Sudo : wildcard in user/group name

regexsudo

I try to find a solution about a sudo problem.

I need to push different sudoers files on different servers, depending on the users present on the servers. But I would like to know if I can avoid that and put a single sudoers file everywhere.

for example:

some servers have several group ending with "-dv-grp", and some servers have group ending with "-pa-grp"

It would be so nice if I can put wild card on group name like that:

%*-grp ALL=(ALL) NOPASSWD: /usr/bin/vi

but it's not working, even if I set a User_Alias (I also tried with simple and double quote)….and I can't put all these groups on a single master group (for security reason on my infra).

if it's really not possible I will create different group on put them on these different groups, but I will need to manage different versions of the sudoers file…..and I would like to avoid that

Can you confirm it's not possible? any idea?

Best Answer

Wouldn't multiple lines as follows do the trick?

%g1-dv-grp           server1=(ALL)                   NOPASSWD: some_commands
%g1-pa-grp           server2=(ALL)                   NOPASSWD: some_commands
%g2-pa-grp           server3=(ALL)                   NOPASSWD: some_commands

Yuu still need lines for each server/group combination (so not as neat as wildcards) but does mean that you can have a single sudoers file across all machines.

Related Topic