On 07/08/2013 10:32 PM, Tim Dunphy wrote:
hello list,
I've been asked to give someone sudo rights across an entire environment
without the benefit of something like puppet or chef or cfengine et al.
another option is using ldap, so you can specify who can do what in the
ldap tree.
The IPA
hello list,
I've been asked to give someone sudo rights across an entire environment
without the benefit of something like puppet or chef or cfengine et al.
What I've come up with so far is this:
ssh -t miaprbicsra04v sudo -S /bin/echo rsherman ALL=\(ALL\) NOPASSWD:
/sbin/service /bin/rm
Tim Dunphy wrote:
hello list,
I've been asked to give someone sudo rights across an entire environment
without the benefit of something like puppet or chef or cfengine et al.
What I've come up with so far is this:
ssh -t miaprbicsra04v sudo -S /bin/echo rsherman ALL=\(ALL\) NOPASSWD:
On Mon, Jul 08, 2013 at 05:02:58PM -0400, m.r...@5-cent.us wrote:
Since doing what you did just told the world a username that they can try
to break in with.
Assuming it's internet facing.
Second, sudoers should ALWAYS be edited with visudo, and you might do a
here script
Hardly. If
Assuming it's internet facing.
It's NOT!! Luckily. :) Otherwise he'd be completely right.
Second, sudoers should ALWAYS be edited with visudo, and you might do a
here script
Hardly. If you're using any type of provisioning system with a tested
template this type of thing is trivial to do
Am 08.07.2013 um 23:02 schrieb m.r...@5-cent.us:
Tim Dunphy wrote:
hello list,
I've been asked to give someone sudo rights across an entire environment
without the benefit of something like puppet or chef or cfengine et al.
What I've come up with so far is this:
ssh -t miaprbicsra04v
On 2013-07-08, Leon Fauster leonfaus...@googlemail.com wrote:
also check 'man sudoers' for 'Including other files from within sudoers'
For CentOS 5 you will need an up to date sudo from yum or equivalent;
earlier versions apparently do not have this functionality.
--keith
--
You might want to have a look at ansible (www.ansibleworks.com) for
orchestration/configuration tasks like this. Very simple to set up
and requires nothing but ssh and python on the target host. Takes
care of all the ssh and sudo user transitions for you. For your case
it would be as simple as.
8 matches
Mail list logo