[sudo-users] Distributed sudoers updates

christian.peper at kpn.com christian.peper at kpn.com
Thu Feb 14 03:02:54 EST 2008

> -----Original Message-----
> From: sudo-users-bounces at courtesan.com 
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Bob Hall
> Sent: Wednesday, February 13, 2008 10:19 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] Distributed sudoers updates
> This may sound a little unorthodox from a security 
> perspective, but we would like to be able to perform 
> standardized updates of the sudoers file across multiple 
> platforms and multiple OS's. One issue that has arisen is 
> that some vendors do not use a standardized installation, so 
> that the sudoers file may appear in locations other than 
> under /etc. (An example is the HP-UX ixSudo bundle, which 
> loads the sudoers file under /opt/iexpress/sudo/etc/.) This 
> wouldn't be a problem for us if there was a command-line 
> equivalent to visudo.
> Has anybody come up with a decent solution to this problem? 
> We could possibly set the 'enveditor Default'
> in the sudoers file, allowing us to perform the edits using 
> EDITOR=ex. But as the man page for visudo points out, this 
> would open up a security hole.

Couldn't you use rdist to distribute the file(s) for you?
That is multi-platform as well.

I've looked into the same issue for you our data center but haven't
tested it yet. It was a bit harder than it looked initially, so I
haven't made the time yet. But their scenarios sounded like a perfect
match for this problem. :)

Hope it helps,

More information about the sudo-users mailing list