[sudo-users] sudo central management
donald.ritchey at exeloncorp.com
donald.ritchey at exeloncorp.com
Thu Dec 15 12:12:57 EST 2005
Our implementation of sudo uses one sudoers file that is distributed by
rsync over ssh (using Public/Private key pairs).
We have grouped our machines, users, and applications into classes and
use the Host_Alias and Cmnd_Alias lines to set up the groups of systems
and applications, then setup user IDs and UNIX groups to allocate the
low-level permissions. It results in a fairly large and visually
complicated sudoers file, but it is the only method I can come up with
to manage the 50 or so UNIX servers that we control.
Luckily, most of our applications run on limited sets of servers and
the applications run under their own application-specific user IDs,
so the mapping of permissions is fairly cut and dried.
The complicators are the administrative and maintenance users that have
to have extra permissions on certain servers, but not others. This results
in more sudoers entries than I would like, but it is still manageable.
The implementation is largely based on the example sudoers files in the
sudo package, so the documentation that comes with sudo is a good starting
point for customized sudoers files. I am looking forward to an upcoming
implementation of LDAP within our environment to eliminate the need for
distributing a local sudoers file (other than a fail-safe version for
emergency use).
Best of luck and thanks to all who have contributed to making sudo such
a good product.
Donald L. (Don) Ritchey
Information Technology
Exelon Corporation
-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com]On Behalf Of
Ken_Abrahamsen at mikronvinyl.com
Sent: Thursday, December 15, 2005 10:11 AM
To: Pantejo, Barbara (Citco)
Cc: 'sudo-users at sudo.ws'; sudo-users-bounces at courtesan.com
Subject: Re: [sudo-users] sudo central management
We have one sudoers configuration for all our servers, but we only have 9
servers.
Sincerely,
Ken Abrahamsen
Mikron Industries, Inc.
1034 6th Avenue North
Kent, WA 98032
Email: Ken_Abrahamsen at mikronvinyl.com
Voice: 253-398-1365
"Pantejo, Barbara (Citco)" <BPantejo at citco.com>
Sent by: sudo-users-bounces at courtesan.com
12/15/2005 08:02 AM
To: "'sudo-users at sudo.ws'" <sudo-users at sudo.ws>
cc:
Subject: [sudo-users] sudo central management
Hi everyone,
I'm new to the list so wasn't sure if my question has already been
discussed, yet.
I was wondering if anyone has a way to centrally manage sudo? We have 100+
servers (various unix/linux flavors). Most, if not all, have had sudo
installed with different configurations in each sudoers files. We want a
way
to organize and manage these files and wanted to get others perspectives
as
to how to go about this. I started taking a look at the different sudoers
files and tried to consolidate into 1, but this is becoming a very arduous
task. Is there a better way?
Any suggestions and comments are appreciated.
Regards,
Barbara
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
************************************************************************
This e-mail and any of its attachments may contain Exelon Corporation
proprietary information, which is privileged, confidential, or subject
to copyright belonging to the Exelon Corporation family of Companies.
This e-mail is intended solely for the use of the individual or entity
to which it is addressed. If you are not the intended recipient of this
e-mail, you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and attachments
to this e-mail is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify the sender immediately and
permanently delete the original and any copy of this e-mail and any
printout. Thank You.
************************************************************************
More information about the sudo-users
mailing list