xxxxxx Begin # # Description Standard sudoers template # # Version control # # See changelog on Global sudo wiki http://ibm.biz/GsudoStandardAlias for previous changes # # Updates in this version: # # April 2015 Update V 8.4 # Moved standard negation entries to independent template. Added #include # Moved standard alias entries to independent template. Added #include # Moved standard SA entries to independent template. Added #include # Added line ## IBM Team include statements precede this comment - for S-TRAN #------------------------------------------------------------------------------ # # Sudo implementation team instruction: # This special template is NOT to be # included. Instead, this template # has content which must, for functional purposes, be 'spread over' the # entire span of the /etc/sudoers file. For instance, the # Defaults env_file=/etc/sudo.env # line should be 'early' in the file, while the line: # ALL ALL=!SUDOSUDO # needs to be after the last 'additive' sudo entry to ensure all sudo entries # are appropriately protected. #============================================================================== # Defaults #============================================================================== # # The following entries are required if you allow users to run # smit / smitty on AIX: # # For sudo 1.7.0 and up, include the following entries in the # /etc/sudo.env file: # SMIT_SHELL=n # SMIT_SEMI_COLON=n # SMIT_QUOTE=n # and define sudo environment file within /etc/sudoers (or included # file) via: # Defaults env_file=/etc/sudo.env # Includes the sudo environment file # # #------------------------------------------------------------------------------ # # The following entry is only required if you are using a secondary logging # method which cannot capture commands issued in shell outs. # This will help ensure that commands with shell outs are # appropriately controled: # Defaults!IBM_SHELLESCAPE_ALL noexec # # CAUTION: This affects all entries; ensure your customer is aware this is being # added on first implementation, and appropriate testing is done. # #------------------------------------------------------------------------------ # # #============================================================================== # include files #============================================================================== # Include the Middleware templates relevant for the server # # Note: Sudo syntax for include is "#include /dir/file", to 'uncomment' # these sample lines, change from # ##include /etc/sudoers.d/1xx_{application}_GLB entries if desired> # to # #include /etc/sudoers.d/1xx_{application}_GLB entries if desired> # # While it is permissible to 'inline' the following three templates, # we are setting the 'default' usage to use the #include structure: #include /etc/sudoers.d/010_STD_NEG_GLB #include /etc/sudoers.d/010_STD_ALIAS_GLB #include /etc/sudoers.d/010_STD_SA_GLB # # Global template # The next is needed for by the S-TRAN tool # ## IBM Team include statements precede this comment # # ##include /etc/sudoers.d/1xx_{application}_GLB # # GEO specific adjustments to GLB template, or GEO template with no # corresponding GLB template # ##include /etc/sudoers.d/2xx_{application}_{GEO name} # # IMT specific adjustments to GLB or GEO template, or IMT template with no # corresponding GLB or GEO template # ##include /etc/sudoers.d/3xx_{application}_{IMT name} # # Account specific adjustments to GLB, GEO, or IMT template # ##include /etc/sudoers.d/4xx_{application}_ADJ # # Local Account specific entries - no corresponding GLB, GEO, or IMT template # ##include /etc/sudoers.d/4xx_{application}_LCL # # Customer entries if needed # ##include /etc/sudoers.d/8xx_{customer_application}_CUST # # # If server specific commands are needed include them here # ##include /etc/sudoers.d/9xx_sudoers_%h # or ##include /etc/sudoers.d/9xx_sudoers.local # # # # The following line must be after the last 'additive' line in this file, # only negations' should follow this: # ALL ALL=!SUDOSUDO # # End Global sudoers standard template Ver 8.4 Date 2015-04-01 * Master * Refer xxxxxx End #