# # Example /etc/cvtsudoers.conf file # # This file is optional and allows you to override the cvtsudoers # default values. # # Only convert Defaults entries of the specified types. # One or more Defaults types may be specified, separated by a comma (','). # The supported types are: all, global, user, runas, host, command. #defaults = all # Expand aliases in input_file. Aliases are preserved by # default when the output format is JSON or sudoers. #expand_aliases = no # Use an alternate group file. When "match_local" is also enabled, perform # group queries using the specified file instead of the system group database. #group_file = /etc/group # Default input format. Only the sudoers and LDIF formats are supported. #input_format = sudoers # Only output rules that match the specified filter. A filter expression # is made up of one or more key = value pairs, separated by a comma (','). # The key may be "cmnd" (or "cmd"), "host", "group", or "user". #match = user=www,group=wheel # Match locally. If enabled, use password and group database information # when matching users and groups in the filter. Only users and groups # in the filter that exist on the local system will match, and a user's # groups will automatically be added to the filter. By default, users and # groups in the filter do not need to exist on the local system, but all # groups used for matching must be explicitly listed in the filter. #match_local = no # When generating LDIF output, increment each sudoOrder attribute by the # specified number. Defaults to an increment of 1. #order_increment = 1 # When generating LDIF output, use the number specified by "start_point" # in the sudoOrder attribute of the first sudoRole object. Subsequent # sudoRole object use a sudoOrder value generated by adding the # increment set by "order_increment". Defaults to a starting point # of 1. A starting point of 0 will disable the generation of sudoOrder # attributes in the resulting LDIF file. #order_start = 1 # Specify the default output format (case-insensitive). The following # formats are supported: csv | json | ldif | sudoers. # Defaults to LDIF. #output_format = ldif # When generating LDIF output, construct the initial sudoOrder value # by concatenating order_start and increment, padding the increment # with zeros until it consists of padding digits. For example, if # order_start is 1027, padding is 3, and increment is 1, the value # of sudoOrder for the first entry will be 1027000, followed by # 1027001, 1027002, etc. If the number of sudoRole entries is larger # than the padding would allow, cvtsudoers will exit with an error. # By default, no padding is performed. #padding = 0 # Use an alternate passwd file. When "match_local" is also enabled, perform # passwd queries using the specified file instead of the system passwd database. #passwd_file = /etc/passwd # When "match_local" is also enabled, cvtsudoers will prune # out non-matching users, groups and hosts from matching entries. # Defaults to no. #prune_matches = no # The base DN (distinguished name) that will be used when performing LDAP # queries. If this option is not specified, the value of the SUDOERS_BASE # environment variable will be used instead. #sudoers_base = ou=SUDOers,dc=my-domain,dc=com # Suppress the output of specific sections of the security policy. # One or more section names may be specified, separated by a comma (','). # The supported section name are: defaults, aliases and privileges # (which may be shortened to privs). #suppress = defaults,aliases,privs