î¥Ñ¥¹¥ï¡¼¥ÉÍ×µá¤¬»þ´ÖÀÚ¤ì¤Ë¤Ê¤ë¤Þ¤Ç¤ÎÊ¬¿ô¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5¡£ ¥Ñ¥¹¥ï¡¼¥ÉÍ×µá¤Î»þ´ÖÀÚ¤ì¤ò¤Ê¤¯¤¹¤Ë¤Ï 0 ¤ËÀßÄê¤¹¤ë¡£
umask: root ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤Î umask¡£ ¥æ¡¼¥¶¤Î umask ¤ò¾å½ñ¤¤·¤Ê¤¤¤¿¤á¤Ë¤Ï¡¢0777 ¤ËÀßÄê¤¹¤ë¤³¤È¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 0022¡£

Ê¸»úÎó:

mailsub: mailto ¥æ¡¼¥¶¤ËÁ÷¤é¤ì¤ë¥á¡¼¥ë¤Î Subject (ÂêÌ¾)¡£ ¥¨¥¹¥±¡¼¥× %h ¤Ï·×»»µ¡¤Î¥Û¥¹¥ÈÌ¾¤ËÅ¸³«¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï ``*** SECURITY information for %h ***''¡£
badpass_message: ¥æ¡¼¥¶¤¬ÉÔÀµ¤Ê¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤¿¾ì¹ç¤ËÉ½¼¨¤µ¤ì¤ë¥á¥Ã¥»¡¼¥¸¡£ insults ¤¬ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¸Â¤ê¡¢ ¥Ç¥Õ¥©¥ë¥È¤Ï ``Sorry, try again.''¡£
timestampdir: sudo ¤¬¥¿¥¤¥à¥¹¥¿¥ó¥×¥Õ¥¡¥¤¥ë¤òÃÖ¤¯¥Ç¥£¥ì¥¯¥È¥ê¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï @TIMEDIR@¡£
passprompt: ¥Ñ¥¹¥ï¡¼¥É¤ò¿Ò¤Í¤ë¤È¤¤Ë»È¤ï¤ì¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥×¥í¥ó¥×¥È¡£ -p ¥ª¥×¥·¥ç¥ó¤ä´Ä¶ÊÑ¿ô SUDO_PROMPT ¤ò»È¤Ã¤ÆÊÑ¹¹¤Ç¤¤ë¡£ 2 ¤Ä¤Î¥¨¥¹¥±¡¼¥×¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£ ``%u'' ¤Ï¥æ¡¼¥¶¤Î¥í¥°¥¤¥óÌ¾¤ËÅ¸³«¤µ¤ì¡¢ ``%h'' ¤Ï¥í¡¼¥«¥ë¥Û¥¹¥ÈÌ¾¤ËÅ¸³«¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï ``Password:''¡£
runas_default: -u ¥Õ¥é¥°¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë¡¢ ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¥Ç¥Õ¥©¥ë¥È¤Î¥æ¡¼¥¶¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï ``root''¡£
syslog_goodpri: ¥æ¡¼¥¶¤¬Ç§¾Ú¤ËÀ®¸ù¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤Î priority¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï ``notice''¡£
syslog_badpri: ¥æ¡¼¥¶¤¬Ç§¾Ú¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤Ë»È¤ï¤ì¤ë syslog ¤Î priority¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï ``alert''¡£
editor: visudo ¤¬»ÈÍÑ¤¹¤ë¥¨¥Ç¥£¥¿¤Î¥Ñ¥¹¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï¥·¥¹¥Æ¥à¾å¤Î vi ¤Î¥Ñ¥¹¡£

¿¿µ¶ÃÍ¤È¤·¤Æ¤â»ÈÍÑ¤µ¤ì¤ëÊ¸»úÎó:

logfile

(syslog ¥í¥°¥Õ¥¡¥¤¥ë¤Ç¤Ï¤Ê¤¯) sudo ¥í¥°¥Õ¥¡¥¤¥ë¤Ø¤Î¥Ñ¥¹¡£ ¥Ñ¥¹¤òÀßÄê¤¹¤ë¤È¡¢¤½¤Î¥Õ¥¡¥¤¥ë¤Ø¥í¥°¤¬µÏ¿¤µ¤ì¤ë¡£ ÀßÄê¤·¤Ê¤±¤ì¤Ð¡¢µÏ¿¤µ¤ì¤Ê¤¤¡£

