From ae581a19fbe896a797450b9d9573fb66f2735227 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:37:38 +0200 Subject: Adding upstream version 1.9.13p3. Signed-off-by: Daniel Baumann --- examples/cvtsudoers.conf | 82 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 examples/cvtsudoers.conf (limited to 'examples/cvtsudoers.conf') diff --git a/examples/cvtsudoers.conf b/examples/cvtsudoers.conf new file mode 100644 index 0000000..3d21154 --- /dev/null +++ b/examples/cvtsudoers.conf @@ -0,0 +1,82 @@ +# +# Example /etc/cvtsudoers.conf file +# +# This file is optional and allows you to override the cvtsudoers +# default values. +# + +# Only convert Defaults entries of the specified types. +# One or more Defaults types may be specified, separated by a comma (','). +# The supported types are: all, global, user, runas, host, command. +#defaults = all + +# Expand aliases in input_file. Aliases are preserved by +# default when the output format is JSON or sudoers. +#expand_aliases = no + +# Use an alternate group file. When "match_local" is also enabled, perform +# group queries using the specified file instead of the system group database. +#group_file = /etc/group + +# Default input format. Only the sudoers and LDIF formats are supported. +#input_format = sudoers + +# Only output rules that match the specified filter. A filter expression +# is made up of one or more key = value pairs, separated by a comma (','). +# The key may be "cmnd" (or "cmd"), "host", "group", or "user". +#match = user=www,group=wheel + +# Match locally. If enabled, use password and group database information +# when matching users and groups in the filter. Only users and groups +# in the filter that exist on the local system will match, and a user's +# groups will automatically be added to the filter. By default, users and +# groups in the filter do not need to exist on the local system, but all +# groups used for matching must be explicitly listed in the filter. +#match_local = no + +# When generating LDIF output, increment each sudoOrder attribute by the +# specified number. Defaults to an increment of 1. +#order_increment = 1 + +# When generating LDIF output, use the number specified by "start_point" +# in the sudoOrder attribute of the first sudoRole object. Subsequent +# sudoRole object use a sudoOrder value generated by adding the +# increment set by "order_increment". Defaults to a starting point +# of 1. A starting point of 0 will disable the generation of sudoOrder +# attributes in the resulting LDIF file. +#order_start = 1 + +# Specify the default output format (case-insensitive). The following +# formats are supported: csv | json | ldif | sudoers. +# Defaults to LDIF. +#output_format = ldif + +# When generating LDIF output, construct the initial sudoOrder value +# by concatenating order_start and increment, padding the increment +# with zeros until it consists of padding digits. For example, if +# order_start is 1027, padding is 3, and increment is 1, the value +# of sudoOrder for the first entry will be 1027000, followed by +# 1027001, 1027002, etc. If the number of sudoRole entries is larger +# than the padding would allow, cvtsudoers will exit with an error. +# By default, no padding is performed. +#padding = 0 + +# Use an alternate passwd file. When "match_local" is also enabled, perform +# passwd queries using the specified file instead of the system passwd database. +#passwd_file = /etc/passwd + +# When "match_local" is also enabled, cvtsudoers will prune +# out non-matching users, groups and hosts from matching entries. +# Defaults to no. +#prune_matches = no + +# The base DN (distinguished name) that will be used when performing LDAP +# queries. If this option is not specified, the value of the SUDOERS_BASE +# environment variable will be used instead. +#sudoers_base = ou=SUDOers,dc=my-domain,dc=com + +# Suppress the output of specific sections of the security policy. +# One or more section names may be specified, separated by a comma (','). +# The supported section name are: defaults, aliases and privileges +# (which may be shortened to privs). +#suppress = defaults,aliases,privs -- cgit v1.2.3