[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
centralized sudo policies : ACL issue
A quite trivial issue I have :
I have installed centralized policy sudo rules in ldap server
(I use "schema.OpenLDAP" from "http://www.sudo.ws" ).
I also have configured linux clients to check ldap rules to
grant sudo access to certain ressources ( I declared
"sudoers_base" in nslcd.conf and "sudoers: ldap" in
nsswitch.conf ).
That works, but I'm still not happy :-)
To make it work, I need to authorize reading on the sudoers
DIT branch for user, which I would like to avoid ( BTW, normally
/etc/sudoers is not readable by users ).
Anyone knows any way to remove sudo rules reading rights
to usual users while having rules working for everyone ( I was
thinking about an ldap proxy user used to read sudo rules in
ldap, but I haven't found how to declare it ) ?
Thanks,
---
Olivier