Solved

sudoers file

Posted on 2011-02-10
5
491 Views
Last Modified: 2012-05-11
Can the same sudoers file be used on both Solaris and HPUX servers?
Or are the formats distinct?
Thanks!
0
Comment
Question by:sonriks
5 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34865889
Hi,

formats are the same. No problem!

wmp
0
 
LVL 11

Expert Comment

by:jgiordano
ID: 34866171
usually you can but here are some things you want to check for -

1) command paths might be different for your commands
2) commands that use different switches
3) different commands in general

an easy way to test syntax only is to run a verify

/usr/sbin/visudo -c -f /etc/sudoers.new

where c is the check and -f is the file
0
 
LVL 6

Accepted Solution

by:
Tomunique earned 500 total points
ID: 34870485
You can also use the Host_Alias to separate which commands apply to which systems.
Sudo dont care which system the commands apply to, it's format is the same

Host_Alias AIX=Trirs1,tispoll
Host_Alias LINUX=hctunx12,hctunx11

and control the format to which they apply in the cmds section

SYSADM  ALL=(ALL) ALL
ALL AIX=(root) NOPASSWD: /usr/bin/topas
AGROUP LINUX=(ESVR) /some/Linux/Specific --Command
0
 
LVL 1

Author Comment

by:sonriks
ID: 34891363
This looks like what I was searching for. I have yet to implement, but thanks in advance for the excellent response.
0
 
LVL 6

Expert Comment

by:Tomunique
ID: 34891489
We use the same sudoers file across 200+ systems  

recommendation:  plan ahead, and strive towards group permissions, so you're not having to modify the file every time a single user needs something different..

using the % in the user_alias stmts, it will check the unix group permissions.

User_Alias PRODCTL=%prodctl
Then in the cmds..
PRODCTL NEWIAM=(root) /usr/local/bin/yumcvs *

PRODCTL can issue the yumcvs command on the NEWIAM servers as root (and requires a parm to be passed).
This way, the security team adds a user to the prodctl group, and the sudoers file never needs to be touched.

Thanks for the points :)
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now