%mirroradm ALL=(archvsync) ALL
%nm ALL=(nm) ALL
%patch-tracker ALL=(patch-tracker) ALL
+%pet-devel ALL=(pet-devel) ALL
%piuparts ALL=(piupartsm) ALL
%piuparts ALL=(piupartss) ALL
%pkg_maint ALL=(pkg_user) ALL
# the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
%ftptrainee FTPHOSTS=(dak-unpriv) NOPASSWD: /usr/bin/lintian
dak ALL=(dak-unpriv) NOPASSWD: ALL
+# and ftpmaster can access the role user for their web services
+%debadmin FTPHOSTS=(dak-web) ALL
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
%backports franck,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
-dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component ftp-master.metadata.debian.org
+dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
+dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org
%debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
%webwml master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component network-test.debian.org
planet philp,senfl=(staticsync) NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
%blends dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component blends.debian.org
%Debian dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component wnpp-by-tags.debian.net
%Debian dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component mozilla.debian.net
-ports dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component ports.debian.org
+%ports dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component ports.debian.org
# The piuparts slave needs to handle chroots
piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL
# trigger of mirror run for packages
#pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo
-# on draghi, the domains git thing will run bind9 reload afterwards
dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload
-%dnsadm draghi,orff=(root) NOPASSWD: /etc/init.d/bind9 reload
-%dnsadm draghi,orff=(geodnssync) NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
+%dnsadm orff=(root) NOPASSWD: /etc/init.d/bind9 reload
+%dnsadm orff=(geodnssync) NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
%adm draghi=(puppet) NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
# wbadm can update all buildd* users' keys on buildd.d.o
%wbadm BUILDD_MASTER=(wb-buildd) ALL
%press WEBHOSTS=(debwww) /srv/www.debian.org/update-part News
# more list stuff
%list LISTHOSTS=(root) /usr/sbin/postfix reload
+%list stockhausen=(root) /usr/sbin/service jetty restart
%list LISTHOSTS=(root) /usr/sbin/qshape, /usr/sbin/postsuper
%list LISTHOSTS=(root) /etc/init.d/spamassassin, /etc/init.d/amavis
%list LISTHOSTS=(amavis) NOPASSWD: /usr/bin/sa-learn