[CentOS] change sudoers remotely

Tim Dunphy bluethundr at gmail.com
Mon Jul 8 21:21:02 UTC 2013


>Assuming it's internet facing.

It's NOT!! Luckily. :) Otherwise he'd be completely right.

> Second, sudoers should ALWAYS be edited with visudo, and you might do a
> here script....

>Hardly.  If you're using any type of provisioning system with a tested
>template this type of thing is trivial to do right.

>Tim, if you're using C6 look into dropping a properly configured sudo
>config into /etc/sudoers.d instead of mucking with /etc/sudoers.conf.

Thanks, that'd be my preference. Although it's tough to tell if all sudoers
across the environment should be exactly the same. Probably not so I'm
attempting to append the file. I've done the original edit in visudo.. not
sure if that's enough for me to be confident in the line I'm attempting to
add however.

Tim



On Mon, Jul 8, 2013 at 5:17 PM, John R. Dennison <jrd at gerdesas.com> wrote:

> On Mon, Jul 08, 2013 at 05:02:58PM -0400, m.roth at 5-cent.us wrote:
> >
> > Since doing what you did just told the world a username that they can try
> > to break in with.
>
> Assuming it's internet facing.
>
> > Second, sudoers should ALWAYS be edited with visudo, and you might do a
> > here script....
>
> Hardly.  If you're using any type of provisioning system with a tested
> template this type of thing is trivial to do right.
>
> Tim, if you're using C6 look into dropping a properly configured sudo
> config into /etc/sudoers.d instead of mucking with /etc/sudoers.conf.
>
>
>
>
>
>                                                         John
> --
> TURKEY, n. A large bird whose flesh when eaten on certain religious
> anniversaries has the peculiar property of attesting piety and gratitude.
> Incidentally, it is pretty good eating.
>
> -- Ambrose Bierce, The Devil's Dictionary
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B



More information about the CentOS mailing list