syslog

¥í¥°¤ÎµÏ¿¤Ë syslog ¤¬»È¤ï¤ì¤Æ¤¤¤ë¾ì¹ç¤Î syslog ¤Î facility (syslog ¤Ë¤è¤ë¥í¥°¤ÎµÏ¿¤ò¤·¤Ê¤¤¾ì¹ç¤Ï¡¢ÀßÄê¤·¤Ê¤¤¤³¤È)¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï ``local2''¡£

mailerpath

mailerflags

mailto

·Ù¹ð¥á¡¼¥ë¤È¥¨¥é¡¼¥á¡¼¥ë¤òÁ÷¤ë¥¢¥É¥ì¥¹¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï ``root''¡£

exempt_group

¤³¤Î¥°¥ë¡¼¥×¤ËÂ°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¤È PATH ¤¬É¬Í×¤Ê¤¤¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¡£

secure_path

sudo ¤Ç¼Â¹Ô¤µ¤ì¤ëÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤Ë»È¤ï¤ì¤ë¥Ñ¥¹¡£ sudo ¤ò¼Â¹Ô¤¹¤ë¥æ¡¼¥¶¤ò¿®ÍÑ¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¡¢ »ÈÍÑ¤µ¤»¤¿¤¤Àµ¤·¤¤´Ä¶ÊÑ¿ô PATH ¤ò»ØÄê¤¹¤ë¡£ ÊÌ¤Î»ÈÍÑË¡¤È¤·¤Æ¤Ï¡¢``root ¤Î¥Ñ¥¹'' ¤ò ``¥æ¡¼¥¶¤Î¥Ñ¥¹'' ¤È Ê¬¤±¤ë¤¿¤á¤Ë»È¤¦¾ì¹ç¤¬¤¢¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤¤¡£

verifypw

¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ sudo ¤ò -v ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢ ¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬Í×¤È¤µ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃÍ¤Î¤¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£

    all         ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
                ¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î I<sudoers>
                ¥¨¥ó¥È¥ê¤Ë C<NOPASSWD> ¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ
                ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

    any         ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
                ¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î
                I<sudoers> ¥¨¥ó¥È¥ê¤Ë C<NOPASSWD> ¥Õ¥é¥°¤¬
                ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

    never       ¥æ¡¼¥¶¤Ï¡¢B<-v> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë
                ¥Ñ¥¹¥ï¡¼¥É¤òÉ¬Í×¤È¤·¤Ê¤¤¡£

    always      ¥æ¡¼¥¶¤Ï¡¢B<-v> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë
                ¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤¹¤ëÉ¬Í×¤¬¤¢¤ë¡£

¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `all' ¤Ç¤¢¤ë¡£

listpw

¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥æ¡¼¥¶¤¬ sudo ¤ò -l ¥ª¥×¥·¥ç¥ó¤Ç¼Â¹Ô¤·¤¿¤È¤¤Ë¡¢ ¤¤¤Ä¥Ñ¥¹¥ï¡¼¥É¤¬É¬Í×¤È¤µ¤ì¤ë¤«¤òÀ©¸æ¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤Ï°Ê²¼¤ÎÃÍ¤Î¤¤¤º¤ì¤«¤òÀßÄê¤Ç¤¤ë¡£

    all         ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
                ¸½ºß¤Î¥Û¥¹¥È¤Î¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤Î I<sudoers>
                ¥¨¥ó¥È¥ê¤Ë C<NOPASSWD> ¥Õ¥é¥°¤¬ÀßÄê¤µ¤ì¤Æ
                ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

    any         ¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¤ò¤Ê¤·¤Ç¤¹¤Þ¤»¤ë¤¿¤á¤Ë¤Ï¡¢
                ¸½ºß¤Î¥Û¥¹¥È¤Î¾¯¤Ê¤¯¤È¤â°ì¿Í¤Î¥æ¡¼¥¶¤Î
                I<sudoers> ¥¨¥ó¥È¥ê¤Ë C<NOPASSWD> ¥Õ¥é¥°¤¬
                ÀßÄê¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

    never       ¥æ¡¼¥¶¤Ï¡¢B<-l> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë
                ¥Ñ¥¹¥ï¡¼¥É¤òÉ¬Í×¤È¤·¤Ê¤¤¡£

    always      ¥æ¡¼¥¶¤Ï¡¢B<-l> ¥Õ¥é¥°¤ò»È¤¦ºÝ¤Ë
                ¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤¹¤ëÉ¬Í×¤¬¤¢¤ë¡£

