[sudo-users] Sudoers Web Interface

Edward ed_perry at mac.com
Thu May 31 11:56:34 EDT 2007

Well, my only issue is that if your doing all of your authentication 
from ldap and you want to maintain sudoers then you should be looking 
for a Pam Module that will do your sudo authentication too,

Yes a flat file would be simple and like you said if it is for a hand 
full of systems and sudoers, then the old method of VI/Emacs (AKA 
visudoers) would work just fine. My problem is I have 4 files to 
maintain but they have over 5000 lines of commands

So in order to organize this all a little bit better, I took a concept 
that I wrote in perl and put it in to this web gui.

Agreed more thought has to go in to the use case, and cleanup of the 
install process, but in the end you will still need to install  tomcat 
and maybe a database/ldap.

Eric S. Johansson wrote:
> Brian Gupta wrote:
>>> LDAP should not be that hard to implement, though I have never used it.
>>> I'll have to add this as the research to do list. Though that probably
>>> would be a great solution cause I would not have to build a screen to
>>> populate the data just export it from an existing DB and let the admin
>>> add it though his normal Ldap screen.
>> I ask because many people keep their sudo data in LDAP.
> Brian makes a very good point.  LDAP seems to be the repository of 
> choice for authentication information.  we may have two or three usage 
> cases here depending on what number of users makes it worthwhile to 
> switch to LDAP.  a small number of users on a single system should be 
> a flat file.  A medium number (30-100) a stand-alone database, by the 
> same as you get to shared authentication data across multiple machines 
> or any other condition requiring the use of an LDAP backend, then you 
> want to go LDAP.
> The big challenge for small to medium size is is the install time.  If 
> it takes me more than 15 minutes to install and I've got a single 
> machine with a  limited  number of users (i.e. under 50), then doing 
> it the old-fashioned way is easier.
> Personally, I think that any application that takes longer than 15-30 
> minutes to install and get the basic configuration right is not 
> packaged correctly.  Heck, getting NaturallySpeaking working halfway 
> right takes 20 minutes with training and that's a very complex 
> application.  on the other hand, I do use Emacs and no matter how many 
> years you use it, the configuration is never completely right.  you 
> just tolerate how far you've gotten so far. :-)
> ---eric

More information about the sudo-users mailing list