FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2005
    Posts
    36

    sudo question (host alias)

    Since my network is getting complicated at an exponential rate, I've been looking into graning some of the tedious tasks to other people.

    These include adding users, running backups, and checking the log files.

    This frees me up for more fun things like LDAP, Samba, and SELinux

    Anyway, it looks like sudo will fit the bill in the short run. However, I can't seem to find a lot of information about the "host alias" section of the sudoers file and what it does.

    It seems like you can grant host-based access to certain commands by person. I get that, what I don't get is how the host-based part of it works. It seems to me that the same /etc/sudoers file would have to be available on every client machine. I didn't recall seeing anything about a centralized "sudo" permission system for a network.

    So if anyone has helpful advice on setting up sudo on a network, I'd appreciate any advice. I'm probably making it harder than it is.

    Thanks,
    ac

    BTW, I have already read the man pages and searched the forum

  2. #2
    Join Date
    Feb 2005
    Posts
    675
    The way I read the man page I think they intend that the same sudoers file is deployed to all your machines. The host_alias allows you to fine tune access by specifying which machines a user has sudo permissions on. This allows you to grant one user permissions on all servers but another user may only have permissions on one or two servers.

    By using the same file across all systems you don't have to remember to edit 15 different sudoers files. You do it once and push it out to the other systems.

    At least that is the way I understand it.

  3. #3
    Join Date
    Feb 2005
    Posts
    36
    Okay, that makes sense. I used to use an rsync+ssh method of doing exactly this for my client machines. But the network grew in complexity to make that more trouble than it was worth. That's why I moved to LDAP.

    I actually stumbled upon an LDAP schema specifically for sudo. I'm going to play around with it today and see if it works.

    Worst case, I'll just make one file, copy it to the client machines once (and during kickstart installs), and just leave it at that.

    Thanks for the help.

    Ac

Similar Threads

  1. unix question: user supplied input for 'alias'
    By Ospreyeagle in forum Using Fedora
    Replies: 1
    Last Post: 11th April 2006, 11:00 PM
  2. A question about sudo
    By ardchoille in forum Using Fedora
    Replies: 1
    Last Post: 3rd November 2005, 04:56 AM
  3. Sudo question
    By satimis in forum Using Fedora
    Replies: 6
    Last Post: 7th December 2004, 03:33 AM
  4. Sudo question
    By satimis in forum Using Fedora
    Replies: 3
    Last Post: 13th November 2004, 11:49 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •