HPE Community
Operating System - HP-UX
1821868 Members
3036 Online
109638 Solutions
New Discussion юеВ

Re: Remote modification of sudo file

 
marvik
Regular Advisor

тАО07-21-2006 01:29 AM

тАО07-21-2006 01:29 AM

Remote modification of sudo file

Hi All,

As user jimmy leaves our organisation i want to remove him from all the server's sudoers file to keep it updated.
I have made this script which i want to be run remotely but it doesn't allow me to save the changes though it does the change and displays on the screen.If I use it on the server locally it works well

VALUE=" "

for i in $(cat serverlist)

do

ssh $i /usr/local/bin/sudo su - root -c \" sed '/jimmy,/s//"$VALUE"/g' /etc/sudoers > /tmp/sudoers; mv /tmp/sudoers /etc \"

done

ERROR::On running it remotely

stty: : Not a typewriter
Not a terminal
stty: : Not a typewriter
stty: : Not a typewriter
mv: when moving multiple files, last argument must be a directory

Thanks for all ur efforts
Rgds
0 Kudos
7 REPLIES 7
Steven E. Protter
Exalted Contributor

тАО07-21-2006 01:42 AM

тАО07-21-2006 01:42 AM

Re: Remote modification of sudo file

Shalom,

Your remote user has no environment, no TERM variable, no .profile, no nothing. If you choose to update this way instead of merely distributing a sudoers file, thats fine, but all you need to make this work is a /etc/profile a .profile and a few variables and stty settings set.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Geoff Wild
Honored Contributor

тАО07-21-2006 01:54 AM

тАО07-21-2006 01:54 AM

Re: Remote modification of sudo file

I agree with Steven - better to just replace the existing file.

Better yet, get yourself an autonomous agent:

http://www.cfengine.org/

Here are some of the primitives which can be automated:

Check and configure the network interface.
Edit textfiles.
Make and maintain symbolic links, including multiple links from a single command.
Check and set the permissions and ownership of files.
Tidy (delete) junk files which clutter the system.
Systematic, automated mounting of filesystems (Unix).
Checking for the presence of important files and filesystems.
Controlled execution of user scripts and shell commands.
Cfengine follows a class-based decision structure.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Victor Fridyev
Honored Contributor

тАО07-21-2006 02:04 AM

тАО07-21-2006 02:04 AM

Re: Remote modification of sudo file

Hi,

Please take into account that it's not enough to edit /etc/sudoers file in order to use sudo. sudo uses a binary file which is created when you use visudo.

In iaby case it's much easier to copy /etc/sudoers to your master server, edit it there and copy back to the target.

HTH
Entities are not to be multiplied beyond necessity - RTFM
0 Kudos
Rick Garland
Honored Contributor

тАО07-21-2006 03:25 AM

тАО07-21-2006 03:25 AM

Re: Remote modification of sudo file

Look at rdist (or something like it)
Will allow you to keep a master copy on a master server (or a central server or a repository server) and then propagate the changed file to the other servers. The sudoers file is a good candidate because you can configure various hosts into a single sudoers file and thereby only have 1 sudoers file for all of your systems.
0 Kudos
Ivan Ferreira
Honored Contributor

тАО07-21-2006 04:24 AM

тАО07-21-2006 04:24 AM

Re: Remote modification of sudo file

Sudo have support for ldap. You can in the future consider the use of LDAP for your sudoers specifications.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Kevin Wright
Honored Contributor

тАО07-21-2006 09:45 AM

тАО07-21-2006 09:45 AM

Re: Remote modification of sudo file

Keep a master copy on one system,(which can be a difficult task to setup) and use visudo there to edit it. You only need visudo to manage the lock and check for syntax. then you can use any means you want to propogate it out, ie scp.

0 Kudos
marvik
Regular Advisor

тАО08-01-2006 11:08 PM

тАО08-01-2006 11:08 PM

Re: Remote modification of sudo file

I did it the other way copied the script to all servers and then ran it remotely from one box.

Thanks to all for their time
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.