[sudo-users] Distributed sudoers updates
christian.peper at kpn.com
christian.peper at kpn.com
Thu Feb 14 03:02:54 EST 2008
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Bob Hall
> Sent: Wednesday, February 13, 2008 10:19 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] Distributed sudoers updates
>
> This may sound a little unorthodox from a security
> perspective, but we would like to be able to perform
> standardized updates of the sudoers file across multiple
> platforms and multiple OS's. One issue that has arisen is
> that some vendors do not use a standardized installation, so
> that the sudoers file may appear in locations other than
> under /etc. (An example is the HP-UX ixSudo bundle, which
> loads the sudoers file under /opt/iexpress/sudo/etc/.) This
> wouldn't be a problem for us if there was a command-line
> equivalent to visudo.
>
> Has anybody come up with a decent solution to this problem?
> We could possibly set the 'enveditor Default'
> in the sudoers file, allowing us to perform the edits using
> EDITOR=ex. But as the man page for visudo points out, this
> would open up a security hole.
Couldn't you use rdist to distribute the file(s) for you?
That is multi-platform as well.
http://www.magnicomp.com/rdist/
I've looked into the same issue for you our data center but haven't
tested it yet. It was a bit harder than it looked initially, so I
haven't made the time yet. But their scenarios sounded like a perfect
match for this problem. :)
Hope it helps,
Chris.
More information about the sudo-users
mailing list