sonic-buildimage/files/image_config/sudoers/sudoers

44 lines
1.6 KiB
Plaintext

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
#Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults env_keep += "VTYSH_PAGER"
# Host alias specification
# User alias specification
# Cmnd alias specification
# Note: bcmcmd is dangerous for users in read only netgroups because it may operate ASIC
Cmnd_Alias READ_ONLY_CMDS = /usr/bin/decode-syseeprom, \
/usr/bin/docker images *, \
/usr/bin/docker exec -it snmp cat /etc/snmp/snmpd.conf, \
/usr/bin/docker exec -it bgp cat /etc/quagga/bgpd.conf, \
/usr/bin/generate_dump, \
/usr/bin/lldpctl, \
/usr/bin/lldpshow, \
/usr/bin/sensors, \
/usr/bin/sfputil, \
/usr/bin/vtysh -c show *, \
/bin/cat /var/log/syslog, \
/usr/bin/tail -f /var/log/syslog
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d