On 07/08/2013 10:32 PM, Tim Dunphy wrote: > hello list, > > I've been asked to give someone sudo rights across an entire environment > without the benefit of something like puppet or chef or cfengine et al. another option is using ldap, so you can specify who can do what in the ldap tree. The IPA project (included in centos as ipa-server and ipa-client) fixes all this for you: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html Having said this, the question to manage an environment without management tools is peculiar. You need to have a way to introduce changes in a safe, tested, repetitive way. Denying you the possibility of doing this is not best practices and you should point this a a risk in your project. -- groet, natxo