1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
#
# Example /etc/cvtsudoers.conf file
#
# This file is optional and allows you to override the cvtsudoers
# default values.
#
# Only convert Defaults entries of the specified types.
# One or more Defaults types may be specified, separated by a comma (',').
# The supported types are: all, global, user, runas, host, command.
#defaults = all
# Expand aliases in input_file. Aliases are preserved by
# default when the output format is JSON or sudoers.
#expand_aliases = no
# Use an alternate group file. When "match_local" is also enabled, perform
# group queries using the specified file instead of the system group database.
#group_file = /etc/group
# Default input format. Only the sudoers and LDIF formats are supported.
#input_format = sudoers
# Only output rules that match the specified filter. A filter expression
# is made up of one or more key = value pairs, separated by a comma (',').
# The key may be "cmnd" (or "cmd"), "host", "group", or "user".
#match = user=www,group=wheel
# Match locally. If enabled, use password and group database information
# when matching users and groups in the filter. Only users and groups
# in the filter that exist on the local system will match, and a user's
# groups will automatically be added to the filter. By default, users and
# groups in the filter do not need to exist on the local system, but all
# groups used for matching must be explicitly listed in the filter.
#match_local = no
# When generating LDIF output, increment each sudoOrder attribute by the
# specified number. Defaults to an increment of 1.
#order_increment = 1
# When generating LDIF output, use the number specified by "start_point"
# in the sudoOrder attribute of the first sudoRole object. Subsequent
# sudoRole object use a sudoOrder value generated by adding the
# increment set by "order_increment". Defaults to a starting point
# of 1. A starting point of 0 will disable the generation of sudoOrder
# attributes in the resulting LDIF file.
#order_start = 1
# Specify the default output format (case-insensitive). The following
# formats are supported: csv | json | ldif | sudoers.
# Defaults to LDIF.
#output_format = ldif
# When generating LDIF output, construct the initial sudoOrder value
# by concatenating order_start and increment, padding the increment
# with zeros until it consists of padding digits. For example, if
# order_start is 1027, padding is 3, and increment is 1, the value
# of sudoOrder for the first entry will be 1027000, followed by
# 1027001, 1027002, etc. If the number of sudoRole entries is larger
# than the padding would allow, cvtsudoers will exit with an error.
# By default, no padding is performed.
#padding = 0
# Use an alternate passwd file. When "match_local" is also enabled, perform
# passwd queries using the specified file instead of the system passwd database.
#passwd_file = /etc/passwd
# When "match_local" is also enabled, cvtsudoers will prune
# out non-matching users, groups and hosts from matching entries.
# Defaults to no.
#prune_matches = no
# The base DN (distinguished name) that will be used when performing LDAP
# queries. If this option is not specified, the value of the SUDOERS_BASE
# environment variable will be used instead.
#sudoers_base = ou=SUDOers,dc=my-domain,dc=com
# Suppress the output of specific sections of the security policy.
# One or more section names may be specified, separated by a comma (',').
# The supported section name are: defaults, aliases and privileges
# (which may be shortened to privs).
#suppress = defaults,aliases,privs
|