On Aug 2, 2008, at 2:00 AM, Ralph Shumaker wrote:
Well, then, if I am getting this correctly:If I want rafael to be able to run ALL commands as (ALL) users, but only from the local machine (i.e. *not* if connected in from some remote machine), then in sudoers, I can use:rafael localhost = (ALL) ALL
No. The hostname field is there because sudoers files are typically distributed to multiple systems (like we do at UCSD; we write one sudoers file and send it everywhere).
The hostname field is used to match against the local system's hostname. This allows you to have a single sudoer's file that grants different rights on different hosts. It has nothing to do with what host you're connecting from.
From the sudoers (5) manpage: -----A Host_List is made up of one or more hostnames, IP addresses, network numbers, netgroups (prefixed with '+') and other aliases. Again, the value of an item may be negated with the '!' operator. If you do not specify a netmask with a network number, the netmask of the host's eth- ernet interface(s) will be used when matching. The netmask may be specified either in dotted quad notation (e.g. 255.255.255.0) or CIDR notation (number of bits, e.g. 24). A hostname may include shell-style wildcards (see the Wildcards section below), but unless the hostname command on your machine returns the fully qualified hostname, you'll need to use the fqdn option for wildcards to be useful.
----- Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
