X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=4466dda56cda91ab86b1e4db224663272d11b676;hb=1a4f81b1bc574b83ea25e0f87d0bedc4ff9029a7;hp=fc824c2d4e64f559f976a4724f3590834fef2520;hpb=2ee825a91909505b0dcca7d2392207e3bf19b9a8;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index fc824c2d4..4466dda56 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -22,16 +22,17 @@ Defaults	passprompt="[sudo] password for %u on %h: "
 Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 # Host alias specification
-Host_Alias	QAHOSTS		= master, quantz, stabile
+Host_Alias	QAHOSTS		= quantz, stabile
 Host_Alias	WEBHOSTS	= wolkenstein
 Host_Alias	SECHOSTS	= chopin
 Host_Alias	FTPHOSTS	= franck, morricone
 Host_Alias	ZIVITHOSTS	= zelenka, zandonai
 Host_Alias	AACRAIDHOSTS	= bellini, morricone, paganini, respighi, beethoven, pettersson
 Host_Alias	MEGARAIDHOSTS	= grieg, rautavaara, sibelius
-Host_Alias	MPTRAIDHOSTS	= master, fasch, holter, barber, biber, cilea, vitry, krenek, orff
+Host_Alias	MPTRAIDHOSTS	= fasch, holter, barber, biber, cilea, vitry, krenek, orff
 Host_Alias	MEGACTLHOSTS	= lindberg, englund, nielsen
-Host_Alias  LISTHOSTS   = bendel
+Host_Alias	LISTHOSTS	= bendel
+Host_Alias	PORTERBOXES	= agricola, barriere, eder, falla, fischer, gabrielli, harris, merulo, partch, smetana, zelenka
 
 # Cmnd alias specification
 
@@ -48,6 +49,7 @@ root	ALL=(ALL) ALL
 # nagios
 nagios		ALL=(ALL)	NOPASSWD: /etc/init.d/ekeyd-egd-linux restart
 nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems ""
 # with smartarray controllers
 nagios		ALL=(ALL)	NOPASSWD: /sbin/hpasmcli ""
 nagios		ALL=(ALL)	NOPASSWD: /usr/bin/arrayprobe ""
@@ -61,7 +63,7 @@ nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] show statu
 nagios		franck=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail
 
 # other raid controllers
-nagios		powell=(ALL)	NOPASSWD: /usr/local/sbin/areca-cli vsf info
+#nagios		powell=(ALL)	NOPASSWD: /usr/local/sbin/areca-cli vsf info
 nagios		puccini=(ALL)	NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
 nagios		MPTRAIDHOSTS=(ALL)	NOPASSWD: /usr/sbin/mpt-status -s
 nagios		AACRAIDHOSTS=(ALL)	NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD
@@ -110,12 +112,13 @@ nagios		beethoven=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backup
 %volatile	ALL=(volatile)	ALL
 %wbadm		ALL=(wbadm)	ALL
 %mujeres	ALL=(women)	ALL
-%wikiadm	ALL=(wiki)	ALL
-%qa-core	QAHOSTS=(qa)	ALL
+%wikiadm	ALL=(wiki,wikiweb)	ALL
+%qa-core	QAHOSTS=(qa,qa-web-rolex)	ALL
 %gobby		gombert=(gobby)	ALL
 
 # the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
 dak		ALL=(dak-unpriv)	NOPASSWD: ALL
+%ftptrainee	FTPHOSTS=(dak-unpriv)	NOPASSWD: /usr/bin/lintian
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update
@@ -125,10 +128,15 @@ dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
 buildd		ALL=(ALL)		NOPASSWD: ALL
 
+%backports	franck,ries=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
+%debbits	master=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
+planet		senfl=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
+debwww		wolkenstein=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component www.debian.org
+
 # The piuparts slave needs to handle chroots
 piupartss	piatti=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
-pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
+#pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
 # on draghi, the domains git thing will run bind9 reload afterwards
 %dnsadm		draghi,orff=(root)		NOPASSWD: /etc/init.d/bind9 reload
 %dnsadm		draghi,orff=(geodnssync)	NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
@@ -156,7 +164,7 @@ debbugs-mirror	rietz=(root)		NOPASSWD: /usr/bin/vos release -id srv.mirrors.bugs
 dak		SECHOSTS=(archvsync)	NOPASSWD: /home/archvsync/signal_security
 # web stuff
 debwww		WEBHOSTS=(archvsync)	NOPASSWD: /home/archvsync/webmirrors/runmirrors
-%press		WEBHOSTS=(debwww)	/org/www.debian.org/update-part News
+%press		WEBHOSTS=(debwww)	/srv/www.debian.org/update-part News
 # more list stuff
 %list		LISTHOSTS=(root)		/usr/sbin/postfix reload
 %list		LISTHOSTS=(root)		/usr/sbin/qshape, /usr/sbin/postsuper
@@ -166,6 +174,8 @@ debwww		WEBHOSTS=(archvsync)	NOPASSWD: /home/archvsync/webmirrors/runmirrors
 # geodns may reload bind
 geodnssync	geo1,geo2,geo3=(root)	NOPASSWD: /etc/init.d/bind9 reload
 geodnssync	geo1,geo2,geo3=(root)	NOPASSWD: /usr/sbin/rndc reconfig
+# pushed nagiosadm reload icinga on tchaikovsky
+nagiosadm	tchaikovsky=(root)		NOPASSWD: /usr/sbin/service icinga reload
 
 # Porter work
 %porter-armel	abel,agricola=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
@@ -177,3 +187,4 @@ geodnssync	geo1,geo2,geo3=(root)	NOPASSWD: /usr/sbin/rndc reconfig
 %porter-ppc	partch=(root)		/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
 %porter-s390	zelenka=(root)		/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
 %porter-sparc	smetana,sperger=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
+%Debian,%guest	PORTERBOXES=(root)	NOPASSWD: /usr/local/bin/dd-schroot-cmd