Fedora Linux Support Community & Resources Center
  #1  
Old 22nd June 2005, 09:20 PM
arc2v Offline
Registered User
 
Join Date: Feb 2005
Posts: 36
sudo question (host alias)

Since my network is getting complicated at an exponential rate, I've been looking into graning some of the tedious tasks to other people.

These include adding users, running backups, and checking the log files.

This frees me up for more fun things like LDAP, Samba, and SELinux

Anyway, it looks like sudo will fit the bill in the short run. However, I can't seem to find a lot of information about the "host alias" section of the sudoers file and what it does.

It seems like you can grant host-based access to certain commands by person. I get that, what I don't get is how the host-based part of it works. It seems to me that the same /etc/sudoers file would have to be available on every client machine. I didn't recall seeing anything about a centralized "sudo" permission system for a network.

So if anyone has helpful advice on setting up sudo on a network, I'd appreciate any advice. I'm probably making it harder than it is.

Thanks,
ac

BTW, I have already read the man pages and searched the forum
Reply With Quote
  #2  
Old 22nd June 2005, 10:12 PM
kg4cbk Offline
Registered User
 
Join Date: Feb 2005
Posts: 675
The way I read the man page I think they intend that the same sudoers file is deployed to all your machines. The host_alias allows you to fine tune access by specifying which machines a user has sudo permissions on. This allows you to grant one user permissions on all servers but another user may only have permissions on one or two servers.

By using the same file across all systems you don't have to remember to edit 15 different sudoers files. You do it once and push it out to the other systems.

At least that is the way I understand it.
Reply With Quote
  #3  
Old 23rd June 2005, 01:37 PM
arc2v Offline
Registered User
 
Join Date: Feb 2005
Posts: 36
Okay, that makes sense. I used to use an rsync+ssh method of doing exactly this for my client machines. But the network grew in complexity to make that more trouble than it was worth. That's why I moved to LDAP.

I actually stumbled upon an LDAP schema specifically for sudo. I'm going to play around with it today and see if it works.

Worst case, I'll just make one file, copy it to the client machines once (and during kickstart installs), and just leave it at that.

Thanks for the help.

Ac
Reply With Quote
Reply

Tags
alias , host , question , sudo

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
unix question: user supplied input for 'alias' Ospreyeagle Using Fedora 1 11th April 2006 11:00 PM
A question about sudo ardchoille Using Fedora 1 3rd November 2005 04:56 AM
Sudo question satimis Using Fedora 6 7th December 2004 03:33 AM
Sudo question satimis Using Fedora 3 13th November 2004 11:49 PM


Current GMT-time: 03:28 (Thursday, 19-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat