[Date Prev][Date Next] [Chronological] [Thread] [Top]

centralized sudo policies : ACL issue

A quite trivial issue I have :

I have installed centralized policy sudo rules in ldap server
(I use "schema.OpenLDAP" from "http://www.sudo.ws"; ).

I also have configured linux clients to check ldap rules to
grant sudo access to certain ressources ( I declared
"sudoers_base" in nslcd.conf and "sudoers:    ldap" in
nsswitch.conf ).

That works, but I'm still not happy :-)

To make it work, I need to authorize reading on the sudoers
DIT branch for user, which I would like to avoid ( BTW, normally
/etc/sudoers is not readable by users ).

Anyone knows any way to remove sudo rules reading rights
to usual users while having rules working for everyone ( I was
thinking about an ldap proxy user used to read sudo rules in
ldap, but I haven't found how to declare it ) ?