[Ilugc] sudo file on multiple machines

steve steve at lonetwin.net
Thu Jul 19 09:53:56 IST 2012


Hi,

On 07/18/2012 05:43 PM, Mehul Ved wrote:
> On Wed, Jul 18, 2012 at 3:55 PM, Roshan George <roshan at arjie.com> wrote:
>> On Wed, 2012-07-18 at 14:30 +0530, Mehul Ved wrote:
>>> You can can replace rsync with version control tools like git so you
>>> can even version the various revisions of the file.
>>
>> Git will, by default, happily turn /etc/sudoers 0644. Then there will be
>> some trouble. etckeeper is supposed to work around this and someone
>> seems to have asked a similar question on ServerFault regarding that:
>> <http://serverfault.com/questions/28973/is-it-possible-to-use-etckeeper-with-a-single-shared-git-repository>
> 
> Thanks for informing that. I hadn't tried the solution myself so was
> unaware of the same.
> Just wondering how would tools like puppet and chef work for such
> requirements. It would definitely be an overkill for just the sudoers
> file. But, considering if it were to manage all the 4 servers, how
> useful would it be? Someone here with hands-on experience of that.
> PS: Sorry for taking the thread at a tangent but I feel it would be a
> useful extension of this question so I'm not starting off a new
> thread.

The ^right^ way to do this ofcourse is to have centralized sudo rather than
copying the sudoers file to every machine:

https://www.google.co.in/search?q=centralized+sudo

If you think that is more effort than warranted for your use case, I would
suggest going with scp (if you are ok with overwriting, that is) every time you
update sudoers, basically:

$ export SYSTEMS="192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4"
$ visudo && for i in $SYSTEMS; do scp /etc/sudoers root@$i:/etc/ ; done

If having the same sudoers file on all system is all that you need, this ought
to suffice

cheers,
- steve

-- 
random spiel: http://lonetwin.net/
what i'm stumbling into: http://lonetwin.stumbleupon.com/


More information about the ilugc mailing list