Fwd: RE: NFS sudo
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Wed Jun 6 15:28:19 EDT 2001
> From: George Meharry II <gmeharry at yahoo.com>
> Subject: Fwd: RE: NFS sudo
> To: sudo-users at courtesan.com
> Doing the rdist thing as you guys are doing is fine as
> long as you're dealing with a "controllable" number of
> sudo clients (10-20 perhaps - no more than 50!)...
> When you're in a sizable/scalable environment (ours is
> 900+ client/150+ servers mixed between
> HP/Sun/SGI/IBM), you're opening yourself to update
> issues - that is, when you do your rdist what's the
> contingency for when a number of machines don't
> respond (either user's turn them off or some other
> reason)? Pending on how often you're pushing the
> updates (which shouldn't be a lot after a couple of
> weeks of shake-down), this may create a rats-nest (it
> did in our environment before I found this version of
> sudo)... Our opinion (FWIW) was that if the network
> was down, there's a bigger issue to work though and
> that the "trusted users" more than likely wouldn't be
> able to conduct their business anyway...
> So we're using (as KOMAR is) an NFS solution for both
> the rules file as well as the executable which has yet
> to fail us... I'm surprised that you haven't been able
> to locate any past postings about this subject at
> www.courtesan.com because it seems like this is asked
> every couple of months (just a couple of days ago is
> the most recent time)...
> Anywho, best of luck to ya!
'ya know ... maybe we should have an FAQ on this topic?!? ;-)
This issue does seem to come up periodically ... and not only
are there historical postings on it, but there's a link to my
presentation directly from the sudo web page on how we (similarly)
do it at a 1,000 node site using NFS.
George's comments are spot-on IMHO ...
More information about the sudo-users