[CentOS] change sudoers remotely

natxo asenjo natxo.asenjo at gmail.com
Tue Jul 9 09:36:46 UTC 2013


On 07/08/2013 10:32 PM, Tim Dunphy wrote:
> hello list,
>
>   I've been asked to give someone sudo rights across an entire environment
> without the benefit of something like puppet or chef or cfengine et al.

another option is using ldap, so you can specify who can do what in the 
ldap tree.

The IPA project (included in centos as ipa-server and ipa-client) fixes 
all this for you:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html

Having said this, the question to manage an environment without 
management tools is peculiar. You need to have a way to introduce 
changes in a safe, tested, repetitive way. Denying you the possibility 
of doing this is not best practices and you should point this a a risk 
in your project.

-- 
groet,
natxo




More information about the CentOS mailing list