From: Frank Brehm Date: Mon, 16 Jan 2012 06:21:22 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=ce3d5c4ccb9d94ad97f92d6e293a8856131ab435;p=config%2Fbruni%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/._cfg0000_sudoers b/._cfg0000_sudoers new file mode 100644 index 00000000..0d7760be --- /dev/null +++ b/._cfg0000_sudoers @@ -0,0 +1,90 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +# Host_Alias WEBSERVERS = www1, www2, www3 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +# User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ +# /usr/bin/pkill, /usr/bin/top + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +# Defaults log_output +# Defaults!/usr/bin/sudoreplay !log_output +# Defaults!/usr/local/bin/sudoreplay !log_output +# Defaults!/sbin/reboot !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from /etc/sudoers.d +## (the '#' here does not indicate a comment) +#includedir /etc/sudoers.d diff --git a/.etckeeper b/.etckeeper index c1bef4e1..2a6e7479 100755 --- a/.etckeeper +++ b/.etckeeper @@ -14,6 +14,7 @@ mkdir -p './skel/.ssh' mkdir -p './sudoers.d' mkdir -p './unixODBC/ODBCDataSources' maybe chmod 0755 '.' +maybe chmod 0440 './._cfg0000_sudoers' maybe chmod 0600 './._cfg0000_ulogd.conf' maybe chmod 0700 './.etckeeper' maybe chmod 0644 './.gitignore' @@ -395,6 +396,7 @@ maybe chmod 0644 './ld.so.cache' maybe chmod 0644 './ld.so.conf' maybe chmod 0755 './ld.so.conf.d' maybe chmod 0644 './ld.so.conf.d/05binutils.conf' +maybe chmod 0440 './ldap.conf.sudo' maybe chmod 0755 './local.d' maybe chmod 0644 './local.d/README' maybe chmod 0644 './locale.gen' diff --git a/ldap.conf.sudo b/ldap.conf.sudo new file mode 100644 index 00000000..934f1b99 --- /dev/null +++ b/ldap.conf.sudo @@ -0,0 +1,5 @@ +# See ldap.conf(5) and README.LDAP for details\n" +# This file should only be readable by root\n\n" +# supported directives: host, port, ssl, ldap_version\n" +# uri, binddn, bindpw, sudoers_base, sudoers_debug\n" +# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key