¥Ç¥Õ¥©¥ë¥È¤ÎÃÍ¤Ï `any' ¤Ç¤¢¤ë¡£

syslog(3) ¤Ç¥í¥°¤òµÏ¿¤·¤Æ¤¤¤ë¾ì¹ç¡¢ sudo ¤Ï syslog ¤Î facility (syslog ¥Ñ¥é¥á¡¼¥¿¤ÎÃÍ) ¤È¤·¤Æ¡¢ authpriv (OS ¤¬¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾ì¹ç), auth, daemon, user, local0, local1, local2, local3, local4, local5, local6, local7 ¤ò¼õ¤±ÉÕ¤±¤ë¡£ syslog ¤Î prioritiy ¤È¤·¤Æ¤Ï¡¢ alert, crit, debug, emerg, err, info, notice, warning ¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¡£

¥æ¡¼¥¶ÀßÄê

 User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \
               (':' User_Spec)*

 Cmnd_Spec_List ::= Cmnd_Spec |
                    Cmnd_Spec ',' Cmnd_Spec_List

 Cmnd_Spec ::= Runas_Spec? ('NOPASSWD:' | 'PASSWD:')? Cmnd

 Runas_Spec ::= '(' Runas_List ')'

¥æ¡¼¥¶ÀßÄê¤ò¹½À®Í×ÁÇ¤´¤È¤ËÊ¬¤±¤Æ¤ß¤ë¡£

Runas_Spec

Runas_Spec ¤ÏÃ±¤Ë (¾å¤ÇÄêµÁ¤·¤¿) Runas_List ¤ò³ç¸Ì¤Ç³ç¤Ã¤¿¤â¤Î¤Ç¤¢¤ë¡£ ¥æ¡¼¥¶ÀßÄê¤Ç Runas_Spec ¤ò»ØÄê¤·¤Ê¤¤¤È¡¢ root ¤Î¥Ç¥Õ¥©¥ë¥È¤Î Runas_Spec ¤¬»È¤ï¤ì¤ë¡£ Runas_Spec ¤Ï¡¢¤½¤Î¸å¤ËÂ³¤¯¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤òÀßÄê¤¹¤ë¡£ ¤Ä¤Þ¤ê:

 dgb    boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who

¤Î¤è¤¦¤Ê¥¨¥ó¥È¥ê¤¬¤¢¤ë¾ì¹ç¡¢ ¥æ¡¼¥¶ dgb ¤Ï¡¢/bin/ls, /bin/kill, /usr/bin/lprm ¤ò ¼Â¹Ô¤Ç¤¤ë¡£-- ¤¿¤À¤· operator ¤È¤·¤Æ¤Î¤ß¡£Îã¤¨¤Ð:

    sudo -u operator /bin/ls.

 dgb    boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm

¤Î¤è¤¦¤Ë½¤Àµ¤¹¤ë¤È¡¢ ¥æ¡¼¥¶ dgb ¤Ï /bin/ls ¤ò operator ¤È¤·¤Æ¡¢ ¤Þ¤¿ /bin/kill ¤È /usr/bin/lprm ¤ò root ¤È¤·¤Æ ¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤ë¡£

NOPASSWD ¤È PASSWD

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢sudo ¤Ï ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¥æ¡¼¥¶¼«¿È¤ÎÇ§¾Ú¤òÉ¬Í×¤È¤¹¤ë¡£ ¤³¤ÎÆ°ºî¤Ï NOPASSWD ¥¿¥°¤ÇÊÑ¹¹¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ Runas_Spec ¤ÈÆ±ÍÍ¤Ë¡¢NOPASSWD ¥¿¥°¤Ï ¥³¥Þ¥ó¥É¤Î¥Ç¥Õ¥©¥ë¥È¤ò¤½¤Î¸å¤ËÂ³¤¯ Cmnd_Spec_List ¤ËÀßÄê¤¹¤ë¡£ µÕ¤Ë PASSWD ¤Ï¤³¤ì¤ò¸µ¤ËÌá¤¹¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ Îã¤¨¤Ð:

 ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

¤È¤¹¤ë¤È¡¢¥æ¡¼¥¶ ray ¤ÏÈà¼«¿È¤Ø¤ÎÇ§¾Ú¤Ê¤·¤Ç ·×»»µ¡ rushmore ¤Î root ¤È¤·¤Æ /bin/kill, /bin/ls, /usr/bin/lprm ¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ray ¤Ë /bin/kill ¤À¤±¤ò ¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤·¤¿¤¤¾ì¹ç¡¢¥¨¥ó¥È¥ê¤Ï¼¡¤Î¤è¤¦¤Ë¤Ê¤ë¡£

 ray    rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm

¤¿¤À¤·¡¢PASSWD ¥¿¥°¤Ï exempt_group ¥ª¥×¥·¥ç¥ó¤Ç »ØÄê¤µ¤ì¤¿¥°¥ë¡¼¥×¤ËÂ°¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ë¤Ï¸ú²Ì¤¬¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¸½ºß¤Î¥Û¥¹¥È¾å¤Î¤¢¤ë¥æ¡¼¥¶¤Î¤É¤ì¤«¤Î¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥¿¥°¤¬Å¬ÍÑ¤µ¤ì¤Æ¤¤¤ì¤Ð¡¢ ¤½¤Î¥æ¡¼¥¶¤Ï sudo -l ¤ò¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£ ¤µ¤é¤Ë¡¢¤¢¤ë¥æ¡¼¥¶¤Î¸½ºß¤Î¥Û¥¹¥È¤Ë´ØÏ¢¤¹¤ëÁ´¤Æ¤Î¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥¿¥°¤¬¤¢¤ë¾ì¹ç¤Ë¸Â¤ê¡¢ ¤½¤Î¥æ¡¼¥¶¤Ï sudo -v ¤ò¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ë¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¡£ ¤³¤ÎÆ°ºî¤Ï verifypw ¤È listpw ¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤ÆÊÑ¹¹¤Ç¤¤ë¡£

¥ï¥¤¥ë¥É¥«¡¼¥É (ÊÌÌ¾¡¢¥á¥¿¥¥ã¥é¥¯¥¿):

sudo ¤Ï sudoers ¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ¡¢ ¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤ä¥Ñ¥¹Ì¾¤ËÂÐ¤·¤Æ ¥·¥§¥ë·Á¼°¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¥ï¥¤¥ë¥É¥«¡¼¥É¤Î¥Þ¥Ã¥Á¥ó¥°¤Ï¡¢ POSIX ¤Î fnmatch(3) ¥ë¡¼¥Á¥ó¤ò»È¤Ã¤Æ¹Ô¤ï¤ì¤ë¡£ Àµµ¬É½¸½¤Ç¤Ï¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

*: Ç¤°Õ¤Î 0 ¸Ä°Ê¾å¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
?: Ç¤°Õ¤Î 1 ¸Ä¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
[...]: »ØÄê¤·¤¿ÈÏ°Ï¤Ë¤¢¤ëÇ¤°Õ¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
[!...]: »ØÄê¤·¤¿ÈÏ°Ï¤Ë¤Ê¤¤Ç¤°Õ¤ÎÊ¸»ú¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
\x: ``x'' ¤ÇÉ¾²Á¤µ¤ì¤ëÇ¤°Õ¤ÎÊ¸»ú ``x''¡£ ¤³¤ì¤Ï¡¢``*'', ``?'', ``['', ``}'' ¤Î¤è¤¦¤Ê ¥¨¥¹¥±¡¼¥×Ê¸»ú¤ËÂÐ¤·¤Æ»È¤ï¤ì¤ë¡£

    /usr/bin/*

¤Î¤è¤¦¤Ê¥Ñ¥¹¤ò¡¢ /usr/bin/who ¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¡¢ /usr/bin/X11/xterm ¤Ë¤Ï¥Þ¥Ã¥Á¤µ¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£

¥ï¥¤¥ë¥É¥«¡¼¥É¤Îµ¬Â§¤Ë¤ª¤±¤ëÎã³°:

