LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-06-2012, 09:04 AM   #1
Spartan@007
LQ Newbie
 
Registered: Dec 2012
Posts: 3

Rep: Reputation: Disabled
Sudoers


Hiee,

Can anyone let me know if two sudoers file csn be maintained in RHEL servers. I had tried to search in on WEB but didn't much info on this. Can anyone help me on this. It would be gr8 help for me!!

Thanks
 
Old 12-06-2012, 09:32 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,181

Rep: Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403
Quote:
Originally Posted by Spartan@007 View Post
Hiee,
Can anyone let me know if two sudoers file csn be maintained in RHEL servers. I had tried to search in on WEB but didn't much info on this. Can anyone help me on this. It would be gr8 help for me!!
Thanks
Please don't use text-speak here.

The short answer is "no"...there is one sudoers file. You can centralize it for multiple servers in some cases, but there's only one. However, you CAN include other files into the sudoers file. When someone tries to run sudo, it will run through the sudoers file, until it reaches that include file, process it, then continue. Tell us what you're trying to accomplish/do with such a scenario, and maybe we can suggest other options. The sudoers manual is here:

http://www.sudo.ws/sudoers.man.html
 
Old 12-06-2012, 09:34 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
It woudl help if you described what you want to achieve from these two files, but maybe the sudoers.d / sudo.d directory is what you want? long ago sudo added an "include" directive, which will load all files in a single directory.

a bit of human level info here... http://www.peppertop.com/blog/?p=1015
 
Old 12-06-2012, 10:31 AM   #4
Spartan@007
LQ Newbie
 
Registered: Dec 2012
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hi,

Thanks for your reply. I want to add sudoers entry in many servers in one go through scripting. Problem is that script will re-create the sudoers file deleting old entries.So i want to know is there any possibility that i can create a new file in /etc/sudo.d directory.
 
Old 12-06-2012, 12:51 PM   #5
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,142
Blog Entries: 2

Rep: Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846Reputation: 4846
Quote:
Originally Posted by Spartan@007 View Post
Problem is that script will re-create the sudoers file deleting old entries.
Use the >> redirector in your script, instead of the > redirector. This will append to the file, not overwrite it.

Quote:
So i want to know is there any possibility that i can create a new file in /etc/sudo.d directory.
Just create a file there and put in the contents you need.

Warning: Keep in mind that syntax errors in the sudoers files will render sudo unusable. This will be a serious problem if sudo is the only way on that systems to get root privileges. Extensive testing is needed before using that on production systems.
 
Old 12-06-2012, 03:38 PM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,181

Rep: Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403Reputation: 4403
Quote:
Originally Posted by Spartan@007 View Post
Hi,

Thanks for your reply. I want to add sudoers entry in many servers in one go through scripting. Problem is that script will re-create the sudoers file deleting old entries.So i want to know is there any possibility that i can create a new file in /etc/sudo.d directory.
TobiSGD pointed out the ">>" directive, but scripting modifications to the sudoers file is an invitation to trouble. First, the script itself would have to run with root privileges, making it a security vulnerability. Second, ANY problems with the script renders ALL of the sudo users unable to get in/work, since the sudoers file will be corrupted. Third, unless you modify the file with 'visudo' (the ONLY recommended way), getting the permissions/ownership correct will be problematic, since if *THEY'RE* wrong, the file is also unusable.

You can centralize your sudoers file, so you can have ONE for multiple servers. Some possible solutions are posted here:
http://serverfault.com/questions/906...o-sudoers-file

You don't say if you're using LDAP or not, but you can tie in LDAP with SUDO too. You can also use puppet or SVN to deploy sudoers as well, so you can maintain ONE file, rather than trying to script together something that may cause numerous problems.
 
Old 12-07-2012, 02:11 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
Quote:
Originally Posted by Spartan@007 View Post
Hi,

Thanks for your reply. I want to add sudoers entry in many servers in one go through scripting. Problem is that script will re-create the sudoers file deleting old entries.So i want to know is there any possibility that i can create a new file in /etc/sudo.d directory.
well do you have one? Clearly if the system is set up right then it is possible. Look to see, and give it a try.

As above, puppet is excellent, highly recommended for things like this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] User not in sudoers: How to add user? Permtion Denied for sudoers file esgol Linux - Newbie 3 07-13-2012 07:44 AM
Fedora /etc/sudoers file and sudoers.d directory davejjj Linux - Newbie 2 10-21-2011 06:19 PM
[SOLVED] sudoers hurryi Linux - Newbie 10 10-17-2010 03:27 PM
Help with sudoers DrStrangepork Linux - Newbie 8 10-13-2009 07:53 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 05:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration