sudoers/sudoers.rng


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

<?xml version="1.0" encoding="UTF-8"?>
<grammar xmlns="http://relaxng.org/ns/structure/1.0"
         datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"
         xmlns:a="http://freeipa.org/xml/rng/ns/annotations/1.0">

  <a:doc> Sudo configuration (/etc/sudoers) </a:doc>

  <include href="username.rng"/>

  <start ns="http://freeipa.org/xml/rng/sudo/sudoers/1.0">
    <element name="sudoers">

      <oneOrMore>
        <element name="command">
          <optional>
            <element name="options">
              <ref name="options"/>
            </element>
          </optional>

          <element name="path">
            <text/>
          </element>

          <zeroOrMore>
            <element name="args">
              <text/>
            </element>
          </zeroOrMore>

          <zeroOrMore>
            <element name="tag">
              <choice>
                <value>NOPASSWD</value>
                <value>PASSWD</value>
                <value>NOEXEC</value>
                <value>EXEC</value>
                <value>SETENV</value>
                <value>NOSETENV</value>
              </choice>
            </element>
          </zeroOrMore>

<!-- XXX actually needs to be user,group,netgroup -->
          <zeroOrMore>
            <element name="runas">
              <ref name="username_pattern"/>
            </element>
          </zeroOrMore>

        </element> <!-- command -->
      </oneOrMore>

    </element> <!-- sudoers -->
  </start>
  <define name="options">
    <zeroOrMore>
       <choice>
         <attribute name="dummy_attribute"/>
       </choice>
    </zeroOrMore>
  </define>
</grammar>