X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=f6da85a785f255c886a97cecea9a36393b734374;hb=a3714532f4a134c0c62ee074dbf5bf6b187b83b5;hp=a7d5c65dc14a0cded240105f96cdfb3755fcc9f8;hpb=f5332ef84deb1a27990c625d2eb0901746cf3499;p=dsa-puppet.git diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index a7d5c65d..f6da85a7 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -29,10 +29,11 @@ Host_Alias FTPHOSTS = franck, morricone Host_Alias ZIVITHOSTS = zelenka, zandonai Host_Alias AACRAIDHOSTS = bellini, morricone, paganini, respighi, beethoven, pettersson Host_Alias MEGARAIDHOSTS = grieg, rautavaara, sibelius -Host_Alias MPTRAIDHOSTS = fasch, holter, barber, biber, cilea, vitry, krenek, orff -Host_Alias MEGACTLHOSTS = lindberg, englund, nielsen +Host_Alias MPTRAIDHOSTS = barber, biber, cilea, vitry, orff +Host_Alias MEGACTLHOSTS = nielsen Host_Alias LISTHOSTS = bendel -Host_Alias PORTERBOXES = agricola, barriere, falla, fischer, merulo, partch, smetana, zelenka +Host_Alias PORTERBOXES = abel, agricola, barriere, eder, falla, fischer, gabrielli, harris, merulo, partch, smetana, zelenka +Host_Alias PIUPARTS_SLAVE_HOSTS = piatti, piu-slave-bm-a # Cmnd alias specification @@ -63,8 +64,7 @@ nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] show statu nagios franck=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail # other raid controllers -#nagios powell=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info -nagios puccini=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status +nagios powell=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status nagios MPTRAIDHOSTS=(ALL) NOPASSWD: /usr/sbin/mpt-status -s nagios AACRAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD nagios MEGARAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog, /usr/local/bin/megarc -dispCfg -a0 -nolog @@ -117,8 +117,8 @@ nagios beethoven=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backup %gobby gombert=(gobby) ALL # the dak user gets to run stuff as dak-unpriv (for things like lintian checks) -dak ALL=(dak-unpriv) NOPASSWD: ALL %ftptrainee FTPHOSTS=(dak-unpriv) NOPASSWD: /usr/bin/lintian +dak ALL=(dak-unpriv) NOPASSWD: ALL # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost %apachectrl ALL=(root) /usr/sbin/apache2-vhost-update @@ -128,12 +128,14 @@ dak ALL=(dak-unpriv) NOPASSWD: ALL Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" buildd ALL=(ALL) NOPASSWD: ALL -%planet senfl=(staticsync) NOPASSWD: /usr/local/bin/static-update-component planet.debian.org -%debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org %backports franck,ries=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org +dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component ftp-master.metadata.debian.org +%debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org +planet senfl=(staticsync) NOPASSWD: /usr/local/bin/static-update-component planet.debian.org +debwww wolkenstein=(staticsync) NOPASSWD: /usr/local/bin/static-update-component www.debian.org # The piuparts slave needs to handle chroots -piupartss piatti=(ALL) NOPASSWD: ALL +piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL # trigger of mirror run for packages #pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo # on draghi, the domains git thing will run bind9 reload afterwards @@ -151,8 +153,6 @@ planet senfl=(archvsync) NOPASSWD: /home/archvsync/bin/runplanet "" # archvsync triggers snapshot archvsync sibelius,stabile=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger archvsync sibelius,stabile=(snapshot) NOPASSWD: /srv/2ndsnapshot/bin/update-trigger -# allow the debbugs-mirror user on rietz to release the afs volume so changes make it to the read-only replicas -debbugs-mirror rietz=(root) NOPASSWD: /usr/bin/vos release -id srv.mirrors.bugs -localauth # dak stuff %debian-release FTPHOSTS=(dak) /usr/local/bin/dak transitions --import * %ftpteam FTPHOSTS=(dak) /usr/local/bin/dak transitions --import * @@ -176,14 +176,4 @@ geodnssync geo1,geo2,geo3=(root) NOPASSWD: /usr/sbin/rndc reconfig # pushed nagiosadm reload icinga on tchaikovsky nagiosadm tchaikovsky=(root) NOPASSWD: /usr/sbin/service icinga reload -# Porter work -%porter-armel abel,agricola=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-armel harris=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-amd64 barriere,pergolesi=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-bsd falla,fischer=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-ia64 merulo=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-mips eder,gabrielli=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-ppc partch=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-s390 zelenka=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot -%porter-sparc smetana,sperger=(root) /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot %Debian,%guest PORTERBOXES=(root) NOPASSWD: /usr/local/bin/dd-schroot-cmd