====== sudoers 格式 ======

<code>
User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
        (':' Host_List '=' Cmnd_Spec_List)*

Cmnd_Spec_List ::= Cmnd_Spec |
             Cmnd_Spec ',' Cmnd_Spec_List

Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd

Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'

SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')

Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
        'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
        'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
</code>

https://linux.die.net/man/5/sudoers

例：

<code>
user ALL=NOPASSWD: /usr/local/bin/command,/usr/local/bin/command2
</code>

{{tag>linux sudo}}