[sudo-users] Sudoers Web Interface
brian.gupta at gmail.com
Thu May 31 12:05:28 EDT 2007
One thing that I think will greatly help, is that 1.7 plans to allow
multiple include statements in the sudoers file. (I can break up my
sudoers file into multiple files.
On 5/31/07, Edward <ed_perry at mac.com> wrote:
> Well, my only issue is that if your doing all of your authentication
> from ldap and you want to maintain sudoers then you should be looking
> for a Pam Module that will do your sudo authentication too,
> Yes a flat file would be simple and like you said if it is for a hand
> full of systems and sudoers, then the old method of VI/Emacs (AKA
> visudoers) would work just fine. My problem is I have 4 files to
> maintain but they have over 5000 lines of commands
> So in order to organize this all a little bit better, I took a concept
> that I wrote in perl and put it in to this web gui.
> Agreed more thought has to go in to the use case, and cleanup of the
> install process, but in the end you will still need to install tomcat
> and maybe a database/ldap.
> Eric S. Johansson wrote:
> > Brian Gupta wrote:
> >>> LDAP should not be that hard to implement, though I have never used it.
> >>> I'll have to add this as the research to do list. Though that probably
> >>> would be a great solution cause I would not have to build a screen to
> >>> populate the data just export it from an existing DB and let the admin
> >>> add it though his normal Ldap screen.
> >> I ask because many people keep their sudo data in LDAP.
> > Brian makes a very good point. LDAP seems to be the repository of
> > choice for authentication information. we may have two or three usage
> > cases here depending on what number of users makes it worthwhile to
> > switch to LDAP. a small number of users on a single system should be
> > a flat file. A medium number (30-100) a stand-alone database, by the
> > same as you get to shared authentication data across multiple machines
> > or any other condition requiring the use of an LDAP backend, then you
> > want to go LDAP.
> > The big challenge for small to medium size is is the install time. If
> > it takes me more than 15 minutes to install and I've got a single
> > machine with a limited number of users (i.e. under 50), then doing
> > it the old-fashioned way is easier.
> > Personally, I think that any application that takes longer than 15-30
> > minutes to install and get the basic configuration right is not
> > packaged correctly. Heck, getting NaturallySpeaking working halfway
> > right takes 20 minutes with training and that's a very complex
> > application. on the other hand, I do use Emacs and no matter how many
> > years you use it, the configuration is never completely right. you
> > just tolerate how far you've gotten so far. :-)
> > ---eric
More information about the sudo-users