[sudo-users] sudo + ldap security

David Thiel lx at redundancy.redundancy.org
Tue Mar 8 13:15:07 EST 2005


I'm considering using LDAP to store sudo configuration data, but I can't
see any way to keep any user of a sudo-controlled machine from browsing
that data in LDAP. With regular sudoers, I at least have the assurance
that users can only read rules that apply to them personally, and that
the whole of that data can only be read by root. Has anyone found any
clever ways to mitigate this?


More information about the sudo-users mailing list