| blob | 9959000743db8d4ff4d4da3ebd5d032ac33f3e63 |
1 #
2 # Configuration for the su-wrapper
3 #
4 # This utility allowes special users execution of
5 # special commands under an other euid
6 #
7 # Description of the lines follow,
8 # any of the allow lines have to match and none the deny lines
9 # may match. the su-wrapper tries hard to find any way to grant the access
10 #
12 # User Group Command Cmdline EUser EGroup ECommand Params
13 #
14 # User -> the user which may call it. (use * for all users)
15 # Group -> the group which may call it (user * for all groups)
16 # Command -> the argv[0] su-wrapper is called with (wildcards allowed)
17 # Cmdline -> the argv[1]+argv[2]+... su-wrapper is called with (wildcards allowed)
18 # EUser -> the effective user under which the command is executed
19 # ( - for ignore and use the same user )
20 # EGroup -> the change the group to this.
21 # ECommand -> execute this command
22 # Params -> additional params - not implementet yet.
23 #
24 # Note: the command line is splitted in the command (argv[0])
25 # and cmdline (argv[1]+argv[2]...)
26 #
27 # this eases the usage of symlinks.
29 # IMPORTANT: the lines are processes up to down - the last match
30 # is significant. so if you wann deny some special things,
31 # you have to put them under those lines which would allow them.
33 * * lpd * root root /usr/sbin/lpd.real
34 * * uucp-poll * root root /usr/bin/autopoll
35 * * inet-up * root root /usr/bin/autonet on
36 * * inet-down * root root /usr/bin/autonet off
37 * * inet-poll * root root /usr/bin/autonet poll
38 * * XServer * root root /usr/X11R6/bin/X
39 marduk * rootshell * root root /bin/sh
41 # deny nobody everything, each call from nobody ends up in an empty command
42 nobody - * * - - -