Originally posted by: bhimsingh

Hi ,

I need to insert following two lines in /etc/sudoers file after line number 8 as 9th and 10th lines . can it be done thur sed or awk . Please suggest with syntax .

Cmnd_Alias SU = /usr/bin/su, /bin/su
Cmnd_Alias SUT = /usr/bin/su - *, /bin/su - *,/usr/bin/su -, /bin/su -
Also need to append SU and SUT at the end of line of ADMIN ALL =

Thanks

Regards
Bhim

Originally posted by: shargus

Try something like this:

awk 
'   BEGIN 
{ count = 0; 
}   
{ print; count++;   

if (count == 8) 
{ print 
"Cmnd_Alias SU = /usr/bin/su, /bin/su"; print 
"Cmnd_Alias SUT = /usr/bin/su - *, /bin/su - *,/usr/bin/su -, /bin/su -" 
} 
} 
' /etc/sudoers > /tmp/sudoers.mod

Originally posted by: shargus

forgot ";" after the second print...

Originally posted by: Casey_B

A better method of doing what you asked:

cat sudoers | awk 
'/ADMIN ALL/{print $0 "SU,SUT";next} NR==8{print "New Lines Blah Blah\nOther new line"} {print}'

But in my opinion, this only fixes your current scenario, but doesn't make it easier for the next time
you have to make sudoers changes.

This also doesn't verify your sudoers file to make sure that no mistakes happened in the editing.

If you have many systems, you may want to reconsider how you manage your sudoers file.
Maybe a methodology where you have one file as the master, check and recheck it there, and then distribute it
to other nodes.

You can make permissions depend on hosts.

It would make it more complicated to maintain sudoers than it would be on a single machine, but it would be less
complicated than trying to awk, or sed new changes to a number of files.

Good luck, Hope this helps.
Casey

Originally posted by: Juredd1

Just one more way of doing the same thing but not quit as short as the suggestion from Casey B.
cp /etc/sudoers /etc/sudoers.bk

sed '8a\
Cmnd_Alias SU = \/usr\/bin\/su, \/bin\/su\
Cmnd_Alias SUT = /usr/bin/su - *, /bin/su - *,/usr/bin/su -, /bin/su -' /etc/sudoers >tmpfile

sed -e 's/ADMIN ALL =/& SU,SUT/' tmpfile > tmpfile1

mv tmpfile1 /etc/sudoers

Originally posted by: esv

here you are .....
prompt> cat file1
1
2
3
4
5
6
7
8
9
ADMIN ALL =
10

prompt> cat file1.ex
8
a
Cmnd_Alias SU = /usr/bin/su, /bin/su
Cmnd_Alias SUT = /usr/bin/su - *, /bin/su - *,/usr/bin/su -, /bin/su -
.
g/ADMIN ALL/s/$/SU, SUT/
w
q

prompt> ex - file1 < file1.ex
prompt> cat file1
1
2
3
4
5
6
7
8
Cmnd_Alias SU = /usr/bin/su, /bin/su
Cmnd_Alias SUT = /usr/bin/su - *, /bin/su - *,/usr/bin/su -, /bin/su -
9
ADMIN ALL = SU, SUT
10
prompt>

Originally posted by: esv

I'd suggest making a backup first and several tests before committing suicide ;) ....

regards,
esv.

Originally posted by: bhimsingh

Hi All ,

I used the similar code as Juredd suggested to add the lines on particular line number and used the below pattern to search "ADMIN ALL " and add the following command at the end of the line .

sed '/ADMIN ALL/s|$|, !/usr/bin su "", !/bin/su ""|' sudoers > sudoers1
cp sudoers1 sudoers ; rm sudoers1

Of course , I tested it rigorously before deploying it on production servers ;-)

Thanks for all your inputs , it really helped .

Cheers
Bhim