sudoers conf

2022-06-04 13:17:43 +00:00 · 2022-06-04 13:17:43 +00:00 · 1b16c79148
parent d873cbcc21
commit 1b16c79148
2 changed files with 12 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -67,3 +67,8 @@ Allow sshd to listen on the non-default TCP port 4242:
 ```bash
 semanage port --add -t ssh_port_t -p tcp 4242
 ```
+
+### sudo
+
+Add the provided [sudoers policy file](rootfs/etc/sudoers.d/Born2beroot) in
+`/etc/sudoers.d`.
--- a/rootfs/etc/sudoers.d/Born2beroot
+++ b/rootfs/etc/sudoers.d/Born2beroot
@ -0,0 +1,7 @@
+Defaults log_input, log_output, requiretty
+Defaults iolog_dir = /var/log/sudo/io/%{user}
+Defaults iolog_file = %{runas_user}-%{command}-XXXXXX
+Defaults logfile=/var/log/sudo/sudo.log
+Defaults badpass_message = Nope...
+
+%sudo ALL=(ALL) ALL