[TriLUG] Report generation from SUDOERs file
Errol Casey via TriLUG
trilug at trilug.org
Wed Jul 8 11:40:40 EDT 2015
I'm trying to generate a report from sudoers file, to document which users
have non-root and root privileges.
It seems, there are so many ways to configure SUDO privileges that
something that seems simple becomes complex quickly.
Anybody aware of any scripts that may provide this functionality or
something similar, that I could use as a reference?
In my environment, we use a OS group to allow a limited subset of users to
use /usr/bin/su - . So that is pretty easy to parse out. But there are
other configurations, that give /usr/bin/su - , /usr/bin/su - *, or
/usr/bin/su ; and non-root use of /usr/bin/su - <username> that make the
parsing more difficult.
It is interesting that one can be given privileges by os group, user_alias,
or username :-) I guess with flexibility comes complexity.
--
Errol Casey
errol at askerrol.org
More information about the TriLUG
mailing list