projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pam.d/sudo handling
[mirror/dsa-puppet.git] / modules / sudo / files / common / sudoers
diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index f7f1580..aca7dd3 100644 (file)
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -42,10 +42,10 @@ nagios              ALL=(ALL)       NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
 # with smartarray controllers
 nagios         ALL=(ALL)       NOPASSWD: /usr/bin/arrayprobe ""
 nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller all show
-nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=[02] pd all show
 nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
 nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
-nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios         ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=[02] show status
 # other raid controllers
 nagios         master=(ALL)    NOPASSWD: /usr/sbin/mpt-status -s
 nagios         powell=(ALL)    NOPASSWD: /usr/local/sbin/areca-cli vsf info
@@ -54,6 +54,7 @@ nagios                puccini=(ALL)   NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
 # groups and their role accounts
 %buildd                ALL=(buildd)    ALL
 %d-i           ALL=(d-i)       ALL
+%dde           ALL=(dde)       ALL
 %debadmin      ALL=(dak)       ALL
 %debbugs       ALL=(debbugs)   ALL
 %debian-release        ALL=(release)   ALL
@@ -62,6 +63,7 @@ nagios                puccini=(ALL)   NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
 %keyring       ALL=(keyring)   ALL
 %lintian       ALL=(lintian)   ALL
 %mirroradm     ALL=(archvsync) ALL
+%nm            ALL=(nm)        ALL
 %piuparts      ALL=(piupartsm) ALL
 %piuparts      ALL=(piupartss) ALL
 %pkg_maint     ALL=(pkg_user)  ALL
@@ -87,7 +89,7 @@ piupartss     piatti=(ALL)            NOPASSWD: ALL
 # trigger of mirror run for packages
 pkg_user       powell=(archvsync)      NOPASSWD: /home/archvsync/bin/pushpdo
 # on samosa, the domains git thing will run bind9 reload afterwards
-%adm           ALL=(root)              NOPASSWD: /etc/init.d/bind9 reload
+%adm           samosa=(root)           NOPASSWD: /etc/init.d/bind9 reload
 # remote power to babylon5 in the same rack:
 joerg          unger=(ALL)             /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1
 # wbadm can update all buildd* users' keys on buildd.d.o
@@ -97,3 +99,10 @@ dak          ries=(archvsync)        NOPASSWD:/home/archvsync/runmirrors
 # dak stuff
 %debian-release        ries=(dak)              /usr/local/bin/dak transitions --import *
 %ftpteam       ries=(dak)              /usr/local/bin/dak transitions --import *
+# security
+%security      klecker=(dak)           NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
+%sec_public    klecker=(dak)           NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
+%sec_data      klecker=(archvsync)     NOPASSWD: /home/archvsync/security/signal ""
+dak            klecker=(archvsync)     NOPASSWD: /home/archvsync/signal_security
+# web stuff
+debwww         klecker=(archvsync)     NOPASSWD: /home/archvsync/webmirrors/runmirrors
Unnamed repository; edit this file 'description' to name the repository.