Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Options to administer SUDO on 300+ servers...

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Options to administer SUDO on 300+ servers...
# 1  
Old 03-02-2009
Options to administer SUDO on 300+ servers...
I am supporting a little over 300+ servers, mostly Solaris with a handful of AIX and HPUX. Currently each box has its own sudoers file that is different. I have ran a script and captured each sudoers file. Our goal is to have 1 common sudo file on a trusted host and then only have to edit that file and then run a script to scp it to the other servers. Rsync is not an option. First I having trouble find a text file migration tool, anyone know of any good ones? 2nd is there a better way to do this that is not to involving as we are implementing Centrify in about 6-9 months?
# 2  
Old 03-02-2009
First, does it work that all hosts have the same sudoers? Aren't there different needs for each host like filename which is allowed or is it always localhost etc.?

What do you mean with a "text file migration tool" ??

Maybe a shell script working a textfile with the hostnames, scp'ing everything for distribution is an option.

I don't know Centrify but sounds like a central host management tool. Solely up to you if you want to do something before you get Centrify. Usually such a script is done quick and with some testing you might just need some hours, coffee break counted in. So it's your decision.
# 3  
Old 03-02-2009
Not all hosts have the same users and sudoers options. If a user does not need sudo option, 1. they more than likely don't have an account and 2. we have about dozen or so sudo groups that match a generic user id on the host. There for if the sudo file is on a machine where that user doesn't need access 1 they probably can't even log in and 2 if they do there sudo group id won't work.

I have collect my 300+ sudoers files and put them on my laptop each in a separate text file. I just need to make sure that everyone that is in the sysadmin group from the 300 servers is in the common sudo file the same with our dba sudo group ect....


Make sense?
# 4  
Old 03-09-2009
If that fits your needs, it makes sense, I think Smilie
Adding the entry for this group on that 300 files could be done with a for loop and sed for example. You alter the files, write them to a tmp name and move it back over the original. Test it out before you go on your life data.
# 5  
Old 03-10-2009
I had the same problem
with sudo some years back and I came accross
this tool
lf278, SystemAdministration: Automating system administration with ssh and scp

see if it can help you
Dan
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

2. Red Hat

Installing SWAT to administer Samba

Hi, I have installed RHEL 5.2 for a specific reason. Anyway I would really like to use SWAT to administer Samba. Samba is currently installed and working almost successfully however SWAT would make life a bit easier. I have tried rpm -ivh samba-swat but it can't find the file. ... (1 Reply)
Discussion started by: drag0n
1 Replies

3. HP-UX

Boot Options on HP PA-RISC and Itanium Servers

I've never really explored the options available in the boot firmware on our servers. Outside of needing to change boot device paths a few times for various reasons, I'm wondering what the implications are of turning off FASTBOOT. According to the man page for 'setboot', it seems that when... (1 Reply)
Discussion started by: deckard
1 Replies

4. HP-UX

how to administer remote server

i want to adduser change IP,any admin account. how can i do that? (1 Reply)
Discussion started by: kenshinhimura
1 Replies

5. Shell Programming and Scripting

how to remotely administer/validate UNIX server via Windows machine?

Hi there--I think this is more of a Windows question, but I think many of you might be able to help me out: I have a UNIX web server and a Windows machine. I'm trying to script the following tasks so that they can be run from the Windows machine (via a batch file): 1. Shutdown web services... (5 Replies)
Discussion started by: sohungry73
5 Replies
Login or Register to Ask a Question