X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=8159d5df5fa35af38b06fcacb1bb2088c5f1ccfc;hb=f11cf115a5c5342fff426eb2868162c4c0232848;hp=9fbca5347f70abb4114ed713ac63276f6c10fb63;hpb=932a45b5e26267e989d35262b25f6dfabfb3d52f;p=mirror%2Fdsa-puppet.git diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 9fbca5347..8159d5df5 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -32,11 +32,10 @@ Host_Alias MEGARAIDHOSTS = rautavaara, sibelius Host_Alias MEGACTLHOSTS = nielsen Host_Alias LISTHOSTS = bendel Host_Alias BUILDD_MASTER = wuiet -Host_Alias BUILDD_PORTS_MASTER = portman Host_Alias PORTERBOXES = abel, asachi, barriere, etler, falla, fischer, harris, merulo, minkus, partch, plummer, pizzetti, smetana, zelenka Host_Alias PIUPARTS_SLAVE_HOSTS = piu-slave-bm-a Host_Alias MQ_HOSTS = rainier, rapoport -Host_Alias NOVAHOSTS = oyens, bm-bl9, bm-bl10, bm-bl11, bm-bl12 +Host_Alias NOVAHOSTS = oyens # Cmnd alias specification @@ -122,6 +121,8 @@ nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg %emdebian ALL=(emdebian) ALL %forums ALL=(forums) ALL %gitdoadm ALL=(gitdoadm) ALL +# the git user also exists on adayevskaya where it's a different service.. +%gitdoadm gigault=(git) ALL %httpredir ALL=(httpredir) ALL %httpredir ALL=(httpredir-app) ALL %keyring ALL=(keyring) ALL @@ -131,6 +132,7 @@ nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg %list LISTHOSTS=(list) ALL # archives and stuff %list master=(debian) ALL +%manpages ALL=(manpages) ALL %mirroradm ALL=(archvsync) ALL %nm ALL=(nm) ALL %patch-tracker ALL=(patch-tracker) ALL @@ -151,7 +153,6 @@ nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg %videoteam vittoria=(veyepar) ALL %volatile ALL=(volatile) ALL %wbadm ALL=(wbadm) ALL -%wbadm-ports ALL=(wbadm-ports) ALL %mujeres ALL=(women) ALL %wikiadm ALL=(wiki,wikiweb) ALL %qa-core ALL=(qa) ALL @@ -193,6 +194,7 @@ debwww wolkenstein=(staticsync) NOPASSWD: /usr/local/bin/static-update-componen %Debian dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component wnpp-by-tags.debian.net %Debian dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component mozilla.debian.net %ports dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component www.ports.debian.org +%debian-release respighi=(staticsync) NOPASSWD: /usr/local/bin/static-update-component release.debian.org %debvoip dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component rtc.debian.org %security dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component security-team.debian.org %publicity dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component timeline.debian.net @@ -210,19 +212,18 @@ pabs dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component time %debconfstatic dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component es.debconf.org %debconfstatic dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component fr.debconf.org %debconfstatic dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component miniconf10.debconf.org +mini-dak porta=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.ports.debian.org # The piuparts slave needs to handle chroots piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL # trigger of mirror run for packages #pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload +letsencrypt denis=(dnsadm) NOPASSWD: /srv/dns.debian.org/bin/update %adm draghi=(puppet) NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install # wbadm can update all buildd* users' keys on buildd.d.o %wbadm BUILDD_MASTER=(wb-buildd) ALL %wbadm BUILDD_MASTER=(root) /usr/local/bin/update-buildd-sshkeys -# wbadm can update all buildd* users' keys on buildd.d.o -%wbadm-ports BUILDD_PORTS_MASTER=(wb-buildd) ALL -%wbadm-ports BUILDD_PORTS_MASTER=(root) /usr/local/bin/update-buildd-sshkeys # mirror push dak FTPHOSTS,SECHOSTS=(archvsync) NOPASSWD:/home/archvsync/runmirrors dak franck=(backports) NOPASSWD: /home/backports/bin/update-archive @@ -241,6 +242,7 @@ dak SECHOSTS=(archvsync) NOPASSWD: /home/archvsync/signal_security debwww WEBHOSTS=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors %publicity WEBHOSTS=(debwww) /srv/www.debian.org/update-part News %debvote WEBHOSTS=(debwww) /srv/www.debian.org/update-part vote +%d-i WEBHOSTS=(debwww) /srv/www.debian.org/update-part devel/debian-installer # more list stuff %list LISTHOSTS=(root) /usr/sbin/postfix reload %list stockhausen=(root) /usr/sbin/service jetty restart @@ -273,3 +275,7 @@ cinder NOVAHOSTS=(root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap %openstack NOVAHOSTS=(heat) ALL %openstack NOVAHOSTS=(neutron) ALL %openstack NOVAHOSTS=(nova) ALL + +# ports stuff +mini-dak porta=(archvsync) NOPASSWD: /home/archvsync/signal_ports +mini-dak porta=(archvsync) NOPASSWD: /home/archvsync/signal_ports-cd