Using sudo with relocatable hostnames

Wagner, Brad BEWAGNER at GAPAC.com
Mon Dec 9 08:26:32 EST 2002


This solution works great if you want to grant equal access to both boxes.  However, what we are doing is fairly typical in that the failover server runs a full size development instance that has many more people allowed access to it than to the production instance.  

Can we come up with a solution that will allow differing access for differing User_Alias groups?

Thanks

-----Original Message-----
From: Tse Wai Kan [mailto:TWKAN at rslcom.de]
Sent: Monday, December 09, 2002 8:16 AM
To: Wagner, Brad
Subject: RE: Using sudo with relocatable hostnames


Why don't you set up your package or cluster name up as a host_alias?

Host_Alias	PACKAGE_A=SG_Node1, SG_Node2	# Package only runs on nodes
1 and 2 only.
Host_Alias	CLUSTER_NAME=Package_A, Package_B

Regards, 
Tse-Wai Kan. 
RSL COM Services GmbH. 
Tel     :       +49 (0)611 9888820 
Fax     :       +49 (0)611 9888821 / +49 (0)611 9888878 
GSM     :       +49 (0)172 9420888 / +44 (0)705 0028870 
E-mail  :       twkan at rslcom.de <mailto:twkan at rslcom.de>





-----Original Message-----
From: Wagner, Brad [mailto:BEWAGNER at GAPAC.com]
Sent: 09 December 2002 13:45
To: 'sudo-users at sudo.ws'
Cc: 'mlh'
Subject: RE: Using sudo with relocatable hostnames


I appreciate the feedback.  However, with over 100 HP boxes, we are having
to be fairly committed to developing a consistent sudoers file that will be
comprehensive for the environment.  Then, as a change is made, the file will
be copied out across the environment.

Anyone have any other suggestions on how this might be accomplished?

Thanks

-----Original Message-----
From: mlh [mailto:mlh at zip.com.au]
Sent: Friday, December 06, 2002 8:40 PM
To: Wagner, Brad
Cc: 'sudo-users at sudo.ws'
Subject: Re: Using sudo with relocatable hostnames


Wagner, Brad wrote:
> Is it possible to configure sudo to use relocateable hostnames?  In our 
> HP-UX environment we have many clusters of machines where we would like 
> the permissions to follow the package without having to edit the sudoers 
> file each time it fails over.  Is this possible to configure by build or 
> configuration?

You can just use ALL for the hostname.  That's what
I did when I managed hp-ux clusters.

Doesn't hurt, as long as you don't blindly copy sudoers
files to other machines.

Matt

____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users



More information about the sudo-users mailing list