Welcome to Bruno Bonfils's (aka asyd homepage).
IntroFor a (short) while now, sudo have a LDAP support, which allow to store a global sudoers in a LDAP Directory. Note : The LDAP support doesn't require usage of *_Alias BuildJust add the --with-ldap option to configure ConfigEdit the file /etc/ldap.conf (default) to have something looks like : host ldap.asyd.net port 389 sudoers_base ou=Sudo,dc=asyd,dc=net # sudoers_debug 2 LDAPHere some sample entries : dn: cn=defaults,ou=sudo,dc=asyd,dc=net objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here dn: cn=root,ou=sudo,dc=asyd,dc=net sudoCommand: ALL objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL dn: cn=%gunixmgr,ou=sudo,dc=asyd,dc=net sudoCommand: ALL objectClass: top objectClass: sudoRole cn: %gunixmgr sudoUser: %gunixmgr sudoHost: ALL dn: cn=%gunixdba+sudoRunAs=oracle,ou=sudo,dc=asyd,dc=net cn: %gunixdba sudoRunAs: oracle sudoCommand: ALL objectClass: top objectClass: sudoRole sudoUser: %gunixdba sudoHost: ALL sudoOption: !authenticate dn: cn=oracle,ou=sudo,dc=asyd,dc=net sudoCommand: /usr/bin/vi /etc/init.d/oracle sudoCommand: /etc/init.d/snmpd objectClass: top objectClass: sudoRole cn: oracle sudoUser: oracle sudoHost: ALL |
