# with smartarray controllers
nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
-nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] pd all show
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
-nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
+nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] show status
# other raid controllers
nagios master=(ALL) NOPASSWD: /usr/sbin/mpt-status -s
nagios powell=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info
# groups and their role accounts
%buildd ALL=(buildd) ALL
%d-i ALL=(d-i) ALL
+%dde ALL=(dde) ALL
%debadmin ALL=(dak) ALL
%debbugs ALL=(debbugs) ALL
%debian-release ALL=(release) ALL
%keyring ALL=(keyring) ALL
%lintian ALL=(lintian) ALL
%mirroradm ALL=(archvsync) ALL
+%nm ALL=(nm) ALL
%piuparts ALL=(piupartsm) ALL
%piuparts ALL=(piupartss) ALL
%pkg_maint ALL=(pkg_user) ALL
# trigger of mirror run for packages
pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo
# on samosa, the domains git thing will run bind9 reload afterwards
-%adm ALL=(root) NOPASSWD: /etc/init.d/bind9 reload
+%adm samosa=(root) NOPASSWD: /etc/init.d/bind9 reload
# remote power to babylon5 in the same rack:
joerg unger=(ALL) /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1
# wbadm can update all buildd* users' keys on buildd.d.o
# dak stuff
%debian-release ries=(dak) /usr/local/bin/dak transitions --import *
%ftpteam ries=(dak) /usr/local/bin/dak transitions --import *
+# security
+%security klecker=(dak) NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
+%sec_public klecker=(dak) NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
+%sec_data klecker=(archvsync) NOPASSWD: /home/archvsync/security/signal ""
+dak klecker=(archvsync) NOPASSWD: /home/archvsync/signal_security
+# web stuff
+debwww klecker=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors