1
#
2
# Example /etc/cvtsudoers.conf file
3
#
4
# This file is optional and allows you to override the cvtsudoers
5
# default values.
6
#
7

8
# Only convert Defaults entries of the specified types.
9
# One or more Defaults types may be specified, separated by a comma (',').
10
# The supported types are: all, global, user, runas, host, command.
11
#defaults = all
12

13
# Expand aliases in input_file.  Aliases are preserved by
14
# default when the output format is JSON or sudoers.
15
#expand_aliases = no
16

17
# Use an alternate group file.  When "match_local" is also enabled, perform
18
# group queries using the specified file instead of the system group database.
19
#group_file = /etc/group
20

21
# Default input format.  Only the sudoers and LDIF formats are supported.
22
#input_format = sudoers
23

24
# Only output rules that match the specified filter.  A filter expression
25
# is made up of one or more key = value pairs, separated by a comma (',').
26
# The key may be "cmnd" (or "cmd"), "host", "group", or "user".
27
#match = user=www,group=wheel
28

29
# Match locally.  If enabled, use password and group database information
30
# when matching users and groups in the filter.  Only users and groups
31
# in the filter that exist on the local system will match, and a user's
32
# groups will automatically be added to the filter.  By default, users and
33
# groups in the filter do not need to exist on the local system, but all
34
# groups used for matching must be explicitly listed in the filter.
35
#match_local = no
36

37
# When generating LDIF output, increment each sudoOrder attribute by the
38
# specified number.  Defaults to an increment of 1.
39
#order_increment = 1
40

41
# When generating LDIF output, use the number specified by "start_point"
42
# in the sudoOrder attribute of the first sudoRole object.  Subsequent
43
# sudoRole object use a sudoOrder value generated by adding the
44
# increment set by "order_increment".  Defaults to a starting point
45
# of 1.  A starting point of 0 will disable the generation of sudoOrder
46
# attributes in the resulting LDIF file.
47
#order_start = 1
48

49
# Specify the default output format (case-insensitive).  The following
50
# formats are supported: csv | json | ldif | sudoers.
51
# Defaults to LDIF.
52
#output_format = ldif
53

54
# When generating LDIF output, construct the initial sudoOrder value
55
# by concatenating order_start and increment, padding the increment
56
# with zeros until it consists of padding digits.  For example, if
57
# order_start is 1027, padding is 3, and increment is 1, the value
58
# of sudoOrder for the first entry will be 1027000, followed by
59
# 1027001, 1027002, etc.  If the number of sudoRole entries is larger
60
# than the padding would allow, cvtsudoers will exit with an error.
61
# By default, no padding is performed.
62
#padding = 0
63

64
# Use an alternate passwd file.  When "match_local" is also enabled, perform
65
# passwd queries using the specified file instead of the system passwd database.
66
#passwd_file = /etc/passwd
67

68
# When "match_local" is also enabled, cvtsudoers will prune
69
# out non-matching users, groups and hosts from matching entries.
70
# Defaults to no.
71
#prune_matches = no
72

73
# The base DN (distinguished name) that will be used when performing LDAP
74
# queries.  If this option is not specified, the value of the SUDOERS_BASE
75
# environment variable will be used instead.
76
#sudoers_base = ou=SUDOers,dc=my-domain,dc=com
77

78
# Suppress the output of specific sections of the security policy.
79
# One or more section names may be specified, separated by a comma (',').
80
# The supported section name are: defaults, aliases and privileges
81
# (which may be shortened to privs).
82
#suppress = defaults,aliases,privs
83

84