История изменений
Исправление iljuase, (текущая версия) :
Да, так и есть:
[devadmin@secret-host ~]$ sudo cat /etc/sudoers | grep -E -v '^#|^$'
Cmnd_Alias DENY = /usr/bin/passwd, /usr/bin/sudoedit, /usr/sbin/visudo, /usr/bin/chattr, /usr/bin/mc, /usr/bin/su
Defaults !requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%citadmins ALL=(ALL) ALL, !DENY
%ibadmins ALL=(ALL) ALL, !DENY
%devadmins ALL=(ALL) ALL, !DENY
Но не понятно, в чём смысл, я же могу sodoers открыть напрямую для редактирования через nano...
Исходная версия iljuase, :
Да, так и есть:
[devadmin@secret-host ~]$ sudo cat /etc/sudoers | grep -E -v '^#|^$'
Cmnd_Alias DENY = /usr/bin/passwd, /usr/bin/sudoedit, /usr/sbin/visudo, /usr/bin/chattr, /usr/bin/mc, /usr/bin/su
Defaults !requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%citadmins ALL=(ALL) ALL, !DENY
%ibadmins ALL=(ALL) ALL, !DENY
%devadmins ALL=(ALL) ALL, !DENY