[sudo-users] Grouping Cmnd_Alias commands into one file?
Matthew.Stier at us.fujitsu.com
Thu Oct 6 08:28:25 MDT 2016
Normally I group related *_Alias lines together, either in the /etc/sudoers file, or in any file under /etc/sudoers.d/
Then I can distribute that file to any system that needs it.
I have an application that runs under a non-root account, but does need to run some commands as root. I can create a single file specific for that account, and copy it to the /etc/sudoers.d/ directory on each system that needs it.
From: sudo-users [mailto:sudo-users-bounces at sudo.ws] On Behalf Of Leam Hall
Sent: Thursday, October 06, 2016 9:10 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] Grouping Cmnd_Alias commands into one file?
Thanks to Matthew for helping me get over the first issue. On to the
Is it "best practice" or "bad idea" to put all Cmnd_Alias commands into
one file, say /etc/sudoers.d/cmnd_alias? Then you put each role's (user,
group, etc) allowed commands in their own file.
The reason would be to manage larger numbers of servers and not having
to worry about a Cmnd_Alias already being defined elsewhere. So far this
works on my test box, but I don't know how well it will scale. The end
goal is a very minimal /etc/sudoers file and standard /etc/sudoers.d/*
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
More information about the sudo-users