From: Peter Palfrader Date: Sat, 28 Sep 2019 18:20:37 +0000 (+0200) Subject: Move backup-server specific sudoers entries out of debian-global sudo X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=4a7616f94fa2156a005712132a02345049d60a67 Move backup-server specific sudoers entries out of debian-global sudo --- diff --git a/modules/postgres/manifests/backup_server.pp b/modules/postgres/manifests/backup_server.pp index de45f72f8..a4c6689db 100644 --- a/modules/postgres/manifests/backup_server.pp +++ b/modules/postgres/manifests/backup_server.pp @@ -99,6 +99,12 @@ class postgres::backup_server { refreshonly => true, } + file { '/etc/sudoers.d/backup-server': + mode => '0440', + content => template('postgres/backup_server/sudoers.erb'), + } + + #### # Maintain .pgpass file on backup servers # # diff --git a/modules/postgres/templates/backup_server/sudoers.erb b/modules/postgres/templates/backup_server/sudoers.erb new file mode 100644 index 000000000..de633ca49 --- /dev/null +++ b/modules/postgres/templates/backup_server/sudoers.erb @@ -0,0 +1,3 @@ +# edit with visudo! + +nagios ALL=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg "" diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 6be418976..6921a27a8 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -91,9 +91,6 @@ nagios MEGARAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog, nagios DELLHOSTS=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage "" nagios DELLHOSTS=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0 nagios DELLHOSTS=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-openmanage -b bp=0 -b bat_charge=0\:0 -# other nagios things -nagios backuphost=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg "" -nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg "" # groups and their role accounts %alioth-archive ALL=(alioth-archive) ALL