For a (short) while now, sudo have a LDAP support, which allow to store a global sudoers in a LDAP Directory.
Note : The LDAP support doesn't require usage of *_Alias
Just add the
--with-ldap
option to configure
Edit the file /etc/ldap.conf (default) to have something looks like :
host ldap.asyd.net port 389 sudoers_base ou=Sudo,dc=asyd,dc=net # sudoers_debug 2
Here some sample entries :
dn: cn=defaults,ou=sudo,dc=asyd,dc=net objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here dn: cn=root,ou=sudo,dc=asyd,dc=net sudoCommand: ALL objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL dn: cn=%gunixmgr,ou=sudo,dc=asyd,dc=net sudoCommand: ALL objectClass: top objectClass: sudoRole cn: %gunixmgr sudoUser: %gunixmgr sudoHost: ALL dn: cn=%gunixdba+sudoRunAs=oracle,ou=sudo,dc=asyd,dc=net cn: %gunixdba sudoRunAs: oracle sudoCommand: ALL objectClass: top objectClass: sudoRole sudoUser: %gunixdba sudoHost: ALL sudoOption: !authenticate dn: cn=oracle,ou=sudo,dc=asyd,dc=net sudoCommand: /usr/bin/vi /etc/init.d/oracle sudoCommand: /etc/init.d/snmpd objectClass: top objectClass: sudoRole cn: oracle sudoUser: oracle sudoHost: ALL