On 07/08/2013 10:32 PM, Tim Dunphy wrote:
> hello list,
>
> I've been asked to give someone sudo rights across an entire environment
> without the benefit of something like puppet or chef or cfengine et al.
another option is using ldap, so you can specify who can do what in the
ldap tree.
The IPA project (included in centos as ipa-server and ipa-client) fixes
all this for you:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html
Having said this, the question to manage an environment without
management tools is peculiar. You need to have a way to introduce
changes in a safe, tested, repetitive way. Denying you the possibility
of doing this is not best practices and you should point this a a risk
in your project.
--
groet,
natxo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
