File: sample.tab

package info (click to toggle)
super 3.30.0-2+lenny1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 1,072 kB
  • ctags: 755
  • sloc: ansic: 10,089; sh: 288; makefile: 204
file content (95 lines) | stat: -rw-r--r-- 3,373 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# This file lists commands that super(1) will execute for you as root.

# See the super.5 man page for information.

# Global options =========================================================
#
# Shell patterns are usually much more convenient to deal with in
# a super.tab file.
:global patterns=shell

# Limits on arguments:
## # 0 or 1 argument per command
## :global nargs=0-1
# Arguments must be simple words w/o characters that may special to shells.
# ==> N.B. Put this *after* you change the "patterns=xxx" option
#
:if $PATTERNS == shell   :global arg1-99="[[-/:+.,_a-zA-Z0-9]]"
:if $PATTERNS != shell   :global arg1-99="^[-/:+.,_a-zA-Z0-9]*$$"

# Log super actions to a file, under uid=sysmgr.  (Note that loguid has to
# be part of same :global_options entry as logfile.)
:global logfile=/usr/adm/super.log loguid=sysmgr

# Mail msgs regarding super errors to user joeblow (default is no mail):
# :global	mail="/usr/bin/mailx -s '*** super ***' joeblow" 

# Also log via syslog (just for demonstration :-).
# :global	syslog=y  syslog_error=auth.local1 syslog_success="LOG_INFO | LOCAL2"

# This says the user doesn't need to re-enter password if super cmds are
# issued frequently (so that we "know" they are coming from one person).
:global	renewtime=y

# =======================================================================
# Give access to line printer commands to some users outside office hours.
# (During office hours, the regular system manager keeps these functions.)
#
:define OfficeHours {8:00-12:00,13:00-17:00}/{mon,tue,wed,thu,fri}

# Some line printer commands that we want to give away to certain users.
# (The asterisk in the FullPath is replaced by the command; thus
# typing   super enable   executes /usr/bin/enable.)
:define LP_commands	{enable,disable,lpstat}::/usr/bin/* \
			{lpadmin,lpsched,lpshut}::/usr/lib/*

# The users who can use the line printer commands, and the hosts
# from which they can use the commands:
#
:define LP_users	jack@bucket jill@hill

# During non-office hours, the following people can use the LP_commands.
# (Note the use of "!time" to mean time _not_ in the $OfficeHours range.)
$LP_commands	$LP_users	!time~$OfficeHours



# =======================================================================
# The people who can use timeout/restart are:
#
:define TimeoutUsers  :operator :wheel gv phillips srk

# timeout and restart

timeout		/usr/local/bin/timeout	$TimeoutUsers \
		info="Temporarily stop any processes of any user." \
		password=y

echo_nopw	/bin/echo	$TimeoutUsers \
		info="echo args" \
		password=n

echo_pw		/bin/echo	$TimeoutUsers \
		info="echo args" \
		password=y

restart		/usr/local/bin/restart	$TimeoutUsers \
		info="Restart a timeout'd process before the scheduled time."


# =======================================================================
# Restrictions on CD-ROM mounting:
#	tas is the only user who may mount cd's on elgar; anybody in
#	group xyz may mount cd's on alpha or delta; and anybody on a
#	host in the netgroup "india" may mount a CD on the "india" machines.

cdmount		/usr/local/bin/cdmount			\
		info="Mounts a CD-ROM on /cdrom"	\
				tas@elgar		\
				:xyz@{alpha,delta}	\
				@+india

:global patterns=posix/extended
posix1		/bin/echo arg1="(abc.*xyz|zyx.*abc)" user~.*
:global patterns=posix/extended/icase
posix2		/bin/echo arg1="(abc.*xyz|zyx.*abc)" user~.*