[sudo-users] Distributed sudoers updates

jifan sun sunjifan at yahoo.com
Thu Feb 14 09:55:10 EST 2008 

Our install has HP-UX and Solaris both of which place the sudoers file in a different
directory that /etc. The install script I wrote, has a case statement for OS type, once that is know,
create a symbol link to where the sudoers file is, and /etc. We also create a symbolic link from sudo & visudo to a directory in our standard PATH. Our install base is roughly 2k systems, and we've not encountered any issues with this method.

Solaris:
ll /etc/sudoers  /usr/bin/visudo /usr/bin/sudo
lrwxrwxrwx   1 root     other         22 Aug 24 14:51 /etc/sudoers -> /usr/local/etc/sudoers
lrwxrwxrwx   1 root     other         19 Nov 16  2006 /usr/bin/sudo -> /usr/local/bin/sudo
lrwxrwxrwx   1 root     other         22 Aug 24 14:51 /usr/bin/visudo -> /usr/local/sbin/visudo


HP-UX
ll /etc/sudoers  /usr/sbin/visudo /usr/bin/sudo
lrwxr-xr-x   1 root       sys             30 Jan 25 14:26 /etc/sudoers -> /opt/iexpress/sudo/etc/sudoers
lrwxr-xr-x   1 root       sys             27 Jan 25 14:26 /usr/bin/sudo -> /opt/iexpress/sudo/bin/sudo
lrwxr-xr-x   1 root       sys             30 Jan 25 14:26 /usr/sbin/visudo -> /opt/iexpress/sudo/sbin/visudo

----- Original Message ----
From: Bob Hall <shaezyra at yahoo.com>
To: sudo-users at sudo.ws
Sent: Wednesday, February 13, 2008 4:19:17 PM
Subject: [sudo-users] Distributed sudoers updates

This may sound a little unorthodox from a security
perspective, but we would like to be able to perform
standardized updates of the sudoers file across
multiple platforms and multiple OS's. One issue that
has arisen is that some vendors do not use a
standardized installation, so that the sudoers file
may appear in locations other than under /etc. (An
example is the HP-UX ixSudo bundle, which loads the
sudoers file under /opt/iexpress/sudo/etc/.) This
wouldn't be a problem for us if there was a
command-line equivalent to visudo.

Has anybody come up with a decent solution to this
problem? We could possibly set the 'enveditor Default'
in the sudoers file, allowing us to perform the edits
using EDITOR=ex. But as the man page for visudo points
out, this would open up a security hole.

Thank you!

--
  Bob



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users






      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

More information about the sudo-users mailing list