X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=2432bcf1f2e1aaeac90dfda8b555978b0ae15cfc;hb=50f969ed5b373694f583537ee93ed198c089b6da;hp=1ab1b5eae634fd649f4a5c31d38783aeed7f2c7e;hpb=86f4b5348d4cdf1fdf01b3eafab03a01979b845c;p=mirror%2Fdsa-puppet.git diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 1ab1b5eae..2432bcf1f 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -45,11 +45,6 @@ root ALL=(ALL) ALL # DSA and local admins %adm ALL=(ALL) ALL -# XXX -# until march 2017 -93sam acker=(ALL) ALL -kibi acker=(ALL) ALL - %adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get upgrade, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none, /usr/sbin/upgrade-porter-chroots %zivit-admins ZIVITHOSTS=(ALL) NOPASSWD: ALL @@ -63,7 +58,6 @@ nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems "" nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs "" nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-stunnel-sanity "" -nagios ALL=(ALL) NOPASSWD: /usr/local/sbin/dsa-check-libs "" nagios handel=(puppet) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem # with smartarray controllers nagios ALL=(ALL) NOPASSWD: /sbin/hpasmcli "" @@ -114,6 +108,7 @@ nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg %debian-r ALL=(debian-r) ALL %debian-r ALL=(debian-r-wb-buildd) ALL %debian-release ALL=(release) ALL +%debsources ALL=(debsources) ALL %debtags ALL=(debtags) ALL %debwww ALL=(debwww) ALL %dedup ALL=(dedup) ALL @@ -124,8 +119,6 @@ nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg %gitdoadm ALL=(gitdoadm) ALL # the git user also exists on adayevskaya where it's a different service.. %gitdoadm gigault=(git) ALL -%httpredir ALL=(httpredir) ALL -%httpredir ALL=(httpredir-app) ALL %keyring ALL=(keyring) ALL %jenkins-adm ALL=(jenkins-adm) ALL %lintian ALL=(lintian) ALL @@ -170,9 +163,6 @@ dak ALL=(dak-unpriv) NOPASSWD: ALL # and ftpmaster can access the role user for their web services %debadmin FTPHOSTS=(dak-web) ALL -# the httpredir role use can run things as httpredir-app -httpredir ALL=(httpredir-app) NOPASSWD: ALL - # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost %apachectrl ALL=(root) /usr/sbin/apache2-vhost-update @@ -223,6 +213,7 @@ pabs dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component time mini-dak porta=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.ports.debian.org %wbadm wuiet=(staticsync) NOPASSWD: /usr/local/bin/static-update-component apt.buildd.debian.org %manpages manziarly=(staticsync) NOPASSWD: /usr/local/bin/static-update-component manpages.debian.org +%dpl dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dpl.debian.org # The piuparts slave needs to handle chroots piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL @@ -252,6 +243,7 @@ debwww WEBHOSTS=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors %publicity WEBHOSTS=(debwww) /srv/www.debian.org/update-part News %debvote WEBHOSTS=(debwww) /srv/www.debian.org/update-part vote %d-i WEBHOSTS=(debwww) /srv/www.debian.org/update-part devel/debian-installer +%d-i WEBHOSTS=(debwww) /srv/www.debian.org/cron/lessoften-parts/1installation-guide # more list stuff %list LISTHOSTS=(root) /usr/sbin/postfix reload %list stockhausen=(root) /usr/sbin/service jetty restart @@ -277,3 +269,6 @@ nagiosadm tchaikovsky=(root) NOPASSWD: /usr/sbin/service icinga reload # ports stuff mini-dak porta=(archvsync) NOPASSWD: /home/archvsync/signal_ports mini-dak porta=(archvsync) NOPASSWD: /home/archvsync/signal_ports-cd + +# temporary, for debugging +thijs klecker=(root) /usr/sbin/tcpdump