projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge remote-tracking branch 'waldi-salsa/godard-apache' into HEAD
[mirror/dsa-puppet.git]
/
modules
/
sudo
/
files
/
sudoers
diff --git
a/modules/sudo/files/sudoers
b/modules/sudo/files/sudoers
index
0f2f959
..
bdf87ae
100644
(file)
--- a/
modules/sudo/files/sudoers
+++ b/
modules/sudo/files/sudoers
@@
-21,6
+21,8
@@
Defaults env_reset
Defaults passprompt="[sudo] password for %u on %h: "
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults passprompt="[sudo] password for %u on %h: "
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+# Find binaries to be executed as archvsync user also in its home, so the
+# caller does not need to know.
Defaults>archvsync secure_path="/home/archvsync/bin:/usr/local/bin:/usr/bin:/bin"
# Host alias specification
Defaults>archvsync secure_path="/home/archvsync/bin:/usr/local/bin:/usr/bin:/bin"
# Host alias specification
@@
-33,11
+35,10
@@
Host_Alias AACRAIDHOSTS = pettersson
Host_Alias MEGARAIDHOSTS = sibelius
Host_Alias LISTHOSTS = bendel
Host_Alias BUILDD_MASTER = wuiet
Host_Alias MEGARAIDHOSTS = sibelius
Host_Alias LISTHOSTS = bendel
Host_Alias BUILDD_MASTER = wuiet
-Host_Alias PORTERBOXES = abel, amdahl,
asachi, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti
, zelenka
+Host_Alias PORTERBOXES = abel, amdahl,
barriere, eller, harris, minkus, partch, plummer
, zelenka
Host_Alias PIUPARTS_SLAVE_HOSTS = piu-slave-bm-a, piu-slave-ubc-01
Host_Alias MQ_HOSTS = rainier, rapoport
Host_Alias JENKINSHOSTS = jerea
Host_Alias PIUPARTS_SLAVE_HOSTS = piu-slave-bm-a, piu-slave-ubc-01
Host_Alias MQ_HOSTS = rainier, rapoport
Host_Alias JENKINSHOSTS = jerea
-Host_Alias SIGNINGHOSTS = fasolo
# Cmnd alias specification
# Cmnd alias specification
@@
-53,14
+54,14
@@
root ALL=(ALL) ALL
%zivit-admins ZIVITHOSTS=(ALL) NOPASSWD: ALL
# nagios
%zivit-admins ZIVITHOSTS=(ALL) NOPASSWD: ALL
# nagios
-nagios ALL=(ALL) NOPASSWD: /bin/systemctl is-system-running
nagios MQ_HOSTS=(rabbitmq) NOPASSWD: /usr/sbin/rabbitmqctl list_queues -p dsa name messages consumers
nagios ALL=(ALL) NOPASSWD: /usr/sbin/service ekeyd-egd-linux restart
nagios ALL=(ALL) NOPASSWD: /usr/sbin/service samhain restart
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems ""
nagios MQ_HOSTS=(rabbitmq) NOPASSWD: /usr/sbin/rabbitmqctl list_queues -p dsa name messages consumers
nagios ALL=(ALL) NOPASSWD: /usr/sbin/service ekeyd-egd-linux restart
nagios ALL=(ALL) NOPASSWD: /usr/sbin/service samhain restart
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems ""
-nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs
""
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs
--ignore-younger=1h
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ""
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ""
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-systemd-services ""
nagios handel=(puppet) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem
# with smartarray controllers
nagios ALL=(ALL) NOPASSWD: /sbin/hpasmcli ""
nagios handel=(puppet) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem
# with smartarray controllers
nagios ALL=(ALL) NOPASSWD: /sbin/hpasmcli ""
@@
-129,7
+130,8
@@
nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
%forums ALL=(forums) ALL
%gitdoadm ALL=(gitdoadm) ALL
# the git user also exists on adayevskaya where it's a different service..
%forums ALL=(forums) ALL
%gitdoadm ALL=(gitdoadm) ALL
# the git user also exists on adayevskaya where it's a different service..
-%gitdoadm godard=(git) ALL
+%gitdoadm godard=(git) ALL
+%gitdoadm godard=(salsa-webhook) ALL
%keyring ALL=(keyring) ALL
%jenkins-adm ALL=(jenkins-adm) ALL
%lintian ALL=(lintian) ALL
%keyring ALL=(keyring) ALL
%jenkins-adm ALL=(jenkins-adm) ALL
%lintian ALL=(lintian) ALL
@@
-174,8
+176,6
@@
nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
dak ALL=(dak-unpriv) NOPASSWD: ALL
# and ftpmaster can access the role user for their web services
%debadmin FTPHOSTS=(dak-web) ALL
dak ALL=(dak-unpriv) NOPASSWD: ALL
# and ftpmaster can access the role user for their web services
%debadmin FTPHOSTS=(dak-web) ALL
-# the dak user gets to sign stuff
-dak SIGNINGHOSTS=(codesign) /usr/local/bin/secure-boot-code-sign
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
@@
-189,6
+189,7
@@
buildd ALL=(ALL) NOPASSWD: ALL
%backports FTPHOSTS,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
%bootstrap boott=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net
d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
%backports FTPHOSTS,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
%bootstrap boott=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net
d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
+debian-cd casulana=(staticsync) NOPASSWD: /usr/local/bin/static-update-component cdbuilder-logs.debian.org
lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
dak FTPHOSTS=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
dak FTPHOSTS=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
@@
-236,12
+237,11
@@
piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL
# trigger of mirror run for packages
dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload
letsencrypt denis=(dnsadm) NOPASSWD: /srv/dns.debian.org/bin/update
# trigger of mirror run for packages
dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload
letsencrypt denis=(dnsadm) NOPASSWD: /srv/dns.debian.org/bin/update
-%adm draghi=(puppet) NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
# wbadm can update all buildd* users' keys on buildd.d.o
%wbadm BUILDD_MASTER=(wb-buildd) ALL
%wbadm BUILDD_MASTER=(root) /usr/local/bin/update-buildd-sshkeys
# mirror push
# wbadm can update all buildd* users' keys on buildd.d.o
%wbadm BUILDD_MASTER=(wb-buildd) ALL
%wbadm BUILDD_MASTER=(root) /usr/local/bin/update-buildd-sshkeys
# mirror push
-dak FTPHOSTS,SECHOSTS=(archvsync) NOPASSWD:/home/archvsync/runmirrors
+dak FTPHOSTS,SECHOSTS=(archvsync) NOPASSWD:/home/archvsync/runmirrors
, /home/archvsync/bin/runmirrors
# archvsync triggers snapshot
archvsync sibelius=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger
archvsync sibelius=(snapshot) NOPASSWD: /srv/2ndsnapshot/bin/update-trigger
# archvsync triggers snapshot
archvsync sibelius=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger
archvsync sibelius=(snapshot) NOPASSWD: /srv/2ndsnapshot/bin/update-trigger