[sudo-users] Converting from /etc/sudoers to LDAP

Steven Soulen Steven.Soulen at macquarie.com
Tue Apr 8 17:44:47 MDT 2014


Hello Everyone,

 

I'm trying to convert a large sudoers file into an LDAP container.  In
this file we are currently using a few Cmnd_Aliases in a large set of
rules.  So a simplified version of our sudoers file looks something like
the following:

 

Cmnd_Alias FOO_CMD1 = /usr/bin/bar, /usr/bin/bar2

Cmnd_Alias FOO_CMD2 = /usr/bin/bar3

Host_Alias FOO_HOST1 = host1

Host_Alias FOO_HOST2 = host2

Host_Alias FOO_HOST3 = host3

User_Alias FOO_USER1 = user1

User_Alias FOO_USER2 = user2

User_Alias FOO_USER3 = user3

 

FOO_USER1 FOO_HOST1  = (user4)  FOO_CMD

FOO_USER2 FOO_HOST2  = (user5)  FOO_CMD

FOO_USER2 FOO_HOST2  = (user6)  FOO_CMD, FOO_CMD2

 

Reading the Sudo Man page implies that each Cmnd_Alias should be broken
out into an individual cn. However in doing so we'll lose the ability to
edit all of these rules at once.   Has anyone else come across this
problem? If so, can anyone recommend an approach to handling this?

 

Thanks in advance for any assistance on this.

 

 

Steven Soulen 

 


This email, including any attachments, is confidential. If you are not the intended recipient, you must not disclose, distribute or use the information in this email in any way. If you received this email in error, please notify the sender immediately by return email and delete the message. Unless expressly stated otherwise, the information in this email should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product or service, an official confirmation of any transaction, or as an official statement of the entity sending this message. Neither Macquarie Group Limited, nor any of its subsidiaries, guarantee the integrity of any emails or attached files and are not responsible for any changes made to them by any other person.



More information about the sudo-users mailing list