]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - modules/sudo/files/common/sudoers
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
klecker: a few rules for security folks to interact with dak and archvsync. copied...
[dsa-puppet.git] / modules / sudo / files / common / sudoers
diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index 11fce4590338fb7a3bf37c71b4b1ab4ed6f95756..10e850bf5bf88cab8d012cbd98522c1c7421f793 100644 (file)
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -99,3 +99,10 @@ dak          ries=(archvsync)        NOPASSWD:/home/archvsync/runmirrors
 # dak stuff
 %debian-release        ries=(dak)              /usr/local/bin/dak transitions --import *
 %ftpteam       ries=(dak)              /usr/local/bin/dak transitions --import *
+# security
+%security      klecker=(dak)           NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
+%sec_public    klecker=(dak)           NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
+%sec_data      klecker=(archvsync)     NOPASSWD: /home/archvsync/security/signal ""
+dak            klecker=(archvsync)     NOPASSWD: /home/archvsync/signal_security
+# web stuff
+debwww         klecker=(archvsync)     NOPASSWD: /home/archvsync/webmirrors/runmirrors
Unnamed repository; edit this file 'description' to name the repository.