projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Allow httpredir role to run some things as httpredir-app
[mirror/dsa-puppet.git]
/
modules
/
sudo
/
files
/
sudoers
diff --git
a/modules/sudo/files/sudoers
b/modules/sudo/files/sudoers
index
2bfc137
..
c274626
100644
(file)
--- a/
modules/sudo/files/sudoers
+++ b/
modules/sudo/files/sudoers
@@
-101,7
+101,7
@@
nagios beethoven,backuphost=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-c
%emdebian ALL=(emdebian) ALL
%forums ALL=(forums) ALL
%httpredir ALL=(httpredir) ALL
%emdebian ALL=(emdebian) ALL
%forums ALL=(forums) ALL
%httpredir ALL=(httpredir) ALL
-%httpredir ALL=(httpredir-a
ll
) ALL
+%httpredir ALL=(httpredir-a
pp
) ALL
%keyring ALL=(keyring) ALL
%lintian ALL=(lintian) ALL
%listweb ALL=(listweb) ALL
%keyring ALL=(keyring) ALL
%lintian ALL=(lintian) ALL
%listweb ALL=(listweb) ALL
@@
-141,6
+141,9
@@
dak ALL=(dak-unpriv) NOPASSWD: ALL
# and ftpmaster can access the role user for their web services
%debadmin FTPHOSTS=(dak-web) ALL
# and ftpmaster can access the role user for their web services
%debadmin FTPHOSTS=(dak-web) ALL
+# the httpredir role use can run a couple of things as httpredir-app
+httpredir ALL=(httpredir-app) NOPASSWD: /usr/bin/starman
+
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update