Skip to main content
Question

Creating and Deploying a custom Sudoers file

  • March 30, 2015
  • 1 reply
  • 0 views
M
Forum|alt.badge.img+7

Hey J-Nation!

I've been given a requirement by our security department to deploy a custom /etc/sudoers file. They've given me very specific requirements for creating it, and if I was just doing this on my Mac I'd be comfortable with it.

Since that's not the case I'm hoping you all can help me understand the best approach/strategy when it comes to deploying those settings to all of my managed Macs.

I hope that's enough information for you to help me here, but PLEASE let me know if there's anything other information you need.

Thanks in advance!
Bill

    1 reply

    D
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • 1811 replies
    • March 31, 2015

    It is just a file so as long as you test it heavily and also test that all is well after deploying it you should be ok. In the past I've written straight into existing files using echo >> (although that's not normally recommended) and also visudo which does more syntax checking. If you only have one or two edits to make that might be a good way to go.

    Either way, I would recommend making a backup of the existing sudoers files on the target machines so you can reverse the action if needed.

    Also make sure you test for each major OS release you are working with. A file that is fine on 10.9 may cause problems on 10.10 for example.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings