[sudo-users] Grouping Cmnd_Alias commands into one file?
Stier, Matthew
Matthew.Stier at us.fujitsu.com
Thu Oct 6 08:28:25 MDT 2016
Normally I group related *_Alias lines together, either in the /etc/sudoers file, or in any file under /etc/sudoers.d/
Then I can distribute that file to any system that needs it.
I have an application that runs under a non-root account, but does need to run some commands as root. I can create a single file specific for that account, and copy it to the /etc/sudoers.d/ directory on each system that needs it.
-----Original Message-----
From: sudo-users [mailto:sudo-users-bounces at sudo.ws] On Behalf Of Leam Hall
Sent: Thursday, October 06, 2016 9:10 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] Grouping Cmnd_Alias commands into one file?
Thanks to Matthew for helping me get over the first issue. On to the
next task!
Is it "best practice" or "bad idea" to put all Cmnd_Alias commands into
one file, say /etc/sudoers.d/cmnd_alias? Then you put each role's (user,
group, etc) allowed commands in their own file.
The reason would be to manage larger numbers of servers and not having
to worry about a Cmnd_Alias already being defined elsewhere. So far this
works on my test box, but I don't know how well it will scale. The end
goal is a very minimal /etc/sudoers file and standard /etc/sudoers.d/*
files.
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list