[sudo-users] Converting from /etc/sudoers to LDAP
Steven.Soulen at macquarie.com
Tue Apr 8 17:44:47 MDT 2014
I'm trying to convert a large sudoers file into an LDAP container. In
this file we are currently using a few Cmnd_Aliases in a large set of
rules. So a simplified version of our sudoers file looks something like
Cmnd_Alias FOO_CMD1 = /usr/bin/bar, /usr/bin/bar2
Cmnd_Alias FOO_CMD2 = /usr/bin/bar3
Host_Alias FOO_HOST1 = host1
Host_Alias FOO_HOST2 = host2
Host_Alias FOO_HOST3 = host3
User_Alias FOO_USER1 = user1
User_Alias FOO_USER2 = user2
User_Alias FOO_USER3 = user3
FOO_USER1 FOO_HOST1 = (user4) FOO_CMD
FOO_USER2 FOO_HOST2 = (user5) FOO_CMD
FOO_USER2 FOO_HOST2 = (user6) FOO_CMD, FOO_CMD2
Reading the Sudo Man page implies that each Cmnd_Alias should be broken
out into an individual cn. However in doing so we'll lose the ability to
edit all of these rules at once. Has anyone else come across this
problem? If so, can anyone recommend an approach to handling this?
Thanks in advance for any assistance on this.
This email, including any attachments, is confidential. If you are not the intended recipient, you must not disclose, distribute or use the information in this email in any way. If you received this email in error, please notify the sender immediately by return email and delete the message. Unless expressly stated otherwise, the information in this email should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product or service, an official confirmation of any transaction, or as an official statement of the entity sending this message. Neither Macquarie Group Limited, nor any of its subsidiaries, guarantee the integrity of any emails or attached files and are not responsible for any changes made to them by any other person.
More information about the sudo-users