¾å¤Îµ¬Â§¤ËÂÐ¤·¤Æ¡¢¼¡¤ÎÎã³°¤¬Å¬ÍÑ¤µ¤ì¤ë¡£

: ¶õ¤ÎÊ¸»úÎó "" ¤¬ sudoers ¥¨¥ó¥È¥ê¤Î Í£°ì¤Î¥³¥Þ¥ó¥É¥é¥¤¥ó°ú¤¿ô¤Ç¤¢¤ë¾ì¹ç¡¢ ¡Ö¥³¥Þ¥ó¥É¤Ë°ú¤¿ô¤ò¤Ä¤±¤¿¤È¤¤Ï¡¢¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Ê¤¤¡× ¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤¹¤ë¡£

¤½¤ÎÂ¾¤ÎÆÃ¼ìÊ¸»ú¤ÈÍ½Ìó¸ì:

Í½Ìó¸ì ALL ¤ÏÁÈ¹þ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤Ç¡¢ ¾ï¤Ë¥Þ¥Ã¥Á¤òÀ®¸ù¤µ¤»¤ë¡£ ¤³¤ÎÍ½Ìó¸ì¤Ï¤É¤³¤Ç¤â»È¤¨¤ë¡£ ¤³¤ì¤ò»È¤¤¤¿¤¯¤Ê¤¤¾ì¹ç¤Ï¡¢ Cmnd_Alias, User_Alias, Runas_Alias, Host_Alias ¤ò»È¤¦¤³¤È¡£ ALL ¤È¤¤¤¦ ¥¨¥¤¥ê¥¢¥¹ ¤ò¼«Ê¬¤ÇÄêµÁ¤·¤è¤¦¤È¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£ ÁÈ¹þ¤ß¤Î¥¨¥¤¥ê¥¢¥¹¤¬Í¥Àè¤µ¤ì¤ë¤«¤é¤Ç¤¢¤ë¡£ ALL ¤ò»È¤¦¤È´í¸±¤Ë¤Ê¤ë²ÄÇ½À¤¬¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤Ê¤¼¤Ê¤é¡¢¤³¤ì¤ò¥³¥Þ¥ó¥É¤Î»ØÄê¤Ç»È¤¦¤È¡¢ ¥æ¡¼¥¶¤Ï¥·¥¹¥Æ¥à¾å¤ÎÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤«¤é¤Ç¤¢¤ë¡£

´¶Ã²Éä ('!') ¤Ï¡¢¥¨¥¤¥ê¥¢¥¹¤ÎÃæ¤È Cmnd ¤ÎÁ°¤Ç¡¢ ÏÀÍý³Ø¤Î not ¥ª¥Ú¥ì¡¼¥¿¤È¤·¤Æ»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤Ë¤è¤ê¡¢¤¢¤ëÃÍ¤òÇÓ½ü¤Ç¤¤ë¡£ ¤·¤«¤· ! ¤òÁÈ¹þ¤ß¤Î ALL ¥¨¥¤¥ê¥¢¥¹¤ÈÁÈ¤ß¹ç¤ï¤»¤Æ¡¢ ¥æ¡¼¥¶¤¬ ``Á´¤Æ¤Ç¤Ï¤Ê¤¯°ìÉô¤Î'' ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë ¤·¤è¤¦¤È¤·¤Æ¤â¡¢°Õ¿Þ¤·¤¿¤è¤¦¤ËÆ°ºî¤¹¤ë¤³¤È¤Ïµ©¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È (°Ê²¼¤Î¡Ö¥»¥¥å¥ê¥Æ¥£¾å¤ÎÃí°Õ¡×¤ò»²¾È)¡£

¥ê¥¹¥È¤Ë¤ª¤±¤ë¹½À®Í×ÁÇ´Ö¤Î¶õÇò¤ä¡¢ ¥æ¡¼¥¶ÀßÄê¤Ë¤ª¤±¤ëÆÃ¼ì¤Ê¹½Ê¸Ê¸»ú ('=', `:', `(', `)') ¤Ï¡¢¤Ê¤¯¤Æ¤â¤è¤¤¡£

'@', `!', `=', `:', `,', `(', `)', `\' ¤È¤¤¤¦Ê¸»ú¤ò¥ï¡¼¥É (Îã¤¨¤Ð¡¢¥æ¡¼¥¶Ì¾¤ä¥Û¥¹¥ÈÌ¾) ¤Î°ìÉô¤È¤·¤Æ»È¤¦¾ì¹ç¤Ï¡¢ ¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å ('\') ¤Ç¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£

