[sudo-users] Sudoers Web Interface

ed_perry at mac.com ed_perry at mac.com
Thu May 31 12:11:26 EDT 2007

Oh that would be sweet

Sent via BlackBerry from Cingular Wireless  

-----Original Message-----
From: Brian Gupta <brian.gupta at gmail.com>
Date: Thu, 31 May 2007 12:05:28 
To:Edward <ed_perry at mac.com>
Cc:"Eric S. Johansson" <esj at harvee.org>, sudo-users at sudo.ws
Subject: Re: [sudo-users] Sudoers Web Interface

One thing that I think will greatly help, is that 1.7 plans to allow
multiple include statements in the sudoers file. (I can break up my
sudoers file into multiple files.

On 5/31/07, Edward <ed_perry at mac.com> wrote:
> Well, my only issue is that if your doing all of your authentication
> from ldap and you want to maintain sudoers then you should be looking
> for a Pam Module that will do your sudo authentication too,
> Yes a flat file would be simple and like you said if it is for a hand
> full of systems and sudoers, then the old method of VI/Emacs (AKA
> visudoers) would work just fine. My problem is I have 4 files to
> maintain but they have over 5000 lines of commands
> So in order to organize this all a little bit better, I took a concept
> that I wrote in perl and put it in to this web gui.
> Agreed more thought has to go in to the use case, and cleanup of the
> install process, but in the end you will still need to install  tomcat
> and maybe a database/ldap.
> Eric S. Johansson wrote:
> > Brian Gupta wrote:
> >>> LDAP should not be that hard to implement, though I have never used it.
> >>> I'll have to add this as the research to do list. Though that probably
> >>> would be a great solution cause I would not have to build a screen to
> >>> populate the data just export it from an existing DB and let the admin
> >>> add it though his normal Ldap screen.
> >>
> >> I ask because many people keep their sudo data in LDAP.
> >
> > Brian makes a very good point.  LDAP seems to be the repository of
> > choice for authentication information.  we may have two or three usage
> > cases here depending on what number of users makes it worthwhile to
> > switch to LDAP.  a small number of users on a single system should be
> > a flat file.  A medium number (30-100) a stand-alone database, by the
> > same as you get to shared authentication data across multiple machines
> > or any other condition requiring the use of an LDAP backend, then you
> > want to go LDAP.
> >
> > The big challenge for small to medium size is is the install time.  If
> > it takes me more than 15 minutes to install and I've got a single
> > machine with a  limited  number of users (i.e. under 50), then doing
> > it the old-fashioned way is easier.
> >
> > Personally, I think that any application that takes longer than 15-30
> > minutes to install and get the basic configuration right is not
> > packaged correctly.  Heck, getting NaturallySpeaking working halfway
> > right takes 20 minutes with training and that's a very complex
> > application.  on the other hand, I do use Emacs and no matter how many
> > years you use it, the configuration is never completely right.  you
> > just tolerate how far you've gotten so far. :-)
> >
> > ---eric
> >
> >

More information about the sudo-users mailing list