OCI_opcユーザのsudo設定
Categories:
Oracle Linux 8
/etc/sudoersのデフォルト設定
- rootユーザへのsudo許可(全コマンド、要パスワード)
- wheelグループへのsudo許可(全コマンド、要パスワード)
- opcユーザへのsudo許可(全コマンド、パスワード不要)
[root@instance-20250718-2217 sudoers.d]# cat /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Refuse to run if unable to disable echo on the tty.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list.
#
Defaults always_set_home
Defaults match_group_by_gid
# Prior to version 1.8.15, groups listed in sudoers that were not
# found in the system group database were passed to the group
# plugin, if any. Starting with 1.8.15, only groups of the form
# %:group are resolved via the group plugin by default.
# We enable always_query_group_plugin to restore old behavior.
# Disable this option for new behavior.
Defaults always_query_group_plugin
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
[root@instance-20250718-2217 sudoers.d]#
/etc/sudoers.d/から読み込まれるファイルの一つ「90-cloud-init-users」にopcユーザのsudo許可が書かれる
※ファイルの一つと書いたのは厳密には/etc/sudoers.d/内に他のファイルもありシステムユーザ用の設定が入っているから。ファイル内容は記事末尾に記載
[root@instance-20250718-2217 sudoers.d]# cat /etc/sudoers.d/90-cloud-init-users
# Created by cloud-init v. 23.4-7.0.2.el8_10.9 on Fri, 18 Jul 2025 13:20:23 +0000
# User rules for opc
opc ALL=(ALL) NOPASSWD:ALL
[root@instance-20250718-2217 sudoers.d]#
昔はopcグループにsudo許可が付いていたが現在ではopcグループではなくopcユーザに付いている。
https://cosol.jp/techdb/2015/12/os_user_opc_oracle/
Ubuntu 24
基本は同じ
ただしUbuntu上にもopcユーザも作られているもののUbuntuユーザでのopcに相当する管理ユーザはubuntu。
ubuntu@instance-blogs:~$ sudo cat /etc/passwd | grep opc
opc:x:1000:1000::/home/opc:/bin/sh
ubuntu@instance-blogs:~$ sudo cat /etc/passwd | grep ubuntu
ubuntu:x:1001:1001:Ubuntu:/home/ubuntu:/bin/bash
ubuntu@instance-blogs:~$
ubuntu@instance-blogs:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu
# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532)
Defaults use_pty
# This preserves proxy settings from user environments of root
# equivalent users (group sudo)
#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"
# This allows running arbitrary commands, but so does ALL, and it means
# different sudoers have their choice of editor respected.
#Defaults:%sudo env_keep += "EDITOR"
# Completely harmless preservation of a user preference.
#Defaults:%sudo env_keep += "GREP_COLOR"
# While you shouldn't normally run git as root, you need to with etckeeper
#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*"
# Per-user preferences; root won't have sensible values for them.
#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME"
# "sudo scp" or "sudo rsync" should be able to use your SSH agent.
#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK"
# Ditto for GPG agent
#Defaults:%sudo env_keep += "GPG_AGENT_INFO"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
ubuntu@instance-blogs:~$
root@instance-blogs:/etc/sudoers.d# cat 90-cloud-init-users
# Created by cloud-init v. 24.4.1-0ubuntu0~24.04.2 on Fri, 18 Apr 2025 08:11:17 +0000
# User rules for ubuntu
ubuntu ALL=(ALL) NOPASSWD:ALL
root@instance-blogs:/etc/sudoers.d#
参考:その他の/etc/sudoers.dファイル
Oracle Linux 8
[root@instance-20250721-1706 ~]# cd /etc/sudoers.d/
[root@instance-20250721-1706 sudoers.d]# ls -ltr
total 20
-r--r-----. 1 root root 5059 May 2 07:01 100-oracle-cloud-agent-users
-r--r-----. 1 root root 746 May 2 07:01 090-oca-vss-plugin-commands
-r--r-----. 1 root root 375 May 2 07:01 091-oca-alx-plugin-commands
-r--r-----. 1 root root 131 Jul 21 08:08 90-cloud-init-users
[root@instance-20250721-1706 sudoers.d]# cat 090-oca-vss-plugin-commands
Cmnd_Alias SSHD_COMMAND = /bin/sshd, /usr/bin/sshd, /usr/sbin/sshd
Cmnd_Alias LS_COMMAND = /bin/ls, /usr/bin/ls, /usr/sbin/ls
Cmnd_Alias MV_COMMAND = /bin/mv, /usr/bin/mv, /usr/sbin/mv
Cmnd_Alias STAT_COMMAND = /bin/stat, /usr/bin/stat, /usr/sbin/stat
Cmnd_Alias VSSTOOLS_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/oci-vulnerabilityscan/vss-tools, /snap/oracle-cloud-agent/current/plugins/oci-vulnerabilityscan/vss-tools
Cmnd_Alias QA_COMMAND = /var/lib/oracle-cloud-agent/plugins/oci-vulnerabilityscan/qualys/agent_image/QualysAgentWrapper.sh
Cmnd_Alias CAT_COMMAND = /bin/cat, /usr/bin/cat, /usr/sbin/cat
Cmnd_Alias MKDIR_COMMAND = /bin/mkdir, /usr/bin/mkdir, /usr/sbin/mkdir
Cmnd_Alias RM_COMMAND = /bin/rm, /usr/bin/rm, /usr/sbin/rm
[root@instance-20250721-1706 sudoers.d]# cat 091-oca-alx-plugin-commands
Cmnd_Alias ALX_CMNDS = /usr/sbin/alx, \
/bin/yum, \
/usr/sbin/uptrack-show, \
/bin/abrt-cli, \
/bin/systemctl * abrtd, \
/bin/systemctl * abrt-oops, \
/bin/systemctl * abrt-vmcore, \
/bin/systemctl * kdump
[root@instance-20250721-1706 sudoers.d]# cat 100-oracle-cloud-agent-users
Cmnd_Alias PLUGINS = /usr/libexec/oracle-cloud-agent/plugins/osms/osms-agent, \
/usr/libexec/oracle-cloud-agent/plugins/osmsv2/osmsv2
Cmnd_Alias ISCSIADM = /sbin/iscsiadm, /usr/sbin/iscsiadm
Cmnd_Alias DMSETUP = /sbin/dmsetup, /usr/sbin/dmsetup
Cmnd_Alias MULTIPATH_INSTALL = /bin/yum install -y device-mapper-multipath, \
/usr/bin/yum install -y device-mapper-multipath, \
/bin/dnf install -y device-mapper-multipath, \
/usr/bin/dnf install -y device-mapper-multipath
Cmnd_Alias MULTIPATH_SYSTEMD = /bin/systemctl * multipathd.service, \
/bin/systemctl * multipath-tools
Cmnd_Alias MULTIPATH_LIST = /sbin/multipath *, /usr/sbin/multipath *
Cmnd_Alias TEE_COMMAND = /bin/tee, /usr/bin/tee
Cmnd_Alias TASKSET_COMMAND = /bin/taskset, /usr/bin/taskset
Cmnd_Alias IP_COMMAND = /sbin/ip, /usr/sbin/ip
Cmnd_Alias UMOUNT_COMMAND = /bin/umount, /usr/bin/umount
Cmnd_Alias LN_COMMAND = /bin/ln, /usr/bin/ln
Cmnd_Alias SYSTEMDRUN_COMMAND = /usr/bin/systemd-run
Cmnd_Alias SNAP_COMMAND = /usr/bin/snap
Cmnd_Alias KILL = /usr/bin/kill, /bin/kill
Cmnd_Alias UPGRADE = /bin/yum, \
/bin/dnf, \
/usr/bin/yum, \
/usr/bin/dnf
Cmnd_Alias RUN_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/runcommand/runcommand
Cmnd_Alias JMS_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/oci-jms/oci-jms
Cmnd_Alias OSMH_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/oci-osmh/oci-osmh
Cmnd_Alias WLMS_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/oci-wlms/wlms_agent
Cmnd_Alias OCI_RDMA_AUTHENTICATION = /usr/libexec/oracle-cloud-agent/plugins/oci-hpc/oci-rdma-authentication/oci-rdma-authentication
Cmnd_Alias OCI_HPC_MONITORING = /usr/libexec/oracle-cloud-agent/plugins/oci-hpc/oci-hpc-monitoring/oci-hpc-monitoring
Cmnd_Alias OCI_HPC_CONFIGURE = /usr/libexec/oracle-cloud-agent/plugins/oci-hpc/oci-hpc-configure/oci-hpc-configure
Cmnd_Alias UM_SYSTEMD = /bin/systemctl * unified-monitoring-agent.service, \
/bin/systemctl * unified-monitoring-agent_config_downloader.timer
Cmnd_Alias UM_INSTALL = /bin/yum --disablerepo=* install -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm, \
/bin/dnf --disablerepo=* install -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm, \
/usr/bin/yum --disablerepo=* install -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm, \
/usr/bin/dnf --disablerepo=* install -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm
Cmnd_Alias UM_DOWNGRADE = /bin/yum --disablerepo=* downgrade -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm, \
/bin/dnf --disablerepo=* downgrade -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm, \
/usr/bin/yum --disablerepo=* downgrade -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm, \
/usr/bin/dnf --disablerepo=* downgrade -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.rpm
Cmnd_Alias UM_KEY_IMPORT = /bin/rpm --import /etc/oracle-cloud-agent/plugins/unifiedmonitoring/rpm-gpg-pub-key-centos7, \
/bin/rpm --import /etc/oracle-cloud-agent/plugins/unifiedmonitoring/rpm-gpg-pub-key-centos8
Cmnd_Alias CP_COMMAND = /bin/cp, /usr/bin/cp
oracle-cloud-agent ALL=(ocarun) NOPASSWD: RUN_COMMAND
oracle-cloud-agent ALL=(root) EXEC: NOPASSWD: JMS_COMMAND
Cmnd_Alias FAMS_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/oci-fams/oci-fams
Cmnd_Alias FAMS_EXECUTOR = /usr/libexec/oracle-cloud-agent/plugins/oci-fams/fams_executor
oracle-cloud-agent ALL=(ALL) NOPASSWD: FAMS_EXECUTOR
oracle-cloud-agent ALL=(root) NOPASSWD: FAMS_COMMAND
Cmnd_Alias WLP_SYSTEMD = /bin/systemctl, /usr/sbin/systemctl, /usr/bin/systemctl
Cmnd_Alias FALCON_CTL = /opt/CrowdStrike/falconctl
Cmnd_Alias WLP_RPM = /bin/rpm, /usr/sbin/rpm, /usr/bin/rpm
oracle-cloud-agent ALL=(root) NOPASSWD: SYSTEMDRUN_COMMAND, KILL
oracle-cloud-agent ALL=(root) NOPASSWD: PLUGINS, DMSETUP, ISCSIADM, MULTIPATH_INSTALL, \
MULTIPATH_SYSTEMD, MULTIPATH_LIST, TEE_COMMAND, TASKSET_COMMAND, IP_COMMAND, UMOUNT_COMMAND, LN_COMMAND, CP_COMMAND, SSHD_COMMAND, LS_COMMAND, STAT_COMMAND, CP_COMMAND, VSSTOOLS_COMMAND, QA_COMMAND, MV_COMMAND, CAT_COMMAND, MKDIR_COMMAND, RM_COMMAND, ALX_CMNDS, OSMH_COMMAND, FAMS_COMMAND, WLP_SYSTEMD, WLP_RPM, WLP_SYSTEMD, FALCON_CTL, WLP_RPM, OCI_RDMA_AUTHENTICATION, OCI_HPC_MONITORING, OCI_HPC_CONFIGURE, WLMS_COMMAND, UM_INSTALL, \
UM_DOWNGRADE, UM_SYSTEMD, UM_KEY_IMPORT
oracle-cloud-agent-updater ALL=(root) NOPASSWD: UPGRADE
Defaults:oracle-cloud-agent !requiretty
Defaults:oracle-cloud-agent-updater !requiretty
Defaults:ocarun !requiretty
[root@instance-20250721-1706 sudoers.d]# su - oracle-cloud-agent-updater
This account is currently not available.
[root@instance-20250721-1706 sudoers.d]# cat /etc/passwod
cat: /etc/passwod: No such file or directory
[root@instance-20250721-1706 sudoers.d]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
tss:x:59:59:Account used for TPM access:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
clevis:x:998:994:Clevis Decryption Framework unprivileged user:/var/cache/clevis:/sbin/nologin
unbound:x:997:993:Unbound DNS resolver:/etc/unbound:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
polkitd:x:996:992:User for polkitd:/:/sbin/nologin
libstoragemgmt:x:995:991:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
sssd:x:994:990:User for sssd:/:/sbin/nologin
cockpit-ws:x:993:989:User for cockpit web service:/nonexisting:/sbin/nologin
cockpit-wsinstance:x:992:988:User for cockpit-ws instances:/nonexisting:/sbin/nologin
setroubleshoot:x:991:987::/var/lib/setroubleshoot:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
chrony:x:990:986::/var/lib/chrony:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
pcp:x:989:985:Performance Co-Pilot:/var/lib/pcp:/sbin/nologin
oracle-cloud-agent:x:988:984:Oracle Cloud Agent Service User:/var/lib/oracle-cloud-agent:/usr/sbin/nologin
oracle-cloud-agent-updater:x:987:984:Oracle Cloud Agent Updater Service User:/var/lib/oracle-cloud-agent:/usr/sbin/nologin
ocarun:x:986:984:Oracle Cloud Agent Runcommand Service User:/var/lib/ocarun:/usr/sbin/nologin
opc:x:1000:1000:Oracle Public Cloud User:/home/opc:/bin/bash
[root@instance-20250721-1706 sudoers.d]#
Ubuntu 24
root@instance-blogs:/etc/sudoers.d# ls -lttr
total 16
-r--r----- 1 root root 1068 Jan 30 2024 README
-r--r----- 1 root root 141 Apr 18 17:11 90-cloud-init-users
-r--r----- 1 root root 746 Apr 18 22:21 090-oca-vss-plugin-commands
-r--r----- 1 root root 3290 Apr 18 22:21 100-oracle-cloud-agent-users
root@instance-blogs:/etc/sudoers.d# ls -ltr
total 16
-r--r----- 1 root root 1068 Jan 30 2024 README
-r--r----- 1 root root 141 Apr 18 17:11 90-cloud-init-users
-r--r----- 1 root root 746 Apr 18 22:21 090-oca-vss-plugin-commands
-r--r----- 1 root root 3290 Apr 18 22:21 100-oracle-cloud-agent-users
root@instance-blogs:/etc/sudoers.d# cat 090-oca-vss-plugin-commands
Cmnd_Alias SSHD_COMMAND = /bin/sshd, /usr/bin/sshd, /usr/sbin/sshd
Cmnd_Alias LS_COMMAND = /bin/ls, /usr/bin/ls, /usr/sbin/ls
Cmnd_Alias MV_COMMAND = /bin/mv, /usr/bin/mv, /usr/sbin/mv
Cmnd_Alias STAT_COMMAND = /bin/stat, /usr/bin/stat, /usr/sbin/stat
Cmnd_Alias VSSTOOLS_COMMAND = /usr/libexec/oracle-cloud-agent/plugins/oci-vulnerabilityscan/vss-tools, /snap/oracle-cloud-agent/current/plugins/oci-vulnerabilityscan/vss-tools
Cmnd_Alias QA_COMMAND = /var/lib/oracle-cloud-agent/plugins/oci-vulnerabilityscan/qualys/agent_image/QualysAgentWrapper.sh
Cmnd_Alias CAT_COMMAND = /bin/cat, /usr/bin/cat, /usr/sbin/cat
Cmnd_Alias MKDIR_COMMAND = /bin/mkdir, /usr/bin/mkdir, /usr/sbin/mkdir
Cmnd_Alias RM_COMMAND = /bin/rm, /usr/bin/rm, /usr/sbin/rm
root@instance-blogs:/etc/sudoers.d# cat 100-oracle-cloud-agent-users
Cmnd_Alias ISCSIADM = /sbin/iscsiadm, /usr/sbin/iscsiadm
Cmnd_Alias DMSETUP = /sbin/dmsetup, /usr/sbin/dmsetup
Cmnd_Alias MULTIPATH_INSTALL = /bin/apt install -o Dpkg\:\:Options\:\:\=--force-confold -y multipath-tools, \
/usr/bin/apt install -o Dpkg\:\:Options\:\:\=--force-confold -y multipath-tools
Cmnd_Alias MULTIPATH_SYSTEMD = /bin/systemctl * multipathd.service, \
/bin/systemctl * multipath-tools
Cmnd_Alias MULTIPATH_LIST = /sbin/multipath *, /usr/sbin/multipath *
Cmnd_Alias TEE_COMMAND = /bin/tee, /usr/bin/tee
Cmnd_Alias TASKSET_COMMAND = /bin/taskset, /usr/bin/taskset
Cmnd_Alias IP_COMMAND = /sbin/ip, /usr/sbin/ip
Cmnd_Alias UMOUNT_COMMAND = /bin/umount, /usr/bin/umount
Cmnd_Alias LN_COMMAND = /bin/ln, /usr/bin/ln
Cmnd_Alias SYSTEMDRUN_COMMAND = /usr/bin/systemd-run
Cmnd_Alias SNAP_COMMAND = /usr/bin/snap
Cmnd_Alias UM_SYSTEMD = /bin/systemctl * unified-monitoring-agent.service, \
/bin/systemctl * unified-monitoring-agent_config_downloader.timer
Cmnd_Alias UM_INSTALL = /usr/bin/apt install -o Dpkg\:\:Options\:\:\=--force-confold -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.deb, \
/bin/apt install -o Dpkg\:\:Options\:\:\=--force-confold -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.deb
Cmnd_Alias UM_DOWNGRADE = /usr/bin/apt --allow-downgrades install -o Dpkg\:\:Options\:\:\=--force-confold -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.deb, \
/bin/apt --allow-downgrades install -o Dpkg\:\:Options\:\:\=--force-confold -y /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.deb
Cmnd_Alias UM_KEY_IMPORT = /usr/bin/gpg --import /etc/oracle-cloud-agent/plugins/unifiedmonitoring/rpm-gpg-pub-key-centos8, \
/bin/gpg --import /etc/oracle-cloud-agent/plugins/unifiedmonitoring/rpm-gpg-pub-key-centos8
Cmnd_Alias UM_GPG_VERIFY = /usr/bin/gpg --verify /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.deb, \
/bin/gpg --verify /var/lib/oracle-cloud-agent/plugins/unifiedmonitoring/temp-unified-monitoring.deb
Cmnd_Alias UM_UPDATE = /usr/bin/apt update, \
/bin/apt update
Cmnd_Alias CP_COMMAND = /bin/cp, /usr/bin/cp
Cmnd_Alias WLP_SYSTEMD = /bin/systemctl, /usr/sbin/systemctl, /usr/bin/systemctl
Cmnd_Alias WLP_GPG = /bin/gpg, /usr/sbin/gpg, /usr/bin/gpg
Cmnd_Alias WLP_DPKGSIG = /bin/dpkg-sig, /usr/sbin/dpkg-sig, /usr/bin/dpkg-sig
Cmnd_Alias WLP_APTGET = /bin/apt-get, /usr/sbin/apt-get, /usr/bin/apt-get
Cmnd_Alias WLP_APT = /bin/apt, /usr/sbin/apt, /usr/bin/apt
snap_daemon ALL=(root) NOPASSWD: SETENV: DMSETUP, ISCSIADM, MULTIPATH_INSTALL, \
MULTIPATH_SYSTEMD, MULTIPATH_LIST, TEE_COMMAND, TASKSET_COMMAND, IP_COMMAND, UMOUNT_COMMAND, LN_COMMAND, CP_COMMAND, SSHD_COMMAND, LS_COMMAND, STAT_COMMAND, CP_COMMAND, VSSTOOLS_COMMAND, QA_COMMAND, MV_COMMAND, CAT_COMMAND, MKDIR_COMMAND, RM_COMMAND, WLP_SYSTEMD, WLP_GPG, WLP_DPKGSIG, WLP_APTGET, WLP_APT, UM_INSTALL, \
UM_DOWNGRADE, UM_SYSTEMD, UM_KEY_IMPORT, UM_UPDATE, UM_GPG_VERIFY, SNAP_COMMAND
Defaults:snap_daemon !requiretty
root@instance-blogs:/etc/sudoers.d# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
dhcpcd:x:100:65534:DHCP Client Daemon,,,:/usr/lib/dhcpcd:/bin/false
messagebus:x:101:102::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:992:992:systemd Resolver:/:/usr/sbin/nologin
sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
pollinate:x:103:1::/var/cache/pollinate:/bin/false
_rpc:x:104:65534::/run/rpcbind:/usr/sbin/nologin
statd:x:105:65534::/var/lib/nfs:/usr/sbin/nologin
snapd-range-524288-root:x:524288:524288::/nonexistent:/usr/bin/false
snap_daemon:x:584788:584788::/nonexistent:/usr/bin/false
fwupd-refresh:x:991:991:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
polkitd:x:990:990:User for polkitd:/:/usr/sbin/nologin
opc:x:1000:1000::/home/opc:/bin/sh
ubuntu:x:1001:1001:Ubuntu:/home/ubuntu:/bin/bash
root@instance-blogs:/etc/sudoers.d#