Admin:Sudo

We use sudo for admins to obtain root access, and for users to access multi-maintainer projects. The sudo configuration for all servers is stored in LDAP. To view the current configuration:

% ldapsearch -h ldap -b o=unix,o=toolserver -Duid= ,ou=people,o=unix,o=toolserver '(objectclass=sudo*)' Enter bind password: version: 1 dn: cn=%admins,ou=SUDOers,o=unix,o=toolserver objectClass: sudoRole objectClass: top sudoCommand: ALL sudoRunAs: ALL cn: %admins sudoUser: %admins sudoHost: ALL

To edit an entry: $ ldapvi '(&(cn=%admins)(objectclass=sudorole))'

To add a new entry: create an LDIF file based on an existing entry, for instance:

dn: cn=otherroot,ou=SUDOers,o=unix,o=toolserver changetype: add objectClass: top objectClass: sudoRole cn: otherroot sudoUser: otherroot sudoHost: ALL sudoRunas: ALL sudoCommand: ALL

Then run: ldapmodify -Duid= ,ou=people,o=unix,o=toolserver -w - -f sudo.ldif