Help

Creating and Deploying a custom Sudoers file

Millertime
New Contributor III

Posted on ‎03-30-2015 04:50 PM

Hey J-Nation!

I've been given a requirement by our security department to deploy a custom /etc/sudoers file. They've given me very specific requirements for creating it, and if I was just doing this on my Mac I'd be comfortable with it.

Since that's not the case I'm hoping you all can help me understand the best approach/strategy when it comes to deploying those settings to all of my managed Macs.

I hope that's enough information for you to help me here, but PLEASE let me know if there's anything other information you need.

Thanks in advance!
Bill

0 Kudos
1 REPLY 1

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎03-30-2015 05:57 PM

It is just a file so as long as you test it heavily and also test that all is well after deploying it you should be ok. In the past I've written straight into existing files using echo >> (although that's not normally recommended) and also visudo which does more syntax checking. If you only have one or two edits to make that might be a good way to go.

Either way, I would recommend making a backup of the existing sudoers files on the target machines so you can reverse the action if needed.

Also make sure you test for each major OS release you are working with. A file that is fine on 10.9 may cause problems on 10.10 for example.

0 Kudos