# the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
%ftptrainee FTPHOSTS=(dak-unpriv) NOPASSWD: /usr/bin/lintian
dak ALL=(dak-unpriv) NOPASSWD: ALL
+# and ftpmaster can access the role user for their web services
+%debadmin FTPHOSTS=(dak-web) ALL
# some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update
piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL
# trigger of mirror run for packages
#pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo
-# on draghi, the domains git thing will run bind9 reload afterwards
dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload
-%dnsadm draghi,orff=(root) NOPASSWD: /etc/init.d/bind9 reload
-%dnsadm draghi,orff=(geodnssync) NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
+%dnsadm orff=(root) NOPASSWD: /etc/init.d/bind9 reload
+%dnsadm orff=(geodnssync) NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
%adm draghi=(puppet) NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
# wbadm can update all buildd* users' keys on buildd.d.o
%wbadm BUILDD_MASTER=(wb-buildd) ALL
%press WEBHOSTS=(debwww) /srv/www.debian.org/update-part News
# more list stuff
%list LISTHOSTS=(root) /usr/sbin/postfix reload
+%list stockhausen=(root) /usr/sbin/service jetty restart
%list LISTHOSTS=(root) /usr/sbin/qshape, /usr/sbin/postsuper
%list LISTHOSTS=(root) /etc/init.d/spamassassin, /etc/init.d/amavis
%list LISTHOSTS=(amavis) NOPASSWD: /usr/bin/sa-learn