Fwd: RE: NFS sudo

[Alek O. Komarnitsky (N-CSC)]

> From: George Meharry II <gmeharry at yahoo.com>
> Subject: Fwd: RE: NFS sudo
> To: sudo-users at courtesan.com
> 
> Doing the rdist thing as you guys are doing is fine as
> long as you're dealing with a "controllable" number of
> sudo clients (10-20 perhaps - no more than 50!)...
> HOWEVER...
> 
> When you're in a sizable/scalable environment (ours is
> 900+ client/150+ servers mixed between
> HP/Sun/SGI/IBM), you're opening yourself to update
> issues - that is, when you do your rdist what's the
> contingency for when a number of machines don't
> respond (either user's turn them off or some other
> reason)? Pending on how often you're pushing the
> updates (which shouldn't be a lot after a couple of
> weeks of shake-down), this may create a rats-nest (it
> did in our environment before I found this version of
> sudo)... Our opinion (FWIW) was that if the network
> was down, there's a bigger issue to work though and
> that the "trusted users" more than likely wouldn't be
> able to conduct their business anyway...
> 
> So we're using (as KOMAR is) an NFS solution for both
> the rules file as well as the executable which has yet
> to fail us... I'm surprised that you haven't been able
> to locate any past postings about this subject at
> www.courtesan.com because it seems like this is asked
> every couple of months (just a couple of days ago is
> the most recent time)...
> 
> Anywho, best of luck to ya!


'ya know ... maybe we should have an FAQ on this topic?!?   ;-)

This issue does seem to come up periodically ... and not only
are there historical postings on it, but there's a link to my
presentation directly from the sudo web page on how we (similarly) 
do it at a 1,000 node site using NFS.

George's comments are spot-on IMHO ...
alek