X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=1676b00396e644a4afd26d41112f22cd15448653;hb=7a5f12c5f4727a768c1606030c2a6d79ce31cdc3;hp=d0314bb88199d4a89357d6b79553fe0fa53a5af8;hpb=3b9855e50004d7fdd1639415f8495b2f0a9a3174;p=dsa-puppet.git

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index d0314bb8..1676b003 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -104,11 +104,13 @@ nagios		beethoven,backuphost=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-c
 %mirroradm	ALL=(archvsync)	ALL
 %nm		ALL=(nm)	ALL
 %patch-tracker	ALL=(patch-tracker)	ALL
+%pet-devel	ALL=(pet-devel)	ALL
 %piuparts	ALL=(piupartsm)	ALL
 %piuparts	ALL=(piupartss)	ALL
 %pkg_maint	ALL=(pkg_user)	ALL
 %planet		ALL=(planet)	ALL
 %popcon		ALL=(popcon)	ALL
+%ports		ALL=(ports)	ALL
 %search		ALL=(search)	ALL
 %secretary	ALL=(secretary)	ALL
 %sectracker	ALL=(sectracker)	ALL
@@ -126,6 +128,8 @@ nagios		beethoven,backuphost=(debbackup)	NOPASSWD: /usr/lib/nagios/plugins/dsa-c
 # the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
 %ftptrainee	FTPHOSTS=(dak-unpriv)	NOPASSWD: /usr/bin/lintian
 dak		ALL=(dak-unpriv)	NOPASSWD: ALL
+# and ftpmaster can access the role user for their web services
+%debadmin	FTPHOSTS=(dak-web)	ALL
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl	ALL=(root)	/usr/sbin/apache2-vhost-update
@@ -145,12 +149,14 @@ debwww		wolkenstein=(staticsync)	NOPASSWD: /usr/local/bin/static-update-componen
 %blends		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component blends.debian.org
 %Debian		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component wnpp-by-tags.debian.net
 %Debian		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component mozilla.debian.net
+%ports		dillon=(staticsync)		NOPASSWD: /usr/local/bin/static-update-component ports.debian.org
 
 # The piuparts slave needs to handle chroots
 piupartss	PIUPARTS_SLAVE_HOSTS=(ALL)		NOPASSWD: ALL
 # trigger of mirror run for packages
 #pkg_user	powell=(archvsync)	NOPASSWD: /home/archvsync/bin/pushpdo
 # on draghi, the domains git thing will run bind9 reload afterwards
+dnsadm		denis=(root)			NOPASSWD: /usr/sbin/service bind9 reload
 %dnsadm		draghi,orff=(root)		NOPASSWD: /etc/init.d/bind9 reload
 %dnsadm		draghi,orff=(geodnssync)	NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
 %adm		draghi=(puppet)			NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install