# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification
Host_Alias	LAN_ORG=192.168.182.0/255.255.255.0,localhost		#réseau de l'organisme
# User alias specification
User_Alias	ADMIN=sysadmin				# local admin account
User_Alias	ADMWEB=apache				# web server owner
User_Alias	SMS=gammu_smsd				# gammu-smsd owner
User_Alias	REPLICA=replication			# replication account

# Cmnd alias specification
Cmnd_Alias	NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh,/usr/local/bin/alcasar-list-ip_gw.sh,/usr/local/bin/alcasar-ssh.sh		# network commands
Cmnd_Alias	URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update		# packages managment
Cmnd_Alias	BYPASS=/usr/local/bin/alcasar-bypass.sh			# authentication bypass
Cmnd_Alias	RADDB=/usr/bin/radwho,/usr/sbin/chilli_query		# manage users in command line
Cmnd_Alias	SQL=/usr/local/bin/alcasar-mariadb.sh			# export users database
Cmnd_Alias	SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh		# create conf backup file
Cmnd_Alias	EXPORT=/usr/local/bin/alcasar-archive.sh		# export/save the log files
Cmnd_Alias	BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh	# manage the filtering system
Cmnd_Alias	NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset	# manage the firewall
Cmnd_Alias	LOGOUT=/usr/local/bin/alcasar-logout.sh			# disconnect the users
Cmnd_Alias	UAM=/usr/local/bin/alcasar-uamallowed.sh		# manage the trusted websites (uamallowed)
Cmnd_Alias	SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown		# manage the linux services
Cmnd_Alias	GAMMU=/usr/local/bin/alcasar-sms.sh			# manage the SMS subsystem
Cmnd_Alias	SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert *	# manage the certificates
Cmnd_Alias	HTDIGEST=/usr/local/bin/alcasar-profil.sh		# manage htdigest groups
Cmnd_Alias	LOG_GEN=/usr/local/bin/alcasar-generate_log.sh		# create log PDF from ACC
Cmnd_Alias	LDAP=/usr/local/bin/alcasar-ldap.sh			# enable/disable LDAP connection
Cmnd_Alias	IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh	# enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias	WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh		# enable/disable wifi4eu integration (logo + snippet)
Cmnd_Alias	MAIL_SERVICE=/usr/local/bin/alcasar-mail-install.sh	# manage mail service
Cmnd_Alias	REPLICATION=/usr/local/bin/alcasar-replication-install.sh,/usr/local/bin/alcasar-replication-add.sh,/usr/local/bin/alcasar-replication-start.sh,/usr/local/bin/alcasar-replication-stop.sh,/usr/local/bin/alcasar-replication-delete.sh,/usr/local/bin/alcasar-replication-list.sh,/usr/local/bin/alcasar-replication-uninstall.sh,/usr/local/bin/alcasar-replication-ssh-keys-management.sh


# Defaults specification
# Defaults syslog=auth

# Runas alias specification

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

# Same thing without a password
# %wheel	ALL=(ALL)	NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

ADMWEB	LAN_ORG=(root)	NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE,WIFI4EU,MAIL_SERVICE,REPLICATION
ADMIN	LAN_ORG=(root)	NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
SMS	LAN_ORG=(root)	NOPASSWD: GAMMU
REPLICA	LAN_ORG=(root)	NOPASSWD: SQL