Îã

°Ê²¼¤Ï sudoers ¥¨¥ó¥È¥ê¤ÎÎã¤Ç¤¢¤ë¡£ ÀµÄ¾¤Ê¤È¤³¤í¡¢¤¤¤¯¤Ä¤«¤Ï¾¯¤·¤ï¤¶¤È¤é¤·¤¤¡£ »Ï¤á¤Ë¥¨¥¤¥ê¥¢¥¹¤òÄêµÁ¤¹¤ë¡£

 # User alias specification
 User_Alias     FULLTIMERS = millert, mikef, dowdy
 User_Alias     PARTTIMERS = bostley, jwfox, crawl
 User_Alias     WEBMASTERS = will, wendy, wim

 # Runas alias specification
 Runas_Alias    OP = root, operator
 Runas_Alias    DB = oracle, sybase

 # Host alias specification
 Host_Alias     SPARC = bigtime, eclipse, moet, anchor :\
                SGI = grolsch, dandelion, black :\
                ALPHA = widget, thalamus, foobar :\
                HPPA = boa, nag, python
 Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
 Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
 Host_Alias     SERVERS = master, mail, www, ns
 Host_Alias     CDROM = orion, perseus, hercules

 # Cmnd alias specification
 Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
                        /usr/sbin/restore, /usr/sbin/rrestore
 Cmnd_Alias     KILL = /usr/bin/kill
 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
 Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
 Cmnd_Alias     HALT = /usr/sbin/halt, /usr/sbin/fasthalt
 Cmnd_Alias     REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
 Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
                         /usr/local/bin/tcsh, /usr/bin/rsh, \
                         /usr/local/bin/zsh
 Cmnd_Alias     SU = /usr/bin/su

°Ê²¼¤ÎÀßÄê¤Ç¤Ï¡¢¥³¥ó¥Ñ¥¤¥ë»þ¤Î¥Ç¥Õ¥©¥ë¥ÈÃÍ¤Î¤¤¤¯¤Ä¤«¤ò¾å½ñ¤¤¹¤ë¡£ sudo ¤Ë syslog(3) ¤ò»È¤Ã¤Æ Á´¤Æ¤Î¾ì¹ç¤Ë¤Ä¤¤¤Æ auth facility ¤Ç¥í¥°¤òµÏ¿¤µ¤»¤ë¡£ ¥Õ¥ë¥¿¥¤¥à¤Î¥¹¥¿¥Ã¥Õ¤Ë¤Ï¡¢sudo ¤Î¥ì¥¯¥Á¥ã¡¼¤ò¼õ¤±¤ëÉ¬Í×¤ò¤Ê¤¯¤¹¡£ ¤Þ¤¿¥æ¡¼¥¶ millert ¤Ï¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ¤·¤Ê¤¯¤Æ¤è¤¤¤è¤¦¤Ë¤¹¤ë¡£ ¤µ¤é¤Ë Host_Alias ¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡¤Ë (syslog ¤È¤ÏÊÌ¤Ë) ¥í¡¼¥«¥ë¤Î¥í¥°¥Õ¥¡¥¤¥ë¤òÊÝÂ¸¤·¡¢ Ä¹¤¤¥í¥°¥¨¥ó¥È¥ê¤ò¿ôÇ¯¤ËÅÏ¤êÊÝÂ¸¤¹¤ë¤¿¤á¤Ë¥í¥°¤Î³Æ¹Ô¤ËÇ¯¤òµÏ¿¤¹¤ë¡£

 # Override builtin defaults
 Defaults               syslog=auth
 Defaults:FULLTIMERS    !lecture
 Defaults:millert       !authenticate
 Defaults@SERVERS       log_year, logfile=/var/log/sudo.log

 root           ALL = (ALL) ALL
 %wheel         ALL = (ALL) ALL

root ¤È wheel ¥°¥ë¡¼¥×¤Î¥æ¡¼¥¶¤Ë¡¢ Á´¤Æ¤Î¥æ¡¼¥¶¤È¤·¤Æ¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¤è¤¦¤Ë¤·¤Æ¤¤¤ë¡£

 FULLTIMERS     ALL = NOPASSWD: ALL

¥Õ¥ë¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (millert, mikef, dowdy) ¤Ï¡¢ ¼«Ê¬¼«¿È¤ÎÇ§¾Ú¤ò¤¹¤ë¤³¤È¤Ê¤¯¡¢Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¡£

