LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-19-2008, 02:48 AM   #1
ksri07091983
Member
 
Registered: Nov 2007
Location: Chennai,TamilNadu,India
Distribution: RedHat,SuSE
Posts: 65

Rep: Reputation: 15
Question about sudoers in NIS environment


Hi,

i got a doubt in setting up sudoers in an NIS environment. It goes as below:

* I have a NIS server [for ex.192.168.0.10] with ypserv configured and /home exported through NFS.
* I also have an NIS client [for ex. 192.168.0.11] which is authenticated to the NIS server and its home directory auto mounted from the NIS Server's NFS share.
* The NIS users are able to login into the NIS client both graphically as well as through ssh.

Now i hava a question:

* I have configured the sudoers file in the "NIS Server" as follows:
Code:
user1  192.168.0.11 = (ALL) ALL
where user1 is an NIS user. The above configuration says that the user user1 can execute any command as any user on the machine 192.168.0.11 i.e., our NIS client.

* But when I login as user1 on the NIS client i am not able to use the sudo privilege.All I get is "user1 is not in the sudoers file. This incident will be reported."

Please advice,so that I can configure sudo for NIS environment. I hope my question is clear.

Thanks

Sridhar
 
Old 05-19-2008, 07:28 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
Each machine has its own sudoers file, and I don't believe you can 'transfer' the privs across like that. I could be wrong...
 
Old 05-21-2008, 03:11 AM   #3
ksri07091983
Member
 
Registered: Nov 2007
Location: Chennai,TamilNadu,India
Distribution: RedHat,SuSE
Posts: 65

Original Poster
Rep: Reputation: 15
Hi,

Thanks for your reply. I still have a doubt as, why machine field is there in the definition of sudo users in sudoers file. Like


user1 192.168.0.11 = (ALL) ALL

^^^^^^ ^^^^^^^^ ^^^^ ^^^^^^
user machine run as commands



I hope i have understood the above syntax correctly. Please correct me if i am wrong.


Thanks

Sridhar
 
Old 05-21-2008, 08:33 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
Try the manual here: http://www.sudo.ws/sudo/man/sudoers.html
I think(??) it implies that you'd have to be on the NIS server (as that user) to run the cmd on the client, but I don't understand how it does that ie what protocol does it connect with??
Need a real sudo expert here....
I've only ever used it in 'local' mode.
 
Old 05-22-2008, 08:31 AM   #5
ksri07091983
Member
 
Registered: Nov 2007
Location: Chennai,TamilNadu,India
Distribution: RedHat,SuSE
Posts: 65

Original Poster
Rep: Reputation: 15
Hi chrism01

Thanks for your response. That link i think is the man page of sudoers. I saw the man page and i could not find/understand anyway to acheive my goal.

Anyway,I am going to configure the users in the sudoers file of NIS client machines manually on each machines based on the requirement I have.

If there is some 'sudo' expert,then he/she is very most welcome to give their suggestions.

Thanks a lot for your help and response!!!

Sridhar
 
Old 06-12-2008, 07:54 AM   #6
pkhera_2001
Member
 
Registered: Mar 2006
Location: New Delhi, India
Distribution: Fedora, CentOS, RHEL, Ubuntu
Posts: 67

Rep: Reputation: 18
You can configure Make file to export sudoers file and export it using nfs

Hi Sridhar!

While looking at your issue one of my co-worker suggested that this can be done by making some changes under Make file (that means before executing Make to prepare the NIS server).

You may have to tweak Make file so that it exports "/etc/sudoers" file from NIS server and then add an entry like "sudoers: nis" under all client's "/etc/nsswitch" file, so that whenever a user tries to use sudo access then it finds exported sudoers file.

We haven't tried this but this shall work as we have done some other things similiar to this.

Kindly update me if there is any success or not.

Regards,
P.
 
Old 06-12-2008, 08:21 PM   #7
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
If you do try that, do let us know if it worked or not.
There's always something new to be learnt.
 
