[PLUG] hostnames in sudoers file?
Wil Cooley
wcooley at nakedape.cc
Wed Jan 24 18:50:20 UTC 2007
On Wed, 2007-01-24 at 10:30 -0800, Robert Anderson wrote:
> Can someone help me understand why one would use several hostnames in a
> sudoers file? It's my understanding that running sudo will only execute
> commands locally. In other words, you cannot grant remote sudo permissions
> in a local sudoers file....right? My only guess is that it is for the
> convenience of managing a single sudoers file that is distributed to several
> hosts. If this is the case, is there an easy way to distribute sudoers files
> to many hosts, other than simply scp'ing the file? Or is there a way to
> "host" a master sudoers file that all the hosts will look to when sudo is
> run? Ouch, that sounds like a potential security risk.
>
> Thanks in advance.
On larger managed networks, configuration files are managed centrally
and then distributed out to the various hosts. Being able to specify
host-specific options means that you can have one sudoers file that
works across many systems.
As far as means of distribution, there are a number of tools. Older
home-brewed systems used rdist, rsync, etc. I am currently using
cfengine[1], although I've been intending to look at puppet[2]. There
are other tools too; see http://www.infrastructures.org for a paper and
discussion.
1. http://www.cfengine.org
2. http://reductivelabs.com/projects/puppet/
Wil
--
Wil Cooley <wcooley at nakedape.cc>
http://nakedape.cc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20070124/04f031e5/attachment.asc>
More information about the PLUG
mailing list