centralize sudoers file

Posted on 2006-05-14
Last Modified: 2013-12-27
I have an environment of 300 over unix servers (linux/solaris/aix). Is there any way to centralize the sudoers file on a server and push the files regularly to all the sudo clients.

Wats the best approach to do this?
Question by:madan1278
    LVL 14

    Accepted Solution

    The typical way to do this is to a) merge the files into one big file (you can use machine-specific rules) and then b) push out from a central place with rdist or rsync (over SSH if you're security conscience).
    LVL 14

    Assisted Solution

    sudo is really touchy about file permissions, location and such, so be prepared for a lot of messing around to get it to work.

    Another way that might work is to place a copy into a nfs file system that is mounted on all the systems, and set up a cron job to check for file change, and if so copy it to the proper location.

    The easier way woud be just the opposite, where the sudoers file would be located on the main server and be linked to by the other servers.  I have not tried this, but I know how upset sudo gets is the sudoers is accessed via a sym link, so I assume that it may not work...

    The ease with which you can do the job is inversely proportional to the security level.  You are currently at the most secure level, where you have to manually update the file on each of the 300 systems.  My nfs solution is less secure, but stil more secure than not using sudo and having everyone use root....
    LVL 14

    Expert Comment

    FYI, I suggested rdist/rsync rather than NFS because with NFS you have to worry about what happens if the NFS server goes down. Whether this is a bigger deal vs. getting rdist/rsync working depends on the environment.
    LVL 14

    Expert Comment

    chris_calabrese you are correct.  But any type of distributed system is going to have more gotchyas, and is going to be less secure.

    Your solution has the advantage that the main file is not exposed except during the transfer time.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now