[sudo-users] Grouping Cmnd_Alias commands into one file?
Todd C. Miller
Todd.Miller at courtesan.com
Thu Oct 6 08:43:54 MDT 2016
On Thu, 06 Oct 2016 10:10:08 -0400, Leam Hall wrote:
> Is it "best practice" or "bad idea" to put all Cmnd_Alias commands into
> one file, say /etc/sudoers.d/cmnd_alias? Then you put each role's (user,
> group, etc) allowed commands in their own file.
That seems reasonable. It sounds like you are using Cmnd_Aliases
to define roles and then assigning the roles to users in separate
files. The downside is that visudo does not check the files in
/etc/sudoers.d by default so you won't have as robust error checking.
More information about the sudo-users