[sudo-users] Distributed sudoers updates

Ryan Dooley rd at powerset.com
Thu Feb 14 18:16:20 EST 2008 

I'd second this.  Some tool, be it cfengine or puppet, I think is what you want there.  With both you get some integrity of the sudoers file (and binaries) across many platforms.

-----Original Message-----
From: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Wes Rogers
Sent: Wednesday, February 13, 2008 2:34 PM
To: sudo-users at sudo.ws
Subject: Re: [sudo-users] Distributed sudoers updates

Run sudo out of LDAP or use something like CFengine.

Wes

On Feb 13, 2008 4:19 PM, Bob Hall <shaezyra at yahoo.com> wrote:
> This may sound a little unorthodox from a security
> perspective, but we would like to be able to perform
> standardized updates of the sudoers file across
> multiple platforms and multiple OS's. One issue that
> has arisen is that some vendors do not use a
> standardized installation, so that the sudoers file
> may appear in locations other than under /etc. (An
> example is the HP-UX ixSudo bundle, which loads the
> sudoers file under /opt/iexpress/sudo/etc/.) This
> wouldn't be a problem for us if there was a
> command-line equivalent to visudo.
>
> Has anybody come up with a decent solution to this
> problem? We could possibly set the 'enveditor Default'
> in the sudoers file, allowing us to perform the edits
> using EDITOR=ex. But as the man page for visudo points
> out, this would open up a security hole.
>
> Thank you!
>
> --
>   Bob
>
>
>
>       ____________________________________________________________________________________
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list