Old 06-19-2008, 02:48 AM   #8
ksri07091983
Member
 
Registered: Nov 2007
Location: Chennai,TamilNadu,India
Distribution: RedHat,SuSE
Posts: 65

Original Poster
Rep: Reputation: 15
Hi pkhera_2001,


Thanks a ton for your idea. I will try it out and let you know.

Thanks

Sridhar
 
Old 06-19-2008, 05:47 AM   #9
ksri07091983
Member
 
Registered: Nov 2007
Location: Chennai,TamilNadu,India
Distribution: RedHat,SuSE
Posts: 65

Original Poster
Rep: Reputation: 15
Hi,

As per our discussion,I tuned my Makefile to contain sudoers, and re-configured the NIS server. It dint gave any errors. Then i re-configured my NIS Client to get authenticated to this NIS server and tried the sudoers stuff.. it didnt work out .

I am pasting my Makefile,Please correct me if i have configured anything wrong.

Code:
#
# This Makefile can be modified to support more NIS maps if desired.
#

# Set the following variable to "-b" to have NIS servers use the domain
# name resolver for hosts not in the current domain. This is only needed,
# if you have SunOS slave YP server, which gets here maps from this
# server. The NYS YP server will ignore the YP_INTERDOMAIN key.
#B=-b
B=

# If we have only one server, we don't have to push the maps to the
# slave servers (NOPUSH=true). If you have slave servers, change this
# to "NOPUSH=false" and put all hostnames of your slave servers in the file
# /var/yp/ypservers.
NOPUSH=true

# We do not put password entries with lower UIDs (the root and system
# entries) in the NIS password database, for security. MINUID is the
# lowest uid that will be included in the password maps. If you
# create shadow maps, the UserID for a shadow entry is taken from
# the passwd file. If no entry is found, this shadow entry is
# ignored.
# MINGID is the lowest gid that will be included in the group maps.
MINUID=500
MINGID=500

# Don't export this uid/guid (nfsnobody).
# Set to 0 if you want to
NFSNOBODYUID=65534
NFSNOBODYGID=65534

# Should we merge the passwd file with the shadow file ?
# MERGE_PASSWD=true|false
MERGE_PASSWD=true

# Should we merge the group file with the gshadow file ?
# MERGE_GROUP=true|false
MERGE_GROUP=true

# These are commands which this Makefile needs to properly rebuild the
# NIS databases. Don't change these unless you have a good reason.
AWK = /bin/gawk
MAKE = /usr/bin/gmake
UMASK = umask 066

#
# These are the source directories for the NIS files; normally
# that is /etc but you may want to move the source for the password
# and group files to (for example) /var/yp/ypfiles. The directory
# for passwd, group and shadow is defined by YPPWDDIR, the rest is
# taken from YPSRCDIR.
#
YPSRCDIR = /etc
YPPWDDIR = /etc
YPBINDIR = /usr/lib/yp
YPSBINDIR = /usr/sbin
YPDIR = /var/yp
YPMAPDIR = $(YPDIR)/$(DOMAIN)

# These are the files from which the NIS databases are built. You may edit
# these to taste in the event that you wish to keep your NIS source files
# seperate from your NIS server's actual configuration files.
#
GROUP       = $(YPPWDDIR)/group
PASSWD      = $(YPPWDDIR)/passwd
SHADOW      = $(YPPWDDIR)/shadow
GSHADOW     = $(YPPWDDIR)/gshadow
ADJUNCT     = $(YPPWDDIR)/passwd.adjunct
#ALIASES     = $(YPSRCDIR)/aliases  # aliases could be in /etc or /etc/mail
ALIASES     = /etc/aliases
ETHERS      = $(YPSRCDIR)/ethers     # ethernet addresses (for rarpd)
BOOTPARAMS  = $(YPSRCDIR)/bootparams # for booting Sun boxes (bootparamd)
HOSTS       = $(YPSRCDIR)/hosts
SUDOERS     = $(YPSRCDIR)/sudoers
NETWORKS    = $(YPSRCDIR)/networks
PRINTCAP    = $(YPSRCDIR)/printcap
PROTOCOLS   = $(YPSRCDIR)/protocols
PUBLICKEYS  = $(YPSRCDIR)/publickey
RPC         = $(YPSRCDIR)/rpc
SERVICES    = $(YPSRCDIR)/services
NETGROUP    = $(YPSRCDIR)/netgroup
NETID       = $(YPSRCDIR)/netid
AMD_HOME    = $(YPSRCDIR)/amd.home
AUTO_MASTER = $(YPSRCDIR)/auto.master
AUTO_HOME   = $(YPSRCDIR)/auto.home
AUTO_LOCAL  = $(YPSRCDIR)/auto.local
TIMEZONE    = $(YPSRCDIR)/timezone
LOCALE      = $(YPSRCDIR)/locale
NETMASKS    = $(YPSRCDIR)/netmasks

YPSERVERS = $(YPDIR)/ypservers  # List of all NIS servers for a domain

target: Makefile
        @test ! -d $(LOCALDOMAIN) && mkdir $(LOCALDOMAIN) ; \
        cd $(LOCALDOMAIN)  ; \
        $(NOPUSH) || $(MAKE) -f ../Makefile ypservers; \
        $(MAKE) -f ../Makefile all

# If you don't want some of these maps built, feel free to comment
# them out from this list.

all:  passwd group hosts shadow rpc services netid protocols mail sudoers \
        # netgrp shadow publickey networks ethers bootparams printcap \
        # amd.home auto.master auto.home auto.local passwd.adjunct \
        # timezone locale netmasks


########################################################################
#                                                                      #
#  DON'T EDIT ANYTHING BELOW IF YOU DON'T KNOW WHAT YOU ARE DOING !!!  #
#                                                                      #
########################################################################

DBLOAD = $(YPBINDIR)/makedbm -c -m `$(YPBINDIR)/yphelper --hostname`
MKNETID = $(YPBINDIR)/mknetid
YPPUSH = $(YPSBINDIR)/yppush
MERGER = $(YPBINDIR)/yphelper
DOMAIN = `basename \`pwd\``
LOCALDOMAIN = `/bin/domainname`
REVNETGROUP = $(YPBINDIR)/revnetgroup
CREATE_PRINTCAP = $(YPBINDIR)/create_printcap

ethers:         ethers.byname ethers.byaddr
hosts:          hosts.byname hosts.byaddr
networks:       networks.byaddr networks.byname
protocols:      protocols.bynumber protocols.byname
rpc:            rpc.byname rpc.bynumber
services:       services.byname services.byservicename
passwd:         passwd.byname passwd.byuid
sudoers:        sudoers.byname sudoers.byuid
group:          group.byname group.bygid
shadow:         shadow.byname
passwd.adjunct: passwd.adjunct.byname
netid:          netid.byname
netgrp:         netgroup netgroup.byhost netgroup.byuser
publickey:      publickey.byname
mail:           mail.aliases
timezone:      timezone.byname
locale:                locale.byname
netmasks:      netmasks.byaddr

ypservers: $(YPSERVERS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#") print $$0"\t"$$0 }' \
            $(YPSERVERS) | $(DBLOAD) -i $(YPSERVERS) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

$(YPSERVERS):
        @echo -n "Generating $*..."
        @uname -n > $(YPSERVERS)

bootparams: $(BOOTPARAMS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#" && $$1 != "+") \
                print $$0 }' $(BOOTPARAMS) | $(DBLOAD) -r -i $(BOOTPARAMS) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


ethers.byname: $(ETHERS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#" && $$1 != "+") \
                print $$2"\t"$$0 }' $(ETHERS) | $(DBLOAD) -r -i $(ETHERS) \
                                                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


ethers.byaddr: $(ETHERS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#" && $$1 != "+") \
                print $$1"\t"$$0 }' $(ETHERS) | $(DBLOAD) -r -i $(ETHERS) \
                                                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


netgroup: $(NETGROUP) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#" && $$1 != "+") \
                print $$0 }' $(NETGROUP) | $(DBLOAD) -i $(NETGROUP) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


netgroup.byhost: $(NETGROUP) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(REVNETGROUP) -h < $(NETGROUP) | $(DBLOAD) -i $(NETGROUP) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


netgroup.byuser: $(NETGROUP) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(REVNETGROUP) -u < $(NETGROUP) | $(DBLOAD) -i $(NETGROUP) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


hosts.byname: $(HOSTS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '/^[0-9]/ { for (n=2; n<=NF && $$n !~ "#"; n++) \
                print $$n"\t"$$0 }' $(HOSTS) | $(DBLOAD) -r $(B) -l \
                        -i $(HOSTS) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

hosts.byaddr: $(HOSTS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") print $$1"\t"$$0 }' \
           $(HOSTS) | $(DBLOAD) -r $(B) -i $(HOSTS) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


networks.byname: $(NETWORKS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if($$1 !~ "#" && $$1 != "") { print $$1"\t"$$0; \
                 for (n=3; n<=NF && $$n !~ "#"; n++) print $$n"\t"$$0 \
                        }}' $(NETWORKS) | $(DBLOAD) -r -i $(NETWORKS) \
                         -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


networks.byaddr: $(NETWORKS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") print $$2"\t"$$0 }' \
                 $(NETWORKS) | $(DBLOAD) -r -i $(NETWORKS) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


protocols.byname: $(PROTOCOLS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") { print $$1"\t"$$0; \
                for (n=3; n<=NF && $$n !~ "#"; n++) \
                print $$n"\t"$$0}}' $(PROTOCOLS) | $(DBLOAD) -r -i \
                        $(PROTOCOLS) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


protocols.bynumber: $(PROTOCOLS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") print $$2"\t"$$0 }' \
                $(PROTOCOLS) | $(DBLOAD) -r -i $(PROTOCOLS) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


rpc.byname: $(RPC) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#"  && $$1 != "") { print $$1"\t"$$0; \
                for (n=3; n<=NF && $$n !~ "#"; n++)  print $$n"\t"$$0 \
                  }}' $(RPC) | $(DBLOAD) -r -i $(RPC) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


rpc.bynumber: $(RPC) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") print $$2"\t"$$0 }' $(RPC) \
                | $(DBLOAD) -r -i $(RPC) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


services.byname: $(SERVICES) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") print $$2"\t"$$0 }' \
                $(SERVICES) | $(DBLOAD) -r -i $(SERVICES) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

services.byservicename: $(SERVICES) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 !~ "#" && $$1 != "") { \
                split($$2,A,"/") ; TMP = "/" A[2] ; \
                print $$1 TMP"\t"$$0 ; \
                if (! seen[$$1]) { seen[$$1] = 1 ; print $$1"\t"$$0 ; } \
                for (N = 3; N <= NF && $$N !~ "#" ; N++) { \
                        if ($$N !~ "#" && $$N != "") print $$N TMP"\t"$$0 ; \
                        if (! seen[$$N]) { seen[$$N] = 1 ; print $$N"\t"$$0 ; } \
                } } } ' \
                $(SERVICES) | $(DBLOAD) -r -i $(SERVICES) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


ifeq (x$(MERGE_PASSWD),xtrue)
passwd.byname: $(PASSWD) $(SHADOW) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(MERGER) -p $(PASSWD) $(SHADOW) | \
           $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
           print $$1"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

passwd.byuid: $(PASSWD) $(SHADOW) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(MERGER) -p $(PASSWD) $(SHADOW) | \
           $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
           print $$3"\t"$$0 }' | $(DBLOAD) -i $(PASSWD) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

sudoers.byname: $(SUDOERS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
           print $$1"\t"$$0 }' $(SUDOERS) | $(DBLOAD) -i $(SUDOERS) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

sudoers.byuid: $(SUDOERS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
           print $$3"\t"$$0 }' $(SUDOERS) | $(DBLOAD) -i $(SUDOERS) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

