"eddy" == E B Dreger <eddy+public+spam@noc.everquick.net> writes: jm> Date: Wed, 2 Oct 2002 17:48:16 -0700 (PDT) jm> From: just me jm> In an environment where every sysadmin is interchangable, and any jm> one of them can be woken up at 3am to fix the random problem of jm> the day, you tell me how to manage 'sudoers' on 4000 machines. eddy> krb5/ksu Well, no. That's an excellent answer to someone else's question, but krdist would be a better answer to his question. ;-) But the real answer is: The same way you maintain everything else on the same 4000 machines. I assume if you're running 4000 machines you have some cookie-cutter secured baseline OS load that gets installed on them all when they're loaded, and then something like home-grown perl scripts wrapped around rdist or rsync, or a specific tool for the purpose like cfengine or synctree to push out changes and keep them all under control. I would assume that the sudoers file could be pushed out with the same mechanism. Or am I missing some implied complexity in your situation? If the implication is that you have 4000 one-off machines, I retract my next statement. ;-) BTW, I really envy "just me". I have yet to work anywhere where every [insert position here] is actually interchangable. Must be nice. IMHO, Michael