[sudo-users] question about centrally controlling multiple sudo systems
Bob Proulx
bob at proulx.com
Mon Apr 4 23:47:39 EDT 2005
Jerry.Zatzman at Charming.com wrote:
> How do you get one system configured as the central sudo machine? I know
> you'd have the sudoers config file there but how do the other machines
> point to it?
You don't. You install the sudo exeutable binary locally on each
machine. You install the sudoers file locally on each machine.
Anything else, such as using NFS for either of those, would open root
security vulnerabilities.
If you are asking how you can distribute your sudoers file to a
cluster of machines that is a different question. There are many
different schools of thought. I highly recommend reading this paper:
http://www.infrastructures.org/papers/bootstrap/bootstrap.html
What works best for you depends much upon how large of an
infrastructure you are supporting and the skill level of those doing
the support. Some use cfengine. Some use CVSup. Some use radmin.
Personally I use a cron task on each machine that pulls the file using
ssh and rsync from a trusted server with a skewed time so that they
don't all go off at once. I only have a small network, around twenty
five hundred heterogeneous hosts to synchronize, so this works quite
well.
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you
> received this message in error, please contact the sender and delete
> the material from any computer.
Please don't post to public forums with such an annoying disclaimer.
http://www.goldmark.org/jeff/stupid-disclaimers/
Bob
More information about the sudo-users
mailing list