[sudo-users] Fwd: SUDO centralization based on Server!

[pradyumna dash]

Hi,

I have configured SUDO with OpenLDAP.  I have created a group called
"sysadm" and assign the below commands which the users belong to this group
can execute.  Now created a user called "bob" and assign him to this group.
 When am logging in as bob, and run
"sudo -l", its asking me for the password and after i put the correct
password its showing me the "sudoCommand" list.  But it also executes the
command "!/sbin/route" too which he should not able to execute, why its
happening? did i do anything wrong.

dn: cn=%sysadm,ou=SUDOers,dc=example,dc=com
objectClass: top
objectClass: sudoRole
cn: %sysadm
sudoUser: %sysadm
sudoHost: ALL
sudoOption: !authenticate
structuralObjectClass: sudoRole
entryUUID: d6819d80-5c39-1030-9d7c-19f66ff1c84f
creatorsName: cn=Manager,dc=example,dc=com
createTimestamp: 20110816095703Z
sudoCommand: /sbin/shutdown
sudoCommand: /sbin/halt
sudoCommand: /sbin/reboot
sudoCommand: /sbin/yast
sudoCommand: /sbin/yast2
sudoCommand: /sbin/date
sudoCommand: /sbin/kill
sudoCommand: /usr/bin/killall
sudoCommand: /usr/bin/passwd
sudoCommand: /bin/su
sudoCommand: /bin/rpm
sudoCommand: /sbin/ifconfig
sudoCommand: /sbin/ifup
sudoCommand: !/sbin/route
entryCSN: 20110826090949.582253Z#000000#000#000000
modifiersName: cn=manager,dc=example,dc=com
modifyTimestamp: 20110826090949Z

Regards,
Neo

On Mon, Jul 4, 2011 at 11:32 AM, pradyumna dash <neomatrixgem at gmail.com>wrote:

> Hi,
>
> I need a solution for the below SUDO configuration.
>
> I have centralized SUDO with OpenLDAP, but i have  a query like i have say
> 2 servers server1 and server2 and a used called bob which is a OpenLDAP
> user.
> What i want is like when bob loggin in to server1 it has a different SUDO
> command list and when he logs in to server2, he will get a different list of
> commands
> which is allowed to use.
>
> Can this issue resolved?Now am having 2 individual SUDO files in each
> server, can i centralize this ?
>
> Regards,
> Neo
>