|Matt Mossholder on 10 Aug 2011 07:08:17 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] ClusterSSH & friends|
On Wed, 10 Aug 2011 13:22:01 +0200, sean finney wrote:
how about just having a well-restricted NOPASSWD line in /etc/sudoers?That's fine for recurring tasks, but what if you want to launch any root command in a secure manner on your entire environment ? I cannot list in advance what type of command I will have to launch, and I do not want a list of 50 commands with NOPASSWD.
Â Â Â Â%people_who_can_adduser ALL=(ALL) /path/to/your/adduser/command
no need for extra complication if it's not entirely necessary...
Yet again, creating a user was just for the experiment. Most likely, I will have to edit files on all of those servers at once more than creating users.
For now, the env is still small (9+ servers) but it might grow passed 30 at some point. It's far from Google's size, but it's an interesting intellectual challenge :)
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug