I try to find a solution about a sudo problem.
I need to push different sudoers files on different servers, depending on the users present on the servers. But I would like to know if I can avoid that and put a single sudoers file everywhere.
for example:
some servers have several group ending with "-dv-grp", and some servers have group ending with "-pa-grp"
It would be so nice if I can put wild card on group name like that:
%*-grp ALL=(ALL) NOPASSWD: /usr/bin/vi
but it's not working, even if I set a User_Alias
(I also tried with simple and double quote)….and I can't put all these groups on a single master group (for security reason on my infra).
if it's really not possible I will create different group on put them on these different groups, but I will need to manage different versions of the sudoers file…..and I would like to avoid that
Can you confirm it's not possible? any idea?
Best Answer
Wouldn't multiple lines as follows do the trick?
Yuu still need lines for each server/group combination (so not as neat as wildcards) but does mean that you can have a single sudoers file across all machines.