RE: exporting sudoers, good pratcice ?
From: Tony Kava (securityfocus_at_pottcounty.com)
Date: 02/07/04
- Previous message: Chris Freeman: "Re: exporting sudoers, good pratcice ?"
- Maybe in reply to: Frédéric Médery: "exporting sudoers, good pratcice ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com> Date: Sat, 7 Feb 2004 14:37:45 -0600
> I would suggest not to use one single big sudoers file,
> because the probablity of forgetting something or of
> making a configuration mistake grows bigger as the
> sudoers file grows bigger. And each server is always
> (at least very slightly) different one from another, so
> sharing the same configuration file without reviewing
> it on each machine can cause unwated surprises.
Your statements are very true. Anything that can provide a regular user
with root access tends to make me nervous. However, if one does decide to
export a single sudoers file for all hosts you can define hosts where
particular users can execute their particular commands (see the sudoers man
page) so that you still have the ability to support servers of varying
configurations.
-- Tony Kava Network Administrator Pottawattamie County, Iowa
- Previous message: Chris Freeman: "Re: exporting sudoers, good pratcice ?"
- Maybe in reply to: Frédéric Médery: "exporting sudoers, good pratcice ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
