Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

sudoers file

Posted on 2011-02-10
5
503 Views
Last Modified: 2012-05-11
Can the same sudoers file be used on both Solaris and HPUX servers?
Or are the formats distinct?
Thanks!
0
Comment
Question by:sonriks
5 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34865889
Hi,

formats are the same. No problem!

wmp
0
 
LVL 11

Expert Comment

by:jgiordano
ID: 34866171
usually you can but here are some things you want to check for -

1) command paths might be different for your commands
2) commands that use different switches
3) different commands in general

an easy way to test syntax only is to run a verify

/usr/sbin/visudo -c -f /etc/sudoers.new

where c is the check and -f is the file
0
 
LVL 6

Accepted Solution

by:
Tomunique earned 500 total points
ID: 34870485
You can also use the Host_Alias to separate which commands apply to which systems.
Sudo dont care which system the commands apply to, it's format is the same

Host_Alias AIX=Trirs1,tispoll
Host_Alias LINUX=hctunx12,hctunx11

and control the format to which they apply in the cmds section

SYSADM  ALL=(ALL) ALL
ALL AIX=(root) NOPASSWD: /usr/bin/topas
AGROUP LINUX=(ESVR) /some/Linux/Specific --Command
0
 
LVL 1

Author Comment

by:sonriks
ID: 34891363
This looks like what I was searching for. I have yet to implement, but thanks in advance for the excellent response.
0
 
LVL 6

Expert Comment

by:Tomunique
ID: 34891489
We use the same sudoers file across 200+ systems  

recommendation:  plan ahead, and strive towards group permissions, so you're not having to modify the file every time a single user needs something different..

using the % in the user_alias stmts, it will check the unix group permissions.

User_Alias PRODCTL=%prodctl
Then in the cmds..
PRODCTL NEWIAM=(root) /usr/local/bin/yumcvs *

PRODCTL can issue the yumcvs command on the NEWIAM servers as root (and requires a parm to be passed).
This way, the security team adds a user to the prodctl group, and the sudoers file never needs to be touched.

Thanks for the points :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question