|
version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
|
Line 12 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 12 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| |
|
| Using LDAP for _�s_�u_�d_�o_�e_�r_�s has several benefits: |
Using LDAP for _�s_�u_�d_�o_�e_�r_�s has several benefits: |
| |
|
| +�o s�su�ud�do�o no longer needs to read _�s_�u_�d_�o_�e_�r_�s in its entirety. When LDAP is | o s�su�ud�do�o no longer needs to read _�s_�u_�d_�o_�e_�r_�s in its entirety. When LDAP is |
| used, there are only two or three LDAP queries per invocation. |
used, there are only two or three LDAP queries per invocation. |
| This makes it especially fast and particularly usable in LDAP |
This makes it especially fast and particularly usable in LDAP |
| environments. |
environments. |
| |
|
| +�o s�su�ud�do�o no longer exits if there is a typo in _�s_�u_�d_�o_�e_�r_�s. It is not | o s�su�ud�do�o no longer exits if there is a typo in _�s_�u_�d_�o_�e_�r_�s. It is not |
| possible to load LDAP data into the server that does not conform to |
possible to load LDAP data into the server that does not conform to |
| the sudoers schema, so proper syntax is guaranteed. It is still |
the sudoers schema, so proper syntax is guaranteed. It is still |
| possible to have typos in a user or host name, but this will not |
possible to have typos in a user or host name, but this will not |
| prevent s�su�ud�do�o from running. |
prevent s�su�ud�do�o from running. |
| |
|
| +�o It is possible to specify per-entry options that override the | o It is possible to specify per-entry options that override the |
| global default options. _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s only supports default options |
global default options. _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s only supports default options |
| and limited options associated with user/host/commands/aliases. |
and limited options associated with user/host/commands/aliases. |
| The syntax is complicated and can be difficult for users to |
The syntax is complicated and can be difficult for users to |
| understand. Placing the options directly in the entry is more |
understand. Placing the options directly in the entry is more |
| natural. |
natural. |
| |
|
| +�o The v�vi�is�su�ud�do�o program is no longer needed. v�vi�is�su�ud�do�o provides locking | o The v�vi�is�su�ud�do�o program is no longer needed. v�vi�is�su�ud�do�o provides locking |
| and syntax checking of the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s file. Since LDAP updates |
and syntax checking of the _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s file. Since LDAP updates |
| are atomic, locking is no longer necessary. Because syntax is |
are atomic, locking is no longer necessary. Because syntax is |
| checked when the data is inserted into LDAP, there is no need for a |
checked when the data is inserted into LDAP, there is no need for a |
|
Line 71 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
Line 71 D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
|
| following attributes: |
following attributes: |
| |
|
| s�su�ud�do�oU�Us�se�er�r |
s�su�ud�do�oU�Us�se�er�r |
| A user name, uid (prefixed with '#'), Unix group (prefixed with a | A user name, user ID (prefixed with '#'), Unix group (prefixed with |
| '%') or user netgroup (prefixed with a '+'). | '%'), Unix group ID (prefixed with '%#'), or user netgroup |
| | (prefixed with '+'). |
| |
|
| s�su�ud�do�oH�Ho�os�st�t |
s�su�ud�do�oH�Ho�os�st�t |
| A host name, IP address, IP network, or host netgroup (prefixed |
A host name, IP address, IP network, or host netgroup (prefixed |
|
Line 746 D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
|
Line 747 D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
|
| |
|
| |
|
| |
|
| 1.8.3 September 16, 2011 SUDOERS.LDAP(4) | 1.8.5 March 14, 2012 SUDOERS.LDAP(4) |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoers.ldap.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc