?
Solved

centralize sudoers file

Posted on 2006-05-14
6
Medium Priority
?
1,512 Views
Last Modified: 2013-12-27
Hi,
I have an environment of 300 over unix servers (linux/solaris/aix). Is there any way to centralize the sudoers file on a server and push the files regularly to all the sudo clients.

Wats the best approach to do this?
0
Comment
Question by:madan1278
  • 2
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 252 total points
ID: 16682797
The typical way to do this is to a) merge the files into one big file (you can use machine-specific rules) and then b) push out from a central place with rdist or rsync (over SSH if you're security conscience).
0
 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 248 total points
ID: 16683135
sudo is really touchy about file permissions, location and such, so be prepared for a lot of messing around to get it to work.

Another way that might work is to place a copy into a nfs file system that is mounted on all the systems, and set up a cron job to check for file change, and if so copy it to the proper location.

The easier way woud be just the opposite, where the sudoers file would be located on the main server and be linked to by the other servers.  I have not tried this, but I know how upset sudo gets is the sudoers is accessed via a sym link, so I assume that it may not work...

The ease with which you can do the job is inversely proportional to the security level.  You are currently at the most secure level, where you have to manually update the file on each of the 300 systems.  My nfs solution is less secure, but stil more secure than not using sudo and having everyone use root....
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 16683156
FYI, I suggested rdist/rsync rather than NFS because with NFS you have to worry about what happens if the NFS server goes down. Whether this is a bigger deal vs. getting rdist/rsync working depends on the environment.
0
 
LVL 14

Expert Comment

by:arthurjb
ID: 16683273
chris_calabrese you are correct.  But any type of distributed system is going to have more gotchyas, and is going to be less secure.

Your solution has the advantage that the main file is not exposed except during the transfer time.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question