# # A simple example config for op(1). See the man page for more information or # op.conf.complex for a complex multi-user/multi-system configuration. # # Syntaxe: # VAR=value # DEFAULT option... # mnemonic command [arg...] ; [option...] # # command : path | MAGIC_SHELL # arg : literal | $1..$n $* # option: # uid=user (root) gid=group dir=dir chroot=dir umask=0### (022) # groups=group|... users=user|... fowners=user:group fperms=0### # password environment nolog xauth[=user] help="..." # $VAR $VAR=... $1..$n $* # login : $SHELL $TERM $HOME $LOGNAME $PATH $MAIL # su : $SHELL $TERM $DISPLAY $XAUTHORITY $HOME $USER $LOGNAME $PATH # sudo -i : $DISPLAY $PATH $TERM $HOME $MAIL $SHELL $HOME $LOGNAME ## List of privileged users GRP_PRIVALL=root|wheel|expl|keypriv DEFAULT $COLORS $DISPLAY $HOSTNAME $HISTSIZE $INPUTRC $KDEDIR $LS_COLORS $MAIL $PS1 $PS2 $QTDIR $USERNAME $LANG $LC_ADDRESS $LC_CTYPE $LC_COLLATE $LC_IDENTIFICATION $LC_MEASUREMENT $LC_MESSAGES $LC_MONETARY $LC_NAME $LC_NUMERIC $LC_PAPER $LC_TELEPHONE $LC_TIME $LC_ALL $LANGUAGE $LINGUAS $_XKB_CHARSET $TERM $XAUTHORITY ## List of privileged commands id /usr/bin/id $*; groups=GRP_PRIVALL help="id" env /bin/env $*; groups=GRP_PRIVALL environment help="env [arg...] + env" magic MAGIC_SHELL; groups=GRP_PRIVALL environment help="magic command [arg...] + env" sh /bin/sh $*; groups=GRP_PRIVALL environment help="sh [arg...] + env" -- /bin/su -; groups=GRP_PRIVALL $TERM $DISPLAY help="su -" - /bin/sh -c ' while [ -n "${DISPLAY}" -a -z "${XAUTHORITY}" ]; do found=0 for xauth in /usr/bin/xauth /usr/bin/X11/xauth /usr/openwin/bin/xauth; do [ -x ${xauth} ] && found=1 && break done [ ${found} = 0 ] && break home=$(eval echo ~$(id -un)) if [ -f /stand/vmunix ]; then export XAUTHORITY=$(mktemp -c -d "${home}" -p .xauth) elif [ -f /proc/version ]; then export XAUTHORITY=$(mktemp -t -p "${home}" .xauthXXXXXX) fi until [ -f "${XAUTHORITY}" ]; do XAUTHORITY=${home}/.xauth$(awk \'BEGIN{srand();printf "%06.6i", int(rand()*1000000)}\' /dev/null) touch "${XAUTHORITY}.$$" 2> /dev/null || break; break= ln "${XAUTHORITY}.$$" "${XAUTHORITY}" 2> /dev/null && break= rm -f "${XAUTHORITY}.$$"; $break done [ ! -f "${XAUTHORITY}" ] && unset XAUTHORITY && break ((sleep 5; rm -f "${XAUTHORITY}") &) eval ${xauth} -f ~${USER}/.Xauthority extract - :${DISPLAY#*:} | ${xauth} merge -; break done [ -z "${XAUTHORITY}" ] && unset DISPLAY exec /bin/su -'; groups=GRP_PRIVALL $TERM $DISPLAY help="su -" su /bin/su $*; help="su [arg...] + env" groups=GRP_PRIVALL environment op /bin/su $*; groups=GRP_PRIVALL $TERM $DISPLAY $USER=root $LOGNAME=root help="su [arg...] - env"