I'm trying to create a script to remove users from sudoers on multiple servers. I'm able to do this with a one-line script using sed, but only if it's on one server.
Example: sed '/someuser/d' /host/local/etc/sudoers
Also, I think the problem with this one-line script is that I would have to redirect my output to another sudoers file (sudoers.new) and then mv that file to sudoers for it to work more effectively.
Since the hosts are tied to the ldap server I can just run the script from there by changing the host path without having to log into multiple servers.
I'm trying to write this in Perl, but for some reason I think it could be done easier in Bash.
Does anyone have any examples to help me get started?
This is what I have so far in Perl, but I'm not sure how to continue or how to add the sed line in here.
I made some changes to this, but I'm still stuck on how to exactly edit the file when I open it. I'm assuming regular expressions will be needed, but how exactly does that look. I'm stuck.
Can't you just sed /whatever/d /$path/local/etc/sudoers and then move the result back over the original file?
Locking issues notwithstanding, of course. Have you read the visudo and related man pages? You could screw up big time if two of these critters run over each other at roughly the same time.
vi (or rather, its bare-bones cousin ex) uses roughly the same syntax as sed, so you could figure out how to script this in vi/ex directly, and let the editor take care of locking, temporary files, and what not.
Yeah, that's what I was doing, but I wanted to make it more efficient, though, including adding the lock function (flock) in Perl to avoid the visudo issue.
There are several locking mechanisms to choose from. I would advise to use visudo as the wrapper and maybe pass it a silly script as the VISUAL/EDITOR to use. Are you familiar with running ed with here documents? Google for that a bit to give you ideas.
