Re: Question regarding sudo equivalents

Evening Pete,
>
> If you need secured access to root (i.e. sudo-like functionality) what
are you using to get that access? The reason I’m asking is because I was on a call with a customer this morning and they said sudo was old hat and no-one in their industry uses it any more. Now that’s the first I’ve heard of that, as just about every customer I’ve dealt with apart from this particular customer is using sudo quite happily. I occasionally run across PowerBroker, but that’s about it. I’d be interested to find what people are using, particularly since Enterprise Manager supports sudo or PowerBroker to get this functionality, and if people are moving away from that we need to look at broadening what we support in the product.
>
>
>

That's interesting. First time I have heard that the industry is moving away from sudo, so I did a bit of digging and feel like that's not true. If there were more popular tools, they would be supported by puppet and ansible.

Below are the privilege escalation methods offered by ansible.

(default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo

The above is ansible supported methods. Other than pbrun, the rest are platform specific and not in wide use from the basic 10 min google research. I could be wrong though.

What platform is your client using? Will bet it may be Solaris and they therefore using pfexec. Anyway, think it's better to still use sudo for the following reason.

With sudo and freeipa, you can push sudo configuration across the data centre, like the way you can push GPO from active directory. Ah, and also prefer a product supported by operating system by default. Far secure that way.

Regards

William

--
http://www.freelists.org/webpage/oracle-l