[sudo-users] Grouping Cmnd_Alias commands into one file?

Stier, Matthew Matthew.Stier at us.fujitsu.com
Thu Oct 6 08:28:25 MDT 2016

Normally I group related *_Alias lines together, either in the /etc/sudoers file, or in any file under /etc/sudoers.d/

Then I can distribute that file to any system that needs it.

I have an application that runs under a non-root account, but does need to run some commands as root.  I can create a single file specific for that account, and copy it to the /etc/sudoers.d/ directory on each system that needs it.

-----Original Message-----
From: sudo-users [mailto:sudo-users-bounces at sudo.ws] On Behalf Of Leam Hall
Sent: Thursday, October 06, 2016 9:10 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] Grouping Cmnd_Alias commands into one file?

Thanks to Matthew for helping me get over the first issue. On to the 
next task!

Is it "best practice" or "bad idea" to put all Cmnd_Alias commands into 
one file, say /etc/sudoers.d/cmnd_alias? Then you put each role's (user, 
group, etc) allowed commands in their own file.

The reason would be to manage larger numbers of servers and not having 
to worry about a Cmnd_Alias already being defined elsewhere. So far this 
works on my test box, but I don't know how well it will scale. The end 
goal is a very minimal /etc/sudoers file and standard /etc/sudoers.d/* 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list