Solved

sudoers file

Posted on 2011-02-10
5
518 Views
Last Modified: 2012-05-11
Can the same sudoers file be used on both Solaris and HPUX servers?
Or are the formats distinct?
Thanks!
0
Comment
Question by:sonriks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34865889
Hi,

formats are the same. No problem!

wmp
0
 
LVL 11

Expert Comment

by:jgiordano
ID: 34866171
usually you can but here are some things you want to check for -

1) command paths might be different for your commands
2) commands that use different switches
3) different commands in general

an easy way to test syntax only is to run a verify

/usr/sbin/visudo -c -f /etc/sudoers.new

where c is the check and -f is the file
0
 
LVL 6

Accepted Solution

by:
Tomunique earned 500 total points
ID: 34870485
You can also use the Host_Alias to separate which commands apply to which systems.
Sudo dont care which system the commands apply to, it's format is the same

Host_Alias AIX=Trirs1,tispoll
Host_Alias LINUX=hctunx12,hctunx11

and control the format to which they apply in the cmds section

SYSADM  ALL=(ALL) ALL
ALL AIX=(root) NOPASSWD: /usr/bin/topas
AGROUP LINUX=(ESVR) /some/Linux/Specific --Command
0
 
LVL 1

Author Comment

by:sonriks
ID: 34891363
This looks like what I was searching for. I have yet to implement, but thanks in advance for the excellent response.
0
 
LVL 6

Expert Comment

by:Tomunique
ID: 34891489
We use the same sudoers file across 200+ systems  

recommendation:  plan ahead, and strive towards group permissions, so you're not having to modify the file every time a single user needs something different..

using the % in the user_alias stmts, it will check the unix group permissions.

User_Alias PRODCTL=%prodctl
Then in the cmds..
PRODCTL NEWIAM=(root) /usr/local/bin/yumcvs *

PRODCTL can issue the yumcvs command on the NEWIAM servers as root (and requires a parm to be passed).
This way, the security team adds a user to the prodctl group, and the sudoers file never needs to be touched.

Thanks for the points :)
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question