sudoers Grouping and Aliasing for Developer team

Adjusting/changing security .

1.       Group application servers with alias  APP_SVRS

2.       Group developer users with alias  DEVEL

3.       Assign permissions to tail log file

4.       Developers can only change password to their account. 

This rule is applied to dev/stage/prod.

No need to login as root.

 

    121 # following is needed HERE, as NOTHING is picked up from /etc/sudoers.d/ directory

    122

    123 Host_Alias      APP_SVRS        = dev.tkware.com, stage.tkware.com

    124 User_Alias      DEVEL           = user1, user2

    125 Cmnd_Alias      TAIL            = /usr/bin/tail

    126 Cmnd_Alias      PW              = /usr/bin/passwd

    127

    128 DEVEL           APP_SVRS = (ALL) NOPASSWD: TAIL        # Developers can tail the logfiles

    129 %ftsadmin       ALL      = (ALL) NOPASSWD: ALL

    130

    131 user1        APP_SVRS = (ALL) NOPASSWD: /usr/bin/passwd user1, !/usr/bin/passwd root

    132 user2        APP_SVRS = (ALL) NOPASSWD: /usr/bin/passwd user2, !/usr/bin/passwd root