We're going to go with sudoers in ldap, not because I think it's better, but because it's somewhat more secure. I think the layout of how it's managed in ldap is much inferior (having to declare each group multiple times, and not being able to apply privileges to a *group*, is stupid) but it is at least someplace where I know the clever people can't get easy access to it, and if the sudoers file gets modified, I can have tripwire scream.
-- juniper ----- Original Message ----- From: "Kenneth Holter" <kenneho....@gmail.com> To: fedora-directory-users@redhat.com Sent: Tuesday, December 29, 2009 7:12:41 AM GMT -05:00 US/Canada Eastern Subject: [389-users] /etc/sudoers VS sudo-objects in directory server Hi. We're working on setting up Red Hat Directory Server (RHDS), and need to make a decision about wether sudo information should be defined as sudo-objects in the directory server, or if we should stick to /etc/sudoers. I've played around with sudo-objects in the directory server, and got it working. But the way I see it, maintaining sudo information in /etc/sudoers is much easier than to maintain it in a directory server. In the latter case, I'd either have to use the GUI, or write scripts/ldif files to make necessary changes to the sudo setup, and they both seem less intuitive than to simply edit the /etc/sudoers file. I'd very much like to hear from others on their thoughts on wether to maintain sudo information in /etc/sudoers or in the directory server, so please feel free to post a reply. Best regards, Kenneth Holter -- 389 users mailing list 389-us...@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -- 389 users mailing list 389-us...@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
