summaryrefslogtreecommitdiffstats
path: root/examples/cvtsudoers.conf
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--examples/cvtsudoers.conf82
1 files changed, 82 insertions, 0 deletions
diff --git a/examples/cvtsudoers.conf b/examples/cvtsudoers.conf
new file mode 100644
index 0000000..3d21154
--- /dev/null
+++ b/examples/cvtsudoers.conf
@@ -0,0 +1,82 @@
+#
+# Example /etc/cvtsudoers.conf file
+#
+# This file is optional and allows you to override the cvtsudoers
+# default values.
+#
+
+# Only convert Defaults entries of the specified types.
+# One or more Defaults types may be specified, separated by a comma (',').
+# The supported types are: all, global, user, runas, host, command.
+#defaults = all
+
+# Expand aliases in input_file. Aliases are preserved by
+# default when the output format is JSON or sudoers.
+#expand_aliases = no
+
+# Use an alternate group file. When "match_local" is also enabled, perform
+# group queries using the specified file instead of the system group database.
+#group_file = /etc/group
+
+# Default input format. Only the sudoers and LDIF formats are supported.
+#input_format = sudoers
+
+# Only output rules that match the specified filter. A filter expression
+# is made up of one or more key = value pairs, separated by a comma (',').
+# The key may be "cmnd" (or "cmd"), "host", "group", or "user".
+#match = user=www,group=wheel
+
+# Match locally. If enabled, use password and group database information
+# when matching users and groups in the filter. Only users and groups
+# in the filter that exist on the local system will match, and a user's
+# groups will automatically be added to the filter. By default, users and
+# groups in the filter do not need to exist on the local system, but all
+# groups used for matching must be explicitly listed in the filter.
+#match_local = no
+
+# When generating LDIF output, increment each sudoOrder attribute by the
+# specified number. Defaults to an increment of 1.
+#order_increment = 1
+
+# When generating LDIF output, use the number specified by "start_point"
+# in the sudoOrder attribute of the first sudoRole object. Subsequent
+# sudoRole object use a sudoOrder value generated by adding the
+# increment set by "order_increment". Defaults to a starting point
+# of 1. A starting point of 0 will disable the generation of sudoOrder
+# attributes in the resulting LDIF file.
+#order_start = 1
+
+# Specify the default output format (case-insensitive). The following
+# formats are supported: csv | json | ldif | sudoers.
+# Defaults to LDIF.
+#output_format = ldif
+
+# When generating LDIF output, construct the initial sudoOrder value
+# by concatenating order_start and increment, padding the increment
+# with zeros until it consists of padding digits. For example, if
+# order_start is 1027, padding is 3, and increment is 1, the value
+# of sudoOrder for the first entry will be 1027000, followed by
+# 1027001, 1027002, etc. If the number of sudoRole entries is larger
+# than the padding would allow, cvtsudoers will exit with an error.
+# By default, no padding is performed.
+#padding = 0
+
+# Use an alternate passwd file. When "match_local" is also enabled, perform
+# passwd queries using the specified file instead of the system passwd database.
+#passwd_file = /etc/passwd
+
+# When "match_local" is also enabled, cvtsudoers will prune
+# out non-matching users, groups and hosts from matching entries.
+# Defaults to no.
+#prune_matches = no
+
+# The base DN (distinguished name) that will be used when performing LDAP
+# queries. If this option is not specified, the value of the SUDOERS_BASE
+# environment variable will be used instead.
+#sudoers_base = ou=SUDOers,dc=my-domain,dc=com
+
+# Suppress the output of specific sections of the security policy.
+# One or more section names may be specified, separated by a comma (',').
+# The supported section name are: defaults, aliases and privileges
+# (which may be shortened to privs).
+#suppress = defaults,aliases,privs