version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
Line 12 DDEESSCCRRIIPPTTIIOONN
|
Line 12 DDEESSCCRRIIPPTTIIOONN
|
|
|
Using LDAP for _s_u_d_o_e_r_s has several benefits: |
Using LDAP for _s_u_d_o_e_r_s has several benefits: |
|
|
+o ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety. When LDAP is | o ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety. When LDAP is |
used, there are only two or three LDAP queries per invocation. |
used, there are only two or three LDAP queries per invocation. |
This makes it especially fast and particularly usable in LDAP |
This makes it especially fast and particularly usable in LDAP |
environments. |
environments. |
|
|
+o ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not | o ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s. It is not |
possible to load LDAP data into the server that does not conform to |
possible to load LDAP data into the server that does not conform to |
the sudoers schema, so proper syntax is guaranteed. It is still |
the sudoers schema, so proper syntax is guaranteed. It is still |
possible to have typos in a user or host name, but this will not |
possible to have typos in a user or host name, but this will not |
prevent ssuuddoo from running. |
prevent ssuuddoo from running. |
|
|
+o It is possible to specify per-entry options that override the | o It is possible to specify per-entry options that override the |
global default options. _/_e_t_c_/_s_u_d_o_e_r_s only supports default options |
global default options. _/_e_t_c_/_s_u_d_o_e_r_s only supports default options |
and limited options associated with user/host/commands/aliases. |
and limited options associated with user/host/commands/aliases. |
The syntax is complicated and can be difficult for users to |
The syntax is complicated and can be difficult for users to |
understand. Placing the options directly in the entry is more |
understand. Placing the options directly in the entry is more |
natural. |
natural. |
|
|
+o The vviissuuddoo program is no longer needed. vviissuuddoo provides locking | o The vviissuuddoo program is no longer needed. vviissuuddoo provides locking |
and syntax checking of the _/_e_t_c_/_s_u_d_o_e_r_s file. Since LDAP updates |
and syntax checking of the _/_e_t_c_/_s_u_d_o_e_r_s file. Since LDAP updates |
are atomic, locking is no longer necessary. Because syntax is |
are atomic, locking is no longer necessary. Because syntax is |
checked when the data is inserted into LDAP, there is no need for a |
checked when the data is inserted into LDAP, there is no need for a |
Line 71 DDEESSCCRRIIPPTTIIOONN
|
Line 71 DDEESSCCRRIIPPTTIIOONN
|
following attributes: |
following attributes: |
|
|
ssuuddooUUsseerr |
ssuuddooUUsseerr |
A user name, uid (prefixed with '#'), Unix group (prefixed with a | A user name, user ID (prefixed with '#'), Unix group (prefixed with |
'%') or user netgroup (prefixed with a '+'). | '%'), Unix group ID (prefixed with '%#'), or user netgroup |
| (prefixed with '+'). |
|
|
ssuuddooHHoosstt |
ssuuddooHHoosstt |
A host name, IP address, IP network, or host netgroup (prefixed |
A host name, IP address, IP network, or host netgroup (prefixed |
Line 746 DDIISSCCLLAAIIMMEERR
|
Line 747 DDIISSCCLLAAIIMMEERR
|
|
|
|
|
|
|
1.8.3 September 16, 2011 SUDOERS.LDAP(4) | 1.8.5 March 14, 2012 SUDOERS.LDAP(4) |