[sudo-users] Distributed sudoers updates
Wes Rogers
wrogers at gmail.com
Wed Feb 13 17:33:33 EST 2008
Run sudo out of LDAP or use something like CFengine.
Wes
On Feb 13, 2008 4:19 PM, Bob Hall <shaezyra at yahoo.com> wrote:
> This may sound a little unorthodox from a security
> perspective, but we would like to be able to perform
> standardized updates of the sudoers file across
> multiple platforms and multiple OS's. One issue that
> has arisen is that some vendors do not use a
> standardized installation, so that the sudoers file
> may appear in locations other than under /etc. (An
> example is the HP-UX ixSudo bundle, which loads the
> sudoers file under /opt/iexpress/sudo/etc/.) This
> wouldn't be a problem for us if there was a
> command-line equivalent to visudo.
>
> Has anybody come up with a decent solution to this
> problem? We could possibly set the 'enveditor Default'
> in the sudoers file, allowing us to perform the edits
> using EDITOR=ex. But as the man page for visudo points
> out, this would open up a security hole.
>
> Thank you!
>
> --
> Bob
>
>
>
> ____________________________________________________________________________________
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list