Sudoers
Hiee,
Can anyone let me know if two sudoers file csn be maintained in RHEL servers. I had tried to search in on WEB but didn't much info on this. Can anyone help me on this. It would be gr8 help for me!! Thanks |
Quote:
The short answer is "no"...there is one sudoers file. You can centralize it for multiple servers in some cases, but there's only one. However, you CAN include other files into the sudoers file. When someone tries to run sudo, it will run through the sudoers file, until it reaches that include file, process it, then continue. Tell us what you're trying to accomplish/do with such a scenario, and maybe we can suggest other options. The sudoers manual is here: http://www.sudo.ws/sudoers.man.html |
It woudl help if you described what you want to achieve from these two files, but maybe the sudoers.d / sudo.d directory is what you want? long ago sudo added an "include" directive, which will load all files in a single directory.
a bit of human level info here... http://www.peppertop.com/blog/?p=1015 |
Hi,
Thanks for your reply. I want to add sudoers entry in many servers in one go through scripting. Problem is that script will re-create the sudoers file deleting old entries.So i want to know is there any possibility that i can create a new file in /etc/sudo.d directory. |
Quote:
Quote:
Warning: Keep in mind that syntax errors in the sudoers files will render sudo unusable. This will be a serious problem if sudo is the only way on that systems to get root privileges. Extensive testing is needed before using that on production systems. |
Quote:
You can centralize your sudoers file, so you can have ONE for multiple servers. Some possible solutions are posted here: http://serverfault.com/questions/906...o-sudoers-file You don't say if you're using LDAP or not, but you can tie in LDAP with SUDO too. You can also use puppet or SVN to deploy sudoers as well, so you can maintain ONE file, rather than trying to script together something that may cause numerous problems. |
Quote:
As above, puppet is excellent, highly recommended for things like this. |
All times are GMT -5. The time now is 10:07 PM. |