[sudo-users] Distributed sudoers updates
rd at powerset.com
Thu Feb 14 18:16:20 EST 2008
I'd second this. Some tool, be it cfengine or puppet, I think is what you want there. With both you get some integrity of the sudoers file (and binaries) across many platforms.
From: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Wes Rogers
Sent: Wednesday, February 13, 2008 2:34 PM
To: sudo-users at sudo.ws
Subject: Re: [sudo-users] Distributed sudoers updates
Run sudo out of LDAP or use something like CFengine.
On Feb 13, 2008 4:19 PM, Bob Hall <shaezyra at yahoo.com> wrote:
> This may sound a little unorthodox from a security
> perspective, but we would like to be able to perform
> standardized updates of the sudoers file across
> multiple platforms and multiple OS's. One issue that
> has arisen is that some vendors do not use a
> standardized installation, so that the sudoers file
> may appear in locations other than under /etc. (An
> example is the HP-UX ixSudo bundle, which loads the
> sudoers file under /opt/iexpress/sudo/etc/.) This
> wouldn't be a problem for us if there was a
> command-line equivalent to visudo.
> Has anybody come up with a decent solution to this
> problem? We could possibly set the 'enveditor Default'
> in the sudoers file, allowing us to perform the edits
> using EDITOR=ex. But as the man page for visudo points
> out, this would open up a security hole.
> Thank you!
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
More information about the sudo-users