Re: [CentOS] change sudoers remotely

2013-07-09 Thread natxo asenjo
On 07/08/2013 10:32 PM, Tim Dunphy wrote: hello list, I've been asked to give someone sudo rights across an entire environment without the benefit of something like puppet or chef or cfengine et al. another option is using ldap, so you can specify who can do what in the ldap tree. The IPA

[CentOS] change sudoers remotely

2013-07-08 Thread Tim Dunphy
hello list, I've been asked to give someone sudo rights across an entire environment without the benefit of something like puppet or chef or cfengine et al. What I've come up with so far is this: ssh -t miaprbicsra04v sudo -S /bin/echo rsherman ALL=\(ALL\) NOPASSWD: /sbin/service /bin/rm

Re: [CentOS] change sudoers remotely

2013-07-08 Thread m . roth
Tim Dunphy wrote: hello list, I've been asked to give someone sudo rights across an entire environment without the benefit of something like puppet or chef or cfengine et al. What I've come up with so far is this: ssh -t miaprbicsra04v sudo -S /bin/echo rsherman ALL=\(ALL\) NOPASSWD:

Re: [CentOS] change sudoers remotely

2013-07-08 Thread John R. Dennison
On Mon, Jul 08, 2013 at 05:02:58PM -0400, m.r...@5-cent.us wrote: Since doing what you did just told the world a username that they can try to break in with. Assuming it's internet facing. Second, sudoers should ALWAYS be edited with visudo, and you might do a here script Hardly. If

Re: [CentOS] change sudoers remotely

2013-07-08 Thread Tim Dunphy
Assuming it's internet facing. It's NOT!! Luckily. :) Otherwise he'd be completely right. Second, sudoers should ALWAYS be edited with visudo, and you might do a here script Hardly. If you're using any type of provisioning system with a tested template this type of thing is trivial to do

Re: [CentOS] change sudoers remotely

2013-07-08 Thread Leon Fauster
Am 08.07.2013 um 23:02 schrieb m.r...@5-cent.us: Tim Dunphy wrote: hello list, I've been asked to give someone sudo rights across an entire environment without the benefit of something like puppet or chef or cfengine et al. What I've come up with so far is this: ssh -t miaprbicsra04v

Re: [CentOS] change sudoers remotely

2013-07-08 Thread Keith Keller
On 2013-07-08, Leon Fauster leonfaus...@googlemail.com wrote: also check 'man sudoers' for 'Including other files from within sudoers' For CentOS 5 you will need an up to date sudo from yum or equivalent; earlier versions apparently do not have this functionality. --keith --

Re: [CentOS] change sudoers remotely

2013-07-08 Thread Kahlil Hodgson
You might want to have a look at ansible (www.ansibleworks.com) for orchestration/configuration tasks like this. Very simple to set up and requires nothing but ssh and python on the target host. Takes care of all the ssh and sudo user transitions for you. For your case it would be as simple as.