Just wondering if anyone out there is using sudo across a bunch of machines and has a system/script for painlessly distributing a master sudoers file? is it as easy as a daily cronjob running wget/scp/rsync?
On 9/7/06, Nick <list at everywhereinternet.com> wrote:> Just wondering if anyone out there is using sudo across a bunch of > machines and has a system/script for painlessly distributing a master > sudoers file? is it as easy as a daily cronjob running wget/scp/rsync?I do, but I use the group access directive '%' to give access to people in the 'wheel' group. I have scripts which manage users across a bunch of machines which allow me to create a user and have his account and SSH key distributed to 10-15 machines without much work. Something like cfengine (cfengine.org) might be overkill here. I can't see anything wrong with a daily / hourly rsync of the sudoers file. The only thing I'd say is why do you need to make configuration changes so often? Can you not group these users into a group (or multiple groups?) Phil.
On Thu, 7 Sep 2006, Nick wrote:> Just wondering if anyone out there is using sudo across a bunch of > machines and has a system/script for painlessly distributing a > master sudoers file? is it as easy as a daily cronjob running > wget/scp/rsync?I use cfengine for this task -- but it doesn't work with your choice of adverbs. The day that "painlessly" can be applied to "configuration management" will be a good one indeed! :-) -- Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
Nick wrote:> Just wondering if anyone out there is using sudo across a bunch of > machines and has a system/script for painlessly distributing a master > sudoers file? is it as easy as a daily cronjob running wget/scp/rsync?I interpret that to mean, "Can I change it with unofficial tools (ie, not visudo?" Yes, I regularly customise mine during (kickstart) install with sed, ed or similar. Since you're not using the supplied checker, the onus is on you to get it right. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/ Please do not reply off-list