[sudo-users] Need to know when +netgroup and %group look-ups occur
fivespeedv8 at hotmail.com
Fri Sep 5 11:10:02 EDT 2008
We are trying to ascertain the impact on our LDAP service if we start putting netgroup references into the sudoers file. Our netgroup table is in LDAP.
Right now, we use regular unix groups for many entries:
%usergroup1 ALL = /some/command
%usergroup2 somehost = /some/other/command
and LDAP group lookups are doing OK.
If we decide to add this entry:
%usergroup3 +netgroup = /some/command
When does the netgroup lookup occur?
- Only when the executing userID is in usergroup3?
- Only when /some/command is issued via sudo?
Also, does a Host_Alias affect the way the lookup is performed?
Host_Alias MYHOSTS = +netgroup
%usergroup3 MYHOSTS = /some/command
Is there a doc on the logic used for table lookups?
More information about the sudo-users