X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=5b816ea720258f8773f78c7c0b38531ebf4be3a0;hb=12d75e21acac497f54af681a244c8bcf9a20640b;hp=74d52cb78227e5b23655d6f6b64a34392be51888;hpb=0473ddca7d039630a49641c4184d21ac789f1166;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 74d52cb78..5b816ea72 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -21,6 +21,8 @@ Defaults	env_reset
 Defaults	passprompt="[sudo] password for %u on %h: "
 Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
+# Find binaries to be executed as archvsync user also in its home, so the
+# caller does not need to know.
 Defaults>archvsync secure_path="/home/archvsync/bin:/usr/local/bin:/usr/bin:/bin"
 
 # Host alias specification
@@ -37,7 +39,6 @@ Host_Alias	PORTERBOXES	= abel, amdahl, asachi, barriere, eller, falla, fischer,
 Host_Alias	PIUPARTS_SLAVE_HOSTS	= piu-slave-bm-a, piu-slave-ubc-01
 Host_Alias	MQ_HOSTS	= rainier, rapoport
 Host_Alias	JENKINSHOSTS	= jerea
-Host_Alias	SIGNINGHOSTS	= fasolo
 
 # Cmnd alias specification
 
@@ -174,8 +175,6 @@ nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 # and ftpmaster can access the role user for their web services
 %debadmin	FTPHOSTS=(dak-web)	ALL
-# the dak user gets to sign stuff
-dak		SIGNINGHOSTS=(codesign)	/usr/local/bin/secure-boot-code-sign
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update