X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=f5c09c62d82ba87c8de41dfcc3a59631422c8069;hb=cb2e9607cf2092ee657889e2eaee4224eadd7bfe;hp=7a3fcc8e72a986f2359e03cf186977020a1dc480;hpb=3e14296a0fa011ab703bbc0a0efa9803b7b1eea0;p=mirror%2Fdsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 7a3fcc8e7..f5c09c62d 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -31,10 +31,11 @@ Host_Alias	AACRAIDHOSTS	= pettersson
 Host_Alias	MEGARAIDHOSTS	= sibelius
 Host_Alias	LISTHOSTS	= bendel
 Host_Alias	BUILDD_MASTER	= wuiet
-Host_Alias	PORTERBOXES	= abel, asachi, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti, zelenka
+Host_Alias	PORTERBOXES	= abel, amdahl, asachi, barriere, eller, falla, fischer, harris, minkus, partch, plummer, pizzetti, zelenka
 Host_Alias	PIUPARTS_SLAVE_HOSTS	= piu-slave-bm-a, piu-slave-ubc-01
 Host_Alias	MQ_HOSTS	= rainier, rapoport
 Host_Alias	JENKINSHOSTS	= jerea
+Host_Alias	SIGNINGHOSTS	= fasolo
 
 # Cmnd alias specification
 
@@ -118,7 +119,7 @@ nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 %forums		ALL=(forums)	ALL
 %gitdoadm	ALL=(gitdoadm)	ALL
 # the git user also exists on adayevskaya where it's a different service..
-%gitdoadm	gigault=(git)	ALL
+%gitdoadm	godard=(git)	ALL
 %keyring	ALL=(keyring)	ALL
 %jenkins-adm	ALL=(jenkins-adm)	ALL
 %lintian	ALL=(lintian)	ALL
@@ -162,6 +163,8 @@ nagios		storace=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 dak		ALL=(dak-unpriv)	NOPASSWD: ALL
 # and ftpmaster can access the role user for their web services
 %debadmin	FTPHOSTS=(dak-web)	ALL
+# the dak user gets to sign stuff
+dak		SIGNINGHOSTS=(codesign)	/usr/local/bin/secure-boot-code-sign
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update
@@ -246,7 +249,6 @@ debwww		WEBHOSTS=(archvsync)	NOPASSWD: /home/archvsync/webmirrors/runmirrors
 %d-i		WEBHOSTS=(debwww)	/srv/www.debian.org/cron/lessoften-parts/1installation-guide
 # more list stuff
 %list		LISTHOSTS=(root)		/usr/sbin/postfix reload
-%list		stockhausen=(root)		/usr/sbin/service jetty restart
 %list		LISTHOSTS=(root)		/usr/sbin/qshape, /usr/sbin/postsuper
 %list		LISTHOSTS=(root)		/etc/init.d/spamassassin, /etc/init.d/amavis
 %list		LISTHOSTS=(amavis)		NOPASSWD: /usr/bin/sa-learn
@@ -269,3 +271,6 @@ nagiosadm	tchaikovsky=(root)		NOPASSWD: /usr/sbin/service icinga reload
 # ports stuff
 mini-dak	porta=(archvsync)	NOPASSWD: /home/archvsync/signal_ports
 mini-dak	porta=(archvsync)	NOPASSWD: /home/archvsync/signal_ports-cd
+
+# temporary, for debugging
+thijs		klecker=(root)		/usr/sbin/tcpdump