[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sudo-users
Subject:    [sudo-users] sudo + ldap security
From:       David Thiel <lx () redundancy ! redundancy ! org>
Date:       2005-03-08 18:15:07
Message-ID: 20050308181507.GB93230 () redundancy ! redundancy ! org
[Download RAW message or body]

Greetings,

I'm considering using LDAP to store sudo configuration data, but I can't
see any way to keep any user of a sudo-controlled machine from browsing
that data in LDAP. With regular sudoers, I at least have the assurance
that users can only read rules that apply to them personally, and that
the whole of that data can only be read by root. Has anyone found any
clever ways to mitigate this?

Thanks,
David

[prev in list] [next in list] [prev in thread] [next in thread]