sudo and not su

1
sudo and not su

• that is the answer

2
Giving away candyinstead of the candystore
3
Macros

• Cmnd_Alias ADM /bin/sh
• Cmnd_Alias OPS /sbin/init.d/
• Cmnd_Alias VENDOR_CMD /usr/vendor/bin/
• Host_Alias HOSTS host1, host2, host3
• User_Alias ADMIN user1, user2
• User_Alias OPER user3, user4
• User_Alias APPADMIN_VENDOR ltmake-generated-listgt
  
• User_Alias APP_VENDOR ltmake-generated-listgt

4
Rules

• ADMIN HOSTS (root) ADM
• OPER HOSTS (root) NOPASSWD OPS
• myname myhost (root) ALL
• APPADMIN_VENDOR HOSTS (vendor) ALL
• APP_VENDOR HOSTS (vendor) NOPASSWD VENDOR_CMD

5
Makefile

• !/bin/make
• Makefile
• PARTS sudoers.banner sudoers.commands
  sudoers.hosts sudoers.users sudoers.groups
  sudoers.rules
• all sudoers
• sudoers sudoers.built
• if visudo c f lt then cp -p lt _at_ fi
• sudoers.built (PARTS)
• cat (PARTS) gt _at_
• chown root _at_
• chgrp sys _at_
• chmod 660 _at_

6
Makefile (cont.)

• sudoers.groups
• echo Group Macros gt _at_
• build_alias_from_csv /directory/of/spreadsheets
  gtgt _at_
• echo gtgt _at_

7
build_alias_from_csv

• !/bin/sh
• build_alias_from_csv
• dir1
• for file in ls dir/.csv
• do
• aliasbasename file
• echo User_alias alias \c
• awk F,
• BEGIN sep
• print sep1 sep,
• END
• file
• done

8
cronjobs

• 55 (cd /net/somewhere make gt make.log
  2gt1)
• 05 cp /net/somewhere/sudoers /etc/sudoers

9
using sudo

• sudo l
• will list all the commands you can sudo
• sudo i
• will login interactively like su
• sudo u root /sbin/init.d/vendor stop
• sudo u root /sbin/init.d/vendor stop
• sudo u vendor i
• will allow others to admin as vendor
• (this allows you to set the password to
  NonHashable!)
• sudo u vendor /usr/vendor/bin/launch