 PARTTIMERS     ALL = ALL

¥Ñ¡¼¥È¥¿¥¤¥à¤Î¥·¥¹¥Æ¥à´ÉÍý¼Ô (bostley, jwfox, crawl) ¤Ï¡¢ Á´¤Æ¤Î¥Û¥¹¥È¾å¤ÇÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤¬¼Â¹Ô¤Ç¤¤ë¤¬¡¢ (¥¨¥ó¥È¥ê¤Ë NOPASSWD ¥¿¥°¤¬¤Ê¤¤¤Î¤Ç) ºÇ½é¤Ë¼«Ê¬¼«¿È¤ÎÇ§¾Ú¤¬É¬Í×¤Ç¤¢¤ë¡£

 jack           CSNETS = ALL

¥æ¡¼¥¶ jack ¤Ï¡¢CSNETS ¥¨¥¤¥ê¥¢¥¹ (¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.243.0, 128.138.204.0, 128.138.242.0) ¤Ë¤¢¤ë·×»»µ¡¾å¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤³¤ì¤é¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤¦¤Á¡¢¥Í¥Ã¥È¥ï¡¼¥¯ <128.138.204.0> ¤À¤±¤Ë ¥¯¥é¥¹ C ¥Í¥Ã¥È¥ï¡¼¥¯¤ò¼¨¤¹ÌÀ¼¨Åª¤Ê (CIDR É½µ¤Î) ¥Í¥Ã¥È¥Þ¥¹¥¯¤¬¤¢¤ë¡£ CSNETS ¤Ë¤¢¤ëÂ¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤Ä¤¤¤Æ¤Ï¡¢ ¥Þ¥Ã¥Á¥ó¥°¤ÎºÝ¤Ë¥í¡¼¥«¥ë¤Î·×»»µ¡¤Î¥Í¥Ã¥È¥Þ¥¹¥¯¤¬»È¤ï¤ì¤ë¡£

 lisa           CUNETS = ALL

¥æ¡¼¥¶ lisa ¤Ï¡¢CUNETS ¥¨¥¤¥ê¥¢¥¹ (¥¯¥é¥¹ B ¥Í¥Ã¥È¥ï¡¼¥¯ 128.138.0.0) ¤Ë¤¢¤ë Á´¤Æ¤Î¥Û¥¹¥È¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£

 operator       ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
                /usr/oper/bin/

¥æ¡¼¥¶ operator ¤Ï¡¢ ´ÊÃ±¤Ê¥á¥ó¥Æ¥Ê¥ó¥¹ÍÑ¤Î¥³¥Þ¥ó¥É¤Ë¸Â¤Ã¤Æ¼Â¹Ô¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤é¤Ï¥Ç¥£¥ì¥¯¥È¥ê /usr/oper/bin/ ¤Ë¤¢¤ë¥³¥Þ¥ó¥ÉÁ´¤Æ¤Ç¡¢ ¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥×¥í¥»¥¹¤Î kill¡¦°õºþ¥·¥¹¥Æ¥à¡¦¥·¥¹¥Æ¥à¤Î¥·¥ã¥Ã¥È¥À¥¦¥ó¡¢ ¤È¤¤¤Ã¤¿¤³¤È¤Ë´ØÏ¢¤·¤¿¤â¤Î¤Ç¤¢¤ë¡£

 joe            ALL = /usr/bin/su operator

¥æ¡¼¥¶ joe ¤Ï¡¢operator ¤Ë¤Ê¤ë¤¿¤á¤Î su(1) ¤·¤«¼Â¹Ô¤Ç¤¤Ê¤¤¡£

 pete           HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

¥æ¡¼¥¶ pete ¤Ï¡¢HPPA ·×»»µ¡¾å¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤òÊÑ¹¹¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£ ¤³¤³¤Ç¤Ï¡¢passwd(1) ¤¬¥³¥Þ¥ó¥É¥é¥¤¥ó¤«¤é Ê£¿ô¤Î¥æ¡¼¥¶Ì¾¤ò¼õ¤±ÉÕ¤±¤Ê¤¤¤³¤È¤ò²¾Äê¤·¤Æ¤¤¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£

 bob            SPARC = (OP) ALL : SGI = (OP) ALL

¥æ¡¼¥¶ bob ¤Ï¡¢SPARC ¤È SGI ·×»»µ¡¾å¤Ç¡¢ Runas_Alias ¤Î OP ¤Ë¥ê¥¹¥È¤µ¤ì¤¿¥æ¡¼¥¶ (root ¤È operator) ¤È¤·¤Æ¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£

 jim            +biglab = ALL

¥æ¡¼¥¶ jim ¤Ï¡¢biglab ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ë¤¢¤ëÁ´¤Æ¤Î·×»»µ¡¤Ç¡¢ Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ sudo ¤Ï¡¢``biglab'' ¤¬¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ç¤¢¤ë¤³¤È¤ò ¥×¥ì¥Õ¥£¥Ã¥¯¥¹ `+' ¤Ë¤è¤Ã¤ÆÃÎ¤ë¡£

 +secretaries   ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser

secretaries ¥Í¥Ã¥È¥°¥ë¡¼¥×¤ËÂ°¤¹¤ë¥æ¡¼¥¶¤Ï¡¢ ¥æ¡¼¥¶¤ÎÄÉ²Ã¡¦ºï½ü¤À¤±¤Ç¤Ê¤¯¥×¥ê¥ó¥¿´ÉÍý¤ÎÊä½õ¤ò¤¹¤ëÉ¬Í×¤¬¤¢¤ë¤Î¤Ç¡¢ ¤³¤ì¤é¤Î¥³¥Þ¥ó¥É¤òÁ´¤Æ¤Î·×»»µ¡¾å¤Ç¼Â¹Ô¤¹¤ë¤³¤È¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£

 fred           ALL = (DB) NOPASSWD: ALL

¥æ¡¼¥¶ fred ¤Ï¡¢Runas_Alias ¤Î DB ¤Ë¤¢¤ë¥æ¡¼¥¶ (oracle ¤È sybase) ¤È¤·¤Æ¡¢¥Ñ¥¹¥ï¡¼¥É¤Ê¤·¤Ç¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£

 john           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*

ALPHA ·×»»µ¡¾å¤Ç¡¢¥æ¡¼¥¶ john ¤Ï¡¢ su ¤Ç root °Ê³°¤ÎÁ´¤Æ¤Î¥æ¡¼¥¶¤Ë¤Ê¤ì¤ë¡£ ¤·¤«¤· su(1) ¤Ë¥Õ¥é¥°¤ò»ØÄê¤¹¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£

 jen            ALL, !SERVERS = ALL

¥æ¡¼¥¶ jen ¤Ï¡¢Host_Alias ¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡ (master, mail, www, ns) °Ê³°¤Ç¡¢Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£

 jill           SERVERS = /usr/bin/, !SU, !SHELLS

Host_Alias ¤Î SERVERS ¤Ë¤¢¤ë·×»»µ¡¤Ç¡¢ jill ¤Ï /usr/bin ¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ëÁ´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤¿¤À¤·¡¢Cmnd_Aliases ¤Î SU ¤È SHELLS ¤ËÂ°¤·¤Æ¤¤¤ë¥³¥Þ¥ó¥É¤Ï½ü¤¯¡£

 steve          CSNETS = (operator) /usr/local/op_commands/

¥æ¡¼¥¶ steve ¤Ï¡¢¥Ç¥£¥ì¥¯¥È¥ê /usr/local/op_commands/ ¤Ë¤¢¤ë Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£¤¿¤À¤·¡¢¥æ¡¼¥¶ operator ¤È¤·¤Æ¤Î¤ß¼Â¹Ô¤Ç¤¤ë¡£

 matt           valkyrie = KILL

matt ¤Ï¡¢Èà¤Î¸Ä¿Í¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó valkyrie ¤Ç¡¢ ¥Ï¥ó¥°¤·¤¿¥×¥í¥»¥¹¤ò kill ¤Ç¤¤ëÉ¬Í×¤¬¤¢¤ë¡£

 WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www

¥Û¥¹¥È www ¤Ç¡¢User_Alias ¤Î WEBMASTERS ¤Ë¤¢¤ë¥æ¡¼¥¶ (will, wendy, wim) ¤Ï¡¢(web ¥Ú¡¼¥¸¤ò½êÍ¤·¤Æ¤¤¤ë) ¥æ¡¼¥¶ www ¤È¤·¤Æ Á´¤Æ¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë¡£ ¤Þ¤¿¡¢Ã±¤Ë su(1) ¤Ç www ¤Ë¤Ê¤ì¤ë&