[sudo-users] Fwd: SUDO centralization based on Server!

Woodward, Andrew andreww at telenav.com
Fri Jul 22 17:22:20 EDT 2011 

In absence of knowing the name of server1 or server2, We gone down two
paths, all server 2 types see one sudoers base all server 1 types see a
different sudoers base DN. This allows us to split up the environment
without having to list each host. Additionally we allow the user to be added
to groups that exist in /etc/group instead of LDAP if they need power user
access on just that server.

-

Andrew Woodward


-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of JR Aquino
Sent: Monday, July 04, 2011 7:31 AM
To: pradyumna dash
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Fwd: SUDO centralization based on Server!

You can centralize this with two separate ldap sudo objects.

Rule1 will have server1, your user/group, and your 1st set of cmds

Rule2 will have server2, your user/group, and your 2d set of cmds


The rules should look like the examples in here:
http://www.gratisoft.us/sudo/man/1.8.1/sudoers.ldap.man.html


~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino
Info. Security Specialist
Citrix Online
Jr.Aquino at citrixonline.com
805.690.3478
GCIH, CCNA

On Jul 4, 2011, at 2:40 AM, "pradyumna dash" <neomatrixgem at gmail.com> wrote:

> Hi,
> 
> I need a solution for the below SUDO configuration.
> 
> I have centralized SUDO with OpenLDAP, but i have  a query like i have 
> say 2 servers server1 and server2 and a used called bob which is a
OpenLDAP user.
> What i want is like when bob loggin in to server1 it has a different 
> SUDO command list and when he logs in to server2, he will get a 
> different list of commands which is allowed to use.
> 
> Can this issue resolved?Now am having 2 individual SUDO files in each 
> server, can i centralize this ?
> 
> Regards,
> Neo
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws> For list information, 
> options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws> For list information, options,
or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list