aboutsummaryrefslogtreecommitdiff
path: root/system/sudoers
diff options
context:
space:
mode:
Diffstat (limited to 'system/sudoers')
-rw-r--r--system/sudoers80
1 files changed, 5 insertions, 75 deletions
diff --git a/system/sudoers b/system/sudoers
index 9740719..bb24b9f 100644
--- a/system/sudoers
+++ b/system/sudoers
@@ -7,71 +7,8 @@
## See the sudoers man page for the details on how to write a sudoers file.
##
-##
-## Host alias specification
-##
-## Groups of machines. These may include host names (optionally with wildcards),
-## IP addresses, network numbers or netgroups.
-# Host_Alias WEBSERVERS = www1, www2, www3
-
-##
-## User alias specification
-##
-## Groups of users. These may consist of user names, uids, Unix groups,
-## or netgroups.
-# User_Alias ADMINS = millert, dowdy, mikef
-
-##
-## Cmnd alias specification
-##
-## Groups of commands. Often used to group related commands together.
-# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
-# /usr/bin/pkill, /usr/bin/top
-# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
-
-##
-## Defaults specification
-##
-## You may wish to keep some of the following environment variables
-## when running commands via sudo.
-##
-## Locale settings
-# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
-##
-## Run X applications through sudo; HOME is used to find the
-## .Xauthority file. Note that other programs use HOME to find
-## configuration files and this may lead to privilege escalation!
-# Defaults env_keep += "HOME"
-##
-## X11 resource path settings
-# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
-##
-## Desktop path settings
-# Defaults env_keep += "QTDIR KDEDIR"
-##
-## Allow sudo-run commands to inherit the callers' ConsoleKit session
-# Defaults env_keep += "XDG_SESSION_COOKIE"
-##
-## Uncomment to enable special input methods. Care should be taken as
-## this may allow users to subvert the command being run via sudo.
-# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
-##
-## Uncomment to use a hard-coded PATH instead of the user's to find commands
-# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-##
-## Uncomment to send mail if the user does not enter the correct password.
-# Defaults mail_badpass
-##
-## Uncomment to enable logging of a command's output, except for
-## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
-# Defaults log_output
-# Defaults!/usr/bin/sudoreplay !log_output
-# Defaults!/usr/local/bin/sudoreplay !log_output
-# Defaults!REBOOT !log_output
-
-##
-## Runas alias specification
-##
+Defaults passwd_timeout=0
+Defaults timestamp_timeout=15
##
## User privilege specification
@@ -86,16 +23,9 @@ root ALL=(ALL) ALL
## Run some commands without a password
%wheel ALL=(ALL) NOPASSWD: /usr/bin/pacman -Sy
-%wheel ALL=(ALL) NOPASSWD: /usr/bin/openvpn
-%wheel ALL=(ALL) NOPASSWD: /usr/bin/killall -SIGINT openvpn
-
-## Uncomment to allow members of group sudo to execute any command
-# %sudo ALL=(ALL) ALL
-
-## Uncomment to allow any user to run sudo if they know the password
-## of the user they are running the command as (root by default).
-# Defaults targetpw # Ask for the password of the target user
-# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
+%wheel ALL=(ALL) NOPASSWD: /usr/bin/pacman -Syuw
+%wheel ALL=(ALL) NOPASSWD: /usr/bin/pacman -Syuw --noconfirm
+%wheel ALL=(ALL) NOPASSWD: /usr/bin/pacman -Syyuw --noconfirm
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)