added fcusack's custom validator and two examples

1 files changed, 45 insertions, 0 deletions

diff --git a/sudoers/examples/sudoers_example_1 b/sudoers/examples/sudoers_example_1
new file mode 100644
index 0000000..c1709b0
--- /dev/null
+++ b/sudoers/examples/sudoers_example_1
@@ -0,0 +1,45 @@
+## Sample sudoers file ##
+# *** Host_Alias specifications ***
+# Host_Alias seems not to be useful, unless you have a
+# global sudoers file that is replicated across multiple hosts.
+# make LOCAL mean localhost (probably a bad idea, as this will allow it to run on any machine that has the sudoers file)
+Host_Alias LOCAL = 127.0.0.1
+# Anywhere that "LAN" is specified, these hosts apply:
+Host_Alias LAN = ahost.mycompany.com, anotherhost.mycompany.com
+
+# *** User_Alias specifications ***
+# User_Alias allows you to group users. (better to use AD/NIS groups, for global/central management?)
+# MAILADMINS user alias refers to users dick and jane
+User_Alias MAILADMINS = dick, jane
+
+# *** Runas_Alias specifications ***
+# This specifies an alias or grouping of whom a command can be run as.
+Runas_Alias SOMEONE = larry, tom
+
+# *** Cmd_Alias specifications ***
+# alias or group commands with full paths, to make things easier to read later.
+Cmnd_Alias SU = /bin/su
+Cmnd_Alias SMTP = /sbin/service postfix stop, /sbin/service postfix start, /sbin/service postfix status
+Cmnd_Alias REBOOT = /usr/bin/reboot, /sbin/shutdown -r now
+
+# *** Defaults specification ***
+# make user john.doe not have to enter a password to run commands as another user
+Defaults:john.doe nopasswd
+# make user kate have no timeout, and add env variable "GOO" to the sudo environment, and run as linda by default, but always require the root password
+Defaults:kate timestamp_timeout=-1, env_delete+="GOO", runas_default=linda, rootpw
+# make user jim have to enter the password of whoever he's running a command as, every time, with 1 attempt allowed
+Defaults:jim timestamp_timeout=0, runaspw, passwd_tries=1
+# global defaults - log to a specific file.
+Defaults logfile=/var/log/sudo.log, log_year=on
+
+# *** User Privilege specification ***
+# This is where we actually say who and where (as whom) can do what
+# user/%group hostname = (user) command
+# by default, root can do all commands as all users
+root ALL=(ALL) ALL
+# users jake and jim, on localhost, can execute crond without entering a password. (probably a bad idea)
+jake,jim LOCAL = NOPASSWD: /sbin/service crond restart
+# allow MAILADMINS on hosts LAN to run as root the commands SMTP and REBOOT.
+MAILADMINS LAN = (root) SMTP, (SOMEONE) REBOOT
+# members of the group "wheel" can run, on all hosts, all commands as all users
+%wheel ALL=(ALL) ALL