* James Cammarata <jimi at sngx.net> [2010/05/28 10:09]:
> My primary motivation for this is something like sudoers, where
> certain system roles require sudoers commands for different groups
> to use.
But sudoers has native support for exactly this use case, in that
you can assign permissions based on host as well as user. So you
could do something like:
Host_Alias DB_SERVERS = orasrv1, orasrv2, orasrv3
User_Alias DBA = jsmith, tjones, brogers
Runas_Alias ORACLE_USER = orauser
Cmnd_Alias ORACLE_COMMANDS = ...
DBA DB_SERVERS = (ORACLE_USER) ORACLE_COMMANDS
You could distribute this sudoers to every host and sudo will do the
right thing.
Of course, this doesn't invalidate what you're doing, I'm just
pointing out an alternate implementation.
--
The Net views censorship as a network failure, and routes around it.
-- John Gilmore
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