# Don't build a shadow map !
shadow.byname:
        @echo "Updating $@... Ignored -> merged with passwd"

else

passwd.byname: $(PASSWD) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
           print $$1"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \
                -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

passwd.byuid: $(PASSWD) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINUID) && $$3 != $(NFSNOBODYUID) ) \
           print $$3"\t"$$0 }' $(PASSWD) | $(DBLOAD) -i $(PASSWD) \
                 -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

shadow.byname: $(SHADOW) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '{ if (FILENAME ~ /shadow$$/) { \
                if (UID[$$1] >= $(MINUID) && UID[$$1] != $(NFSNOBODYUID)) print $$1"\t"$$0; \
                        } else UID[$$1] = $$3; }' $(PASSWD) $(SHADOW) \
                | $(DBLOAD) -s -i $(SHADOW) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
endif

passwd.adjunct.byname: $(ADJUNCT) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" ) print $$1"\t"$$0 }' \
                $(ADJUNCT) | $(DBLOAD) -s -i $(ADJUNCT) -o $(YPMAPDIR)/$@ - $@
        @chmod 700 $(YPDIR)/$(DOMAIN)/$@*
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

ifeq (x$(MERGE_GROUP),xtrue)
group.byname: $(GROUP) $(GSHADOW) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(MERGER) -g $(GROUP) $(GSHADOW) | \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
        print $$1"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

group.bygid: $(GROUP) $(GSHADOW) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(MERGER) -g $(GROUP) $(GSHADOW) | \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
        print $$3"\t"$$0 }' | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

else

group.byname: $(GROUP) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
                                        print $$1"\t"$$0 }' $(GROUP) \
                | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

group.bygid: $(GROUP) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(UMASK); \
        $(AWK) -F: '!/^[-+#]/ { if ($$1 != "" && $$3 >= $(MINGID) && $$3 != $(NFSNOBODYGID) ) \
                                        print $$3"\t"$$0 }' $(GROUP) \
                | $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
endif

$(NETID):
netid.byname: $(GROUP) $(PASSWD) $(HOSTS) $(NETID) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(MKNETID) -q -p $(PASSWD) -g $(GROUP) -h $(HOSTS) -d $(DOMAIN) \
                -n $(NETID) | $(DBLOAD) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


mail.aliases: $(ALIASES) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ \
                        if ($$1 ~ "^#.*") \
                                next; \
                        if ($$1 == "" || $$1 == "+") { \
                                if (line != "") \
                                        {print line; line = "";} \
                                next; \
                        } \
                        if ($$0 ~ /^[[:space:]]/) \
                                line = line $$0; \
                        else { \
                                if (line != "") \
                                        {print line; line = "";} \
                                line = $$0; \
                        } \
                } \
                END {if (line != "") print line}' \
                $(ALIASES) | $(DBLOAD) --aliases \
                        -i $(ALIASES) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


publickey.byname: $(PUBLICKEYS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if($$1 !~ "#" && $$1 != "") { print $$1"\t"$$2 }}' \
                $(PUBLICKEYS) | $(DBLOAD) -i $(PUBLICKEYS) \
                 -o $(YPMAPDIR)/$@ - $@
        @$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


printcap: $(PRINTCAP) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(CREATE_PRINTCAP) < $(PRINTCAP) | \
                $(DBLOAD) -i $(PRINTCAP) -o $(YPMAPDIR)/$@ - $@
        @$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


auto.master: $(AUTO_MASTER) $(YPDIR)/Makefile
        @echo "Updating $@..."
        -@sed -e "/^#/d" -e s/#.*$$// $(AUTO_MASTER) | $(DBLOAD) \
                -i $(AUTO_MASTER) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

auto.home: $(AUTO_HOME) $(YPDIR)/Makefile
        @echo "Updating $@..."
        -@sed -e "/^#/d" -e s/#.*$$// $(AUTO_HOME) | $(DBLOAD) \
                -i $(AUTO_HOME) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


auto.local: $(AUTO_LOCAL) $(YPDIR)/Makefile
        @echo "Updating $@..."
        -@sed -e "/^#/d" -e s/#.*$$// $(AUTO_LOCAL) | $(DBLOAD) \
                -i $(AUTO_LOCAL) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


amd.home: $(AMD_HOME) $(YPDIR)/Makefile
        @echo "Updating $@..."
        -@sed -e "s/#.*$$//" -e "/^$$/d" $(AMD_HOME) | \
        $(AWK) '{\
                for (i = 1; i <= NF; i++)\
                   if (i == NF) { \
                      if (substr($$i, length($$i), 1) == "\\") \
                           printf("%s", substr($$i, 1, length($$i) -1)); \
                       else \
                          printf("%s\n",$$i); \
                      } \
                   else \
                      printf("%s ",$$i);\
                }' | $(DBLOAD) -i $(AMD_HOME) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@

timezone.byname: $(TIMEZONE) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#") \
                print $$2"\t"$$0 }' $(TIMEZONE) | $(DBLOAD) \
                        -r -i $(TIMEZONE) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


locale.byname: $(LOCALE) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#") \
             print $$2"\t"$$0"\n"$$1"\t"$$2"\t"$$1 }' $(LOCALE) | $(DBLOAD) \
                -r -i $(LOCALE) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@


netmasks.byaddr: $(NETMASKS) $(YPDIR)/Makefile
        @echo "Updating $@..."
        @$(AWK) '{ if ($$1 != "" && $$1 !~ "#") \
                print $$1"\t"$$2 }' $(NETMASKS) | $(DBLOAD) \
                        -r -i $(NETMASKS) -o $(YPMAPDIR)/$@ - $@
        -@$(NOPUSH) || $(YPPUSH) -d $(DOMAIN) $@
And here is my nsswitch.conf in NIS client.
Code:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd: compat
group:  compat
sudoers: nis
hosts:  files dns
networks:       files dns
services:       files nis
protocols:      files
rpc:    files
ethers: files
netmasks:       files
netgroup:       nis
publickey:      files

bootparams:     files
automount:      files
aliases:        files nis
shadow: compat
Thanks

Sridhar
 
Old 12-31-2010, 10:03 AM   #10
karlochacon
Member
 
Registered: Dec 2006
Posts: 107

Rep: Reputation: 17
hi guys

was someone able to integrate NIS and sudoers?
 
Old 02-22-2011, 03:58 PM   #11
ksri07091983
Member
 
Registered: Nov 2007
Location: Chennai,TamilNadu,India
Distribution: RedHat,SuSE
Posts: 65

Original Poster
Rep: Reputation: 15
Hi karlochacon,

Unfortunately, I am still looking for some one to discover an answer for this question of integrating sudoers in an NIS environment.
 
Old 09-26-2014, 03:36 PM   #12
TroyBailey
LQ Newbie
 
Registered: Sep 2014
Posts: 2

Rep: Reputation: Disabled
NIS sudo distribution via /etc/group file

In Ubuntu 14.04 , one thing I found is that if you are synchronizing your /etc/group file with the GUID less than 1000, you can add the user to the "sudo" and "adm" /etc/group file on the master, and then push it out to the slaves with: sudo -C make /var/yp .

This obviously only works for the ALL category in the sudoers file so be careful who you trust.

From https://help.ubuntu.com/community/SettingUpNISHowTo
***********
7. Edit /var/yp/Makefile and read the instructions. It probably won't need a lot of modification. The only thing I changed was the MINGID line so that the group memberships would be propagated across the domain. I set it to 1. (the default is GUID 1000)
***********


-Troy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A question about users changing passwords in a NIS environment... trist007 Linux - Newbie 4 08-13-2010 08:05 PM
Is NIS okay for a centralized working environment? saagar Linux - Newbie 2 01-19-2010 06:56 PM
autofs NIS+ complaint in a NISless environment Kemi Linux - Server 1 07-21-2007 12:45 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 06:03 PM
Restricting logins in a NIS environment fishsponge Linux - Networking 1 06-09-2005 09:52 AM


All times are GMT -5. The time now is 01:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration