Sudoers
 

Hiee,

Can anyone let me know if two sudoers file csn be maintained in RHEL servers. I had tried to search in on WEB but didn't much info on this. Can anyone help me on this. It would be gr8 help for me!!

Thanks

Please don't use text-speak here.

The short answer is "no"...there is one sudoers file. You can centralize it for multiple servers in some cases, but there's only one. However, you CAN include other files into the sudoers file. When someone tries to run sudo, it will run through the sudoers file, until it reaches that include file, process it, then continue. Tell us what you're trying to accomplish/do with such a scenario, and maybe we can suggest other options. The sudoers manual is here:

http://www.sudo.ws/sudoers.man.html

It woudl help if you described what you want to achieve from these two files, but maybe the sudoers.d / sudo.d directory is what you want? long ago sudo added an "include" directive, which will load all files in a single directory.

a bit of human level info here... http://www.peppertop.com/blog/?p=1015

Hi,

Thanks for your reply. I want to add sudoers entry in many servers in one go through scripting. Problem is that script will re-create the sudoers file deleting old entries.So i want to know is there any possibility that i can create a new file in /etc/sudo.d directory.

Use the >> redirector in your script, instead of the > redirector. This will append to the file, not overwrite it.

Just create a file there and put in the contents you need.

TobiSGD pointed out the ">>" directive, but scripting modifications to the sudoers file is an invitation to trouble. First, the script itself would have to run with root privileges, making it a security vulnerability. Second, ANY problems with the script renders ALL of the sudo users unable to get in/work, since the sudoers file will be corrupted. Third, unless you modify the file with 'visudo' (the ONLY recommended way), getting the permissions/ownership correct will be problematic, since if *THEY'RE* wrong, the file is also unusable.

You can centralize your sudoers file, so you can have ONE for multiple servers. Some possible solutions are posted here:
http://serverfault.com/questions/906...o-sudoers-file

You don't say if you're using LDAP or not, but you can tie in LDAP with SUDO too. You can also use puppet or SVN to deploy sudoers as well, so you can maintain ONE file, rather than trying to script together something that may cause numerous problems.

well do you have one? Clearly if the system is set up right then it is possible. Look to see, and give it a try.

As above, puppet is excellent, highly recommended for things like this.