# This file lists commands that super(1) will execute for you as root. # See the super.5 man page for information. # Global options ========================================================= # # Shell patterns are usually much more convenient to deal with in # a super.tab file. :global patterns=shell # Limits on arguments: ## # 0 or 1 argument per command ## :global nargs=0-1 # Arguments must be simple words w/o characters that may special to shells. # ==> N.B. Put this *after* you change the "patterns=xxx" option # :if $PATTERNS == shell :global arg1-99="[[-/:+.,_a-zA-Z0-9]]" :if $PATTERNS != shell :global arg1-99="^[-/:+.,_a-zA-Z0-9]*$$" # Log super actions to a file, under uid=sysmgr. (Note that loguid has to # be part of same :global_options entry as logfile.) :global logfile=/usr/adm/super.log loguid=sysmgr # Mail msgs regarding super errors to user joeblow (default is no mail): # :global mail="/usr/bin/mailx -s '*** super ***' joeblow" # Also log via syslog (just for demonstration :-). # :global syslog=y syslog_error=auth.local1 syslog_success="LOG_INFO | LOCAL2" # This says the user doesn't need to re-enter password if super cmds are # issued frequently (so that we "know" they are coming from one person). :global renewtime=y # ======================================================================= # Give access to line printer commands to some users outside office hours. # (During office hours, the regular system manager keeps these functions.) # :define OfficeHours {8:00-12:00,13:00-17:00}/{mon,tue,wed,thu,fri} # Some line printer commands that we want to give away to certain users. # (The asterisk in the FullPath is replaced by the command; thus # typing super enable executes /usr/bin/enable.) :define LP_commands {enable,disable,lpstat}::/usr/bin/* \ {lpadmin,lpsched,lpshut}::/usr/lib/* # The users who can use the line printer commands, and the hosts # from which they can use the commands: # :define LP_users jack@bucket jill@hill # During non-office hours, the following people can use the LP_commands. # (Note the use of "!time" to mean time _not_ in the $OfficeHours range.) $LP_commands $LP_users !time~$OfficeHours # ======================================================================= # The people who can use timeout/restart are: # :define TimeoutUsers :operator :wheel gv phillips srk # timeout and restart timeout /usr/local/bin/timeout $TimeoutUsers \ info="Temporarily stop any processes of any user." \ password=y echo_nopw /bin/echo $TimeoutUsers \ info="echo args" \ password=n echo_pw /bin/echo $TimeoutUsers \ info="echo args" \ password=y restart /usr/local/bin/restart $TimeoutUsers \ info="Restart a timeout'd process before the scheduled time." # ======================================================================= # Restrictions on CD-ROM mounting: # tas is the only user who may mount cd's on elgar; anybody in # group xyz may mount cd's on alpha or delta; and anybody on a # host in the netgroup "india" may mount a CD on the "india" machines. cdmount /usr/local/bin/cdmount \ info="Mounts a CD-ROM on /cdrom" \ tas@elgar \ :xyz@{alpha,delta} \ @+india :global patterns=posix/extended posix1 /bin/echo arg1="(abc.*xyz|zyx.*abc)" user~.* :global patterns=posix/extended/icase posix2 /bin/echo arg1="(abc.*xyz|zyx.*abc)" user~.*