[389-users] /etc/sudoers VS sudo-objects in directory server
patrick.morris at hp.com
patrick.morris at hp.com
Thu Dec 31 00:30:50 UTC 2009
On Tue, Dec 29, 2009 at 7:33 AM, Anne Cross <across itasoftware com>
wrote:
We're going to go with sudoers in ldap, not because I think it's
better, but because it's somewhat more secure. I think the layout
of how it's managed in ldap is much inferior (having to declare each
group multiple times, and not being able to apply privileges to a
*group*, is stupid) but it is at least someplace where I know the
clever people can't get easy access to it, and if the sudoers file
gets modified, I can have tripwire scream.
-- juniper
It's most definitely *not* the case that you cannot use groups in LDAP
sudoers objects. I'm also not sure why you'd need to declare groups
multiple times, or what "groups" means in this context, but it sounds
like you may just be doing things the hard way.
More information about the 389-users
mailing list