X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=45465151646c2167b37043dd59454a17a80262f0;hb=6ac0d4c6b8904fe285480ffc224f70d3e1dbeffb;hp=7a3f12753eec7e2ac8a83e6b13e5afdb340fb5d1;hpb=af2e69385e17aa5eeb38d7644bf97684b168e0e7;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 7a3f12753..454651516 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -22,14 +22,14 @@ Defaults	passprompt="[sudo] password for %u on %h: "
 Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 # Host alias specification
-Host_Alias	QAHOSTS		= master, quantz, stabile
+Host_Alias	QAHOSTS		= quantz, stabile
 Host_Alias	WEBHOSTS	= wolkenstein
 Host_Alias	SECHOSTS	= chopin
 Host_Alias	FTPHOSTS	= franck, morricone
 Host_Alias	ZIVITHOSTS	= zelenka, zandonai
 Host_Alias	AACRAIDHOSTS	= bellini, morricone, paganini, respighi, beethoven, pettersson
 Host_Alias	MEGARAIDHOSTS	= grieg, rautavaara, sibelius
-Host_Alias	MPTRAIDHOSTS	= master, fasch, holter, barber, biber, cilea, vitry, krenek, orff
+Host_Alias	MPTRAIDHOSTS	= old-master, fasch, holter, barber, biber, cilea, vitry, krenek, orff
 Host_Alias	MEGACTLHOSTS	= lindberg, englund, nielsen
 Host_Alias  LISTHOSTS   = bendel
 
@@ -48,6 +48,8 @@ root	ALL=(ALL) ALL
 # nagios
 nagios		ALL=(ALL)	NOPASSWD: /etc/init.d/ekeyd-egd-linux restart
 nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
+nagios		dinis=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-bacula
+nagios		ALL=(ALL)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-filesystems ""
 # with smartarray controllers
 nagios		ALL=(ALL)	NOPASSWD: /sbin/hpasmcli ""
 nagios		ALL=(ALL)	NOPASSWD: /usr/bin/arrayprobe ""
@@ -60,6 +62,14 @@ nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] pd [0-9][E
 nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] show status
 nagios		franck=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail
 
+nagios		ALL=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller all show
+nagios		ALL=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller slot=[0129] pd all show
+nagios		ALL=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller slot=[0129] pd [0-9]\:[0-9] show
+nagios		ALL=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller slot=[0129] pd [0-9][EIC]\:[0-9]\:[0-9] show
+nagios		ALL=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller slot=[0129] pd [0-9][EIC]\:[0-9]\:[0-9][0-9] show
+nagios		ALL=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller slot=[0129] show status
+nagios		franck=(ALL)	NOPASSWD: setarch x86_64 --uname-2.6 /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail
+
 # other raid controllers
 nagios		powell=(ALL)	NOPASSWD: /usr/local/sbin/areca-cli vsf info
 nagios		puccini=(ALL)	NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
@@ -110,12 +120,13 @@ nagios		beethoven=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backup
 %volatile	ALL=(volatile)	ALL
 %wbadm		ALL=(wbadm)	ALL
 %mujeres	ALL=(women)	ALL
-%wikiadm	ALL=(wiki)	ALL
+%wikiadm	ALL=(wiki,wikiweb)	ALL
 %qa-core	QAHOSTS=(qa)	ALL
 %gobby		gombert=(gobby)	ALL
 
 # the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
 dak		ALL=(dak-unpriv)	NOPASSWD: ALL
+%ftptrainee	FTPHOSTS=(dak-unpriv)	NOPASSWD: /usr/bin/lintian
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update
@@ -125,6 +136,9 @@ dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
 buildd		ALL=(ALL)		NOPASSWD: ALL
 
+%planet		senfl=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
+%debbits	master=(staticsync)	NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
+
 # The piuparts slave needs to handle chroots
 piupartss	piatti=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
@@ -167,7 +181,7 @@ debwww		WEBHOSTS=(archvsync)	NOPASSWD: /home/archvsync/webmirrors/runmirrors
 geodnssync	geo1,geo2,geo3=(root)	NOPASSWD: /etc/init.d/bind9 reload
 geodnssync	geo1,geo2,geo3=(root)	NOPASSWD: /usr/sbin/rndc reconfig
 # pushed nagiosadm reload icinga on tchaikovsky
-nagiosadm	tchaikovsky=(root)		/usr/sbin/service icinga reload
+nagiosadm	tchaikovsky=(root)		NOPASSWD: /usr/sbin/service icinga reload
 
 # Porter work
 %porter-armel	abel,agricola=(root)	/usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot