From: Peter Palfrader Date: Tue, 7 Apr 2009 22:08:47 +0000 (+0200) Subject: Add sudoers files X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=d0ba5dc906cbff4a9dd947d461a15be4cc8fd761;p=dsa-puppet.git Add sudoers files --- diff --git a/modules/sudo/files/per-host/agnesi.debian.org/sudoers b/modules/sudo/files/per-host/agnesi.debian.org/sudoers new file mode 100644 index 00000000..6662eb98 --- /dev/null +++ b/modules/sudo/files/per-host/agnesi.debian.org/sudoers @@ -0,0 +1,28 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots +admin ALL=(ALL) ALL +joeyh ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/agricola.debian.org/sudoers b/modules/sudo/files/per-host/agricola.debian.org/sudoers new file mode 100644 index 00000000..7cba96ea --- /dev/null +++ b/modules/sudo/files/per-host/agricola.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Uncomment to allow members of group sudo to not need a password +# %sudo ALL=NOPASSWD: ALL + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/albeniz.debian.org/sudoers b/modules/sudo/files/per-host/albeniz.debian.org/sudoers new file mode 100644 index 00000000..61a7df7a --- /dev/null +++ b/modules/sudo/files/per-host/albeniz.debian.org/sudoers @@ -0,0 +1,36 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +# Defaults +#Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" + +# local admin +%sanger ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/allegri.debian.org/sudoers b/modules/sudo/files/per-host/allegri.debian.org/sudoers new file mode 100644 index 00000000..d9fad999 --- /dev/null +++ b/modules/sudo/files/per-host/allegri.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Uncomment to allow members of group sudo to not need a password +# %sudo ALL=NOPASSWD: ALL + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +buildd ALL=NOPASSWD: ALL +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/arcadelt.debian.org/sudoers b/modules/sudo/files/per-host/arcadelt.debian.org/sudoers new file mode 100644 index 00000000..d9fad999 --- /dev/null +++ b/modules/sudo/files/per-host/arcadelt.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Uncomment to allow members of group sudo to not need a password +# %sudo ALL=NOPASSWD: ALL + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +buildd ALL=NOPASSWD: ALL +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/argento.debian.org/sudoers b/modules/sudo/files/per-host/argento.debian.org/sudoers new file mode 100644 index 00000000..7071f776 --- /dev/null +++ b/modules/sudo/files/per-host/argento.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Uncomment to allow members of group sudo to not need a password +# %sudo ALL=NOPASSWD: ALL + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/ball.debian.org/sudoers b/modules/sudo/files/per-host/ball.debian.org/sudoers new file mode 100644 index 00000000..231a9d5a --- /dev/null +++ b/modules/sudo/files/per-host/ball.debian.org/sudoers @@ -0,0 +1,34 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +#rmurray ALL=(ALL) NOPASSWD: ALL +#luk ALL=(ALL) NOPASSWD: ALL +#ths ALL=(ALL) NOPASSWD: ALL + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=(ALL) NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/bartok.debian.org/sudoers b/modules/sudo/files/per-host/bartok.debian.org/sudoers new file mode 100644 index 00000000..e7205d01 --- /dev/null +++ b/modules/sudo/files/per-host/bartok.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/brahms.debian.org/sudoers b/modules/sudo/files/per-host/brahms.debian.org/sudoers new file mode 100644 index 00000000..1b5dd40c --- /dev/null +++ b/modules/sudo/files/per-host/brahms.debian.org/sudoers @@ -0,0 +1,36 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" diff --git a/modules/sudo/files/per-host/caballero.debian.org/sudoers b/modules/sudo/files/per-host/caballero.debian.org/sudoers new file mode 100644 index 00000000..c2d3ecf1 --- /dev/null +++ b/modules/sudo/files/per-host/caballero.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/carver.debian.org/sudoers b/modules/sudo/files/per-host/carver.debian.org/sudoers new file mode 100644 index 00000000..c5a80dd0 --- /dev/null +++ b/modules/sudo/files/per-host/carver.debian.org/sudoers @@ -0,0 +1,40 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status + +%mirroradm ALL=(archvsync) ALL +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update diff --git a/modules/sudo/files/per-host/chopin.debian.org/sudoers b/modules/sudo/files/per-host/chopin.debian.org/sudoers new file mode 100644 index 00000000..a4401285 --- /dev/null +++ b/modules/sudo/files/per-host/chopin.debian.org/sudoers @@ -0,0 +1,37 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" + +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + +%mirroradm ALL=(archvsync) ALL +%debadmin ALL=(dak) ALL + diff --git a/modules/sudo/files/per-host/crest.debian.org/sudoers b/modules/sudo/files/per-host/crest.debian.org/sudoers new file mode 100644 index 00000000..3655e586 --- /dev/null +++ b/modules/sudo/files/per-host/crest.debian.org/sudoers @@ -0,0 +1,42 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# hack to fix Jan. 06 sudo breakage 20060126 MSch +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +doko ALL = NOPASSWD: ALL +gotom ALL = NOPASSWD: ALL +joey ALL = NOPASSWD: ALL + +# m68k buildd admins +adconrad ALL = NOPASSWD: ALL +buildd ALL = NOPASSWD: ALL +cts ALL = NOPASSWD: ALL +schmitz ALL = NOPASSWD: ALL +smarenka ALL =(ALL) NOPASSWD: ALL +smurf ALL = NOPASSWD: ALL +wouter ALL = NOPASSWD: ALL +younie ALL = NOPASSWD: ALL +luk ALL = NOPASSWD: ALL + +# Debian Administration +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots diff --git a/modules/sudo/files/per-host/dijkstra.debian.org/sudoers b/modules/sudo/files/per-host/dijkstra.debian.org/sudoers new file mode 100644 index 00000000..336db948 --- /dev/null +++ b/modules/sudo/files/per-host/dijkstra.debian.org/sudoers @@ -0,0 +1,39 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + diff --git a/modules/sudo/files/per-host/elara.debian.org/sudoers b/modules/sudo/files/per-host/elara.debian.org/sudoers new file mode 100644 index 00000000..726cc22d --- /dev/null +++ b/modules/sudo/files/per-host/elara.debian.org/sudoers @@ -0,0 +1,27 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=(ALL) NOPASSWD: ALL +%buildd ALL=(buildd) ALL diff --git a/modules/sudo/files/per-host/europa.debian.org/sudoers b/modules/sudo/files/per-host/europa.debian.org/sudoers new file mode 100644 index 00000000..726cc22d --- /dev/null +++ b/modules/sudo/files/per-host/europa.debian.org/sudoers @@ -0,0 +1,27 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=(ALL) NOPASSWD: ALL +%buildd ALL=(buildd) ALL diff --git a/modules/sudo/files/per-host/geo1.debian.org/sudoers b/modules/sudo/files/per-host/geo1.debian.org/sudoers new file mode 100644 index 00000000..5da25214 --- /dev/null +++ b/modules/sudo/files/per-host/geo1.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" diff --git a/modules/sudo/files/per-host/geo2.debian.org/sudoers b/modules/sudo/files/per-host/geo2.debian.org/sudoers new file mode 100644 index 00000000..5da25214 --- /dev/null +++ b/modules/sudo/files/per-host/geo2.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" diff --git a/modules/sudo/files/per-host/geo3.debian.org/sudoers b/modules/sudo/files/per-host/geo3.debian.org/sudoers new file mode 100644 index 00000000..5da25214 --- /dev/null +++ b/modules/sudo/files/per-host/geo3.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" diff --git a/modules/sudo/files/per-host/gluck.debian.org/sudoers b/modules/sudo/files/per-host/gluck.debian.org/sudoers new file mode 100644 index 00000000..090b1b62 --- /dev/null +++ b/modules/sudo/files/per-host/gluck.debian.org/sudoers @@ -0,0 +1,44 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# HP local admin group +%hpadmins ALL=(ALL) ALL + +%popcon ALL=(popcon) ALL +%debwww ALL=(debwww) ALL +%planet ALL=(planet) ALL +%lintian ALL=(lintian) ALL +%snapshot ALL=(snapshot) ALL + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(root) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/goedel.debian.org/sudoers b/modules/sudo/files/per-host/goedel.debian.org/sudoers new file mode 100644 index 00000000..1c97e4c5 --- /dev/null +++ b/modules/sudo/files/per-host/goedel.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# Defaults +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/goetz.debian.org/sudoers b/modules/sudo/files/per-host/goetz.debian.org/sudoers new file mode 100644 index 00000000..3510c210 --- /dev/null +++ b/modules/sudo/files/per-host/goetz.debian.org/sudoers @@ -0,0 +1,37 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# Defaults +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +# local admin +%sanger ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/handel.debian.org/sudoers b/modules/sudo/files/per-host/handel.debian.org/sudoers new file mode 100644 index 00000000..a68cfdea --- /dev/null +++ b/modules/sudo/files/per-host/handel.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/kassia.debian.org/sudoers b/modules/sudo/files/per-host/kassia.debian.org/sudoers new file mode 100644 index 00000000..7dfb2693 --- /dev/null +++ b/modules/sudo/files/per-host/kassia.debian.org/sudoers @@ -0,0 +1,37 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +jeroen ALL=(ALL) ALL + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/klecker.debian.org/sudoers b/modules/sudo/files/per-host/klecker.debian.org/sudoers new file mode 100644 index 00000000..a8bab5dd --- /dev/null +++ b/modules/sudo/files/per-host/klecker.debian.org/sudoers @@ -0,0 +1,52 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +jeroen ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# Security +%security klecker=(dak) NOPASSWD:/usr/local/bin/dak new-security-install -[AR] -- * +%sec_public klecker=(dak) NOPASSWD:/usr/local/bin/dak new-security-install -[AR] -- * +%sec_data klecker=(archvsync) NOPASSWD: /home/archvsync/security/signal "" + +# ftpmaster +%debadmin ALL=(root) NOPASSWD:/bin/su - dak, (dak) NOPASSWD: ALL +dak ALL=(archvsync) NOPASSWD:/home/archvsync/runmirrors, NOPASSWD:/home/archvsync/rundebbugs, NOPASSWD:/home/archvsync/runpackageweb, NOPASSWD:/home/archvsync/signal_security + +# www-master +debwww klecker=(archvsync) NOPASSWD:/home/archvsync/webmirrors/runmirrors +# Updating the web pages +%debwww ALL=(debwww) ALL + +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + +# mirroradm +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/lafayette.debian.org/sudoers b/modules/sudo/files/per-host/lafayette.debian.org/sudoers new file mode 100644 index 00000000..b7c09d48 --- /dev/null +++ b/modules/sudo/files/per-host/lafayette.debian.org/sudoers @@ -0,0 +1,36 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL diff --git a/modules/sudo/files/per-host/lebrun.debian.org/sudoers b/modules/sudo/files/per-host/lebrun.debian.org/sudoers new file mode 100644 index 00000000..377b6266 --- /dev/null +++ b/modules/sudo/files/per-host/lebrun.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" diff --git a/modules/sudo/files/per-host/liszt.debian.org/sudoers b/modules/sudo/files/per-host/liszt.debian.org/sudoers new file mode 100644 index 00000000..ce57bc8a --- /dev/null +++ b/modules/sudo/files/per-host/liszt.debian.org/sudoers @@ -0,0 +1,49 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# Listmaster stuff +%listweb ALL=(listweb) NOPASSWD: ALL +%list ALL=(list) NOPASSWD: ALL + +%list ALL=(root) NOPASSWD: /usr/sbin/postfix reload +%list ALL=(root) NOPASSWD: /usr/sbin/qshape +%list ALL=(root) /usr/sbin/postsuper +%list ALL=(root) /etc/init.d/spamassassin restart +%list ALL=(root) /etc/init.d/amavisd +%list ALL=(root) /usr/local/sbin/amavisd-new +%list ALL=(amavis) NOPASSWD: ALL + +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + + diff --git a/modules/sudo/files/per-host/lobos.debian.org/sudoers b/modules/sudo/files/per-host/lobos.debian.org/sudoers new file mode 100644 index 00000000..ff5e7875 --- /dev/null +++ b/modules/sudo/files/per-host/lobos.debian.org/sudoers @@ -0,0 +1,33 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/mahler.debian.org/sudoers b/modules/sudo/files/per-host/mahler.debian.org/sudoers new file mode 100644 index 00000000..e9c9af60 --- /dev/null +++ b/modules/sudo/files/per-host/mahler.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + +dannf ALL=(ALL) ALL diff --git a/modules/sudo/files/per-host/malo.debian.org/sudoers b/modules/sudo/files/per-host/malo.debian.org/sudoers new file mode 100644 index 00000000..d1411cb1 --- /dev/null +++ b/modules/sudo/files/per-host/malo.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/master.debian.org/sudoers b/modules/sudo/files/per-host/master.debian.org/sudoers new file mode 100644 index 00000000..5492a1e4 --- /dev/null +++ b/modules/sudo/files/per-host/master.debian.org/sudoers @@ -0,0 +1,43 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification +Host_Alias BUGS = master, spohr + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%debbugs BUGS=(debbugs) NOPASSWD: ALL +%secretary ALL=(secretary) ALL + +# QA +tbm ALL=(qa) ALL +weasel ALL=(qa) ALL +aba ALL=(qa) ALL +jeroen ALL=(qa) ALL +myon ALL=(qa) ALL +hertzog ALL=(qa) ALL +lucas ALL=(qa) ALL +luk ALL=(qa) ALL +zack ALL=(qa) ALL +djpig ALL=(qa) ALL + + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/mpt-status -s +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/mayer.debian.org/sudoers b/modules/sudo/files/per-host/mayer.debian.org/sudoers new file mode 100644 index 00000000..11ae925f --- /dev/null +++ b/modules/sudo/files/per-host/mayer.debian.org/sudoers @@ -0,0 +1,30 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/mayr.debian.org/sudoers b/modules/sudo/files/per-host/mayr.debian.org/sudoers new file mode 100644 index 00000000..71762b3f --- /dev/null +++ b/modules/sudo/files/per-host/mayr.debian.org/sudoers @@ -0,0 +1,30 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=(ALL) NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/merkel.debian.org/sudoers b/modules/sudo/files/per-host/merkel.debian.org/sudoers new file mode 100644 index 00000000..7d014a61 --- /dev/null +++ b/modules/sudo/files/per-host/merkel.debian.org/sudoers @@ -0,0 +1,49 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# HP local admin group +%hpadmins ALL=(ALL) ALL + +%debbugs ALL=(debbugs) ALL +%nm ALL=(nm) ALL +%dde ALL=(dde) ALL +%debadmin ALL=(katie) NOPASSWD: ALL +%debadmin ALL=(dak) ALL +%debadmin ALL=(archvsync) NOPASSWD: ALL + +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + +# QA +weasel ALL=(qa) ALL +aba ALL=(qa) ALL +jeroen ALL=(qa) ALL +myon ALL=(qa) ALL +hertzog ALL=(qa) ALL +lucas ALL=(qa) ALL +joerg ALL=(qa) ALL +djpig ALL=(qa) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/merulo.debian.org/sudoers b/modules/sudo/files/per-host/merulo.debian.org/sudoers new file mode 100644 index 00000000..75f12c1d --- /dev/null +++ b/modules/sudo/files/per-host/merulo.debian.org/sudoers @@ -0,0 +1,30 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +# HP local admin group +%hpadmins ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + diff --git a/modules/sudo/files/per-host/morales.debian.org/sudoers b/modules/sudo/files/per-host/morales.debian.org/sudoers new file mode 100644 index 00000000..9ce0ad87 --- /dev/null +++ b/modules/sudo/files/per-host/morales.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +# local admins +bzed ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/mundy.debian.org/sudoers b/modules/sudo/files/per-host/mundy.debian.org/sudoers new file mode 100644 index 00000000..a64cd973 --- /dev/null +++ b/modules/sudo/files/per-host/mundy.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# HP local admin group +%hpadmins ALL=(ALL) ALL + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/murphy.debian.org/sudoers b/modules/sudo/files/per-host/murphy.debian.org/sudoers new file mode 100644 index 00000000..ae73896c --- /dev/null +++ b/modules/sudo/files/per-host/murphy.debian.org/sudoers @@ -0,0 +1,33 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/paer.debian.org/sudoers b/modules/sudo/files/per-host/paer.debian.org/sudoers new file mode 100644 index 00000000..ea1f1668 --- /dev/null +++ b/modules/sudo/files/per-host/paer.debian.org/sudoers @@ -0,0 +1,33 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/penalosa.debian.org/sudoers b/modules/sudo/files/per-host/penalosa.debian.org/sudoers new file mode 100644 index 00000000..984f2381 --- /dev/null +++ b/modules/sudo/files/per-host/penalosa.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%hpadmins ALL=(ALL) ALL + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/pergolesi.debian.org/sudoers b/modules/sudo/files/per-host/pergolesi.debian.org/sudoers new file mode 100644 index 00000000..00479707 --- /dev/null +++ b/modules/sudo/files/per-host/pergolesi.debian.org/sudoers @@ -0,0 +1,29 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Debian Admin +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + diff --git a/modules/sudo/files/per-host/peri.debian.org/sudoers b/modules/sudo/files/per-host/peri.debian.org/sudoers new file mode 100644 index 00000000..d19df61f --- /dev/null +++ b/modules/sudo/files/per-host/peri.debian.org/sudoers @@ -0,0 +1,33 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +#Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%hpadmins ALL=(ALL) ALL + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/pescetti.debian.org/sudoers b/modules/sudo/files/per-host/pescetti.debian.org/sudoers new file mode 100644 index 00000000..b3df1d57 --- /dev/null +++ b/modules/sudo/files/per-host/pescetti.debian.org/sudoers @@ -0,0 +1,29 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/piatti.debian.org/sudoers b/modules/sudo/files/per-host/piatti.debian.org/sudoers new file mode 100644 index 00000000..ba2ea8dd --- /dev/null +++ b/modules/sudo/files/per-host/piatti.debian.org/sudoers @@ -0,0 +1,46 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# The piuparts slave needs to handle chroots +piupartss ALL=(ALL) NOPASSWD: ALL + +#piuparts admins +%piuparts ALL=(piupartss) ALL +%piuparts ALL=(piupartsm) ALL + +%mirroradm ALL=(archvsync) ALL +%uddadm ALL=(udd) ALL +%debbugs ALL=(debbugs) ALL +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/powell.debian.org/sudoers b/modules/sudo/files/per-host/powell.debian.org/sudoers new file mode 100644 index 00000000..6b12d19f --- /dev/null +++ b/modules/sudo/files/per-host/powell.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Debian-admin +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%pkg_maint ALL=(pkg_user) ALL +%mirroradm ALL=(archvsync) ALL +pkg_user ALL=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none +nagios ALL=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info diff --git a/modules/sudo/files/per-host/praetorius.debian.org/sudoers b/modules/sudo/files/per-host/praetorius.debian.org/sudoers new file mode 100644 index 00000000..c6db236a --- /dev/null +++ b/modules/sudo/files/per-host/praetorius.debian.org/sudoers @@ -0,0 +1,37 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# Defaults +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/puccini.debian.org/sudoers b/modules/sudo/files/per-host/puccini.debian.org/sudoers new file mode 100644 index 00000000..de6a8499 --- /dev/null +++ b/modules/sudo/files/per-host/puccini.debian.org/sudoers @@ -0,0 +1,38 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none +nagios ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status diff --git a/modules/sudo/files/per-host/raff.debian.org/sudoers b/modules/sudo/files/per-host/raff.debian.org/sudoers new file mode 100644 index 00000000..f55aefaa --- /dev/null +++ b/modules/sudo/files/per-host/raff.debian.org/sudoers @@ -0,0 +1,45 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# HP local admin group +%hpadmins ALL=(ALL) ALL + +%debadmin ALL=(dak) ALL +%keyring ALL=(keyring) ALL +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + +# buildd +%buildd ALL=(buildd) ALL +%wbadm ALL=(wbadm) ALL +%wbadm ALL=(root) /usr/local/bin/update-buildd-sshkeys + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/ravel.debian.org/sudoers b/modules/sudo/files/per-host/ravel.debian.org/sudoers new file mode 100644 index 00000000..e0178852 --- /dev/null +++ b/modules/sudo/files/per-host/ravel.debian.org/sudoers @@ -0,0 +1,39 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL +%debadmin ALL=(dak) ALL +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update +%d-i ALL=(d-i) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + diff --git a/modules/sudo/files/per-host/rem.debian.org/sudoers b/modules/sudo/files/per-host/rem.debian.org/sudoers new file mode 100644 index 00000000..88a69988 --- /dev/null +++ b/modules/sudo/files/per-host/rem.debian.org/sudoers @@ -0,0 +1,30 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/ries.debian.org/sudoers b/modules/sudo/files/per-host/ries.debian.org/sudoers new file mode 100644 index 00000000..a7a14851 --- /dev/null +++ b/modules/sudo/files/per-host/ries.debian.org/sudoers @@ -0,0 +1,53 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# ftp-master +%debadmin ALL=(dak) NOPASSWD: ALL, (root) NOPASSWD: /bin/su - dak +%debadmin ALL=(archvsync) ALL + +# dak: +dak ALL=(archvsync) NOPASSWD:/home/archvsync/runmirrors +# per joerg's request (#rt627) -- weasel 20080418 +%debian-release ALL=(dak) /usr/local/bin/dak transitions --import * +%ftpteam ALL=(dak) /usr/local/bin/dak transitions --import * + + +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update +%mirroradm ALL=(archvsync) ALL +%debian-release ALL=(release) ALL + + + + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/rietz.debian.org/sudoers b/modules/sudo/files/per-host/rietz.debian.org/sudoers new file mode 100644 index 00000000..9684fec5 --- /dev/null +++ b/modules/sudo/files/per-host/rietz.debian.org/sudoers @@ -0,0 +1,37 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%debbugs ALL=(debbugs) ALL +%mirroradm ALL=(archvsync) ALL +%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update + + +nagios ALL=(root) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/rore.debian.org/sudoers b/modules/sudo/files/per-host/rore.debian.org/sudoers new file mode 100644 index 00000000..9f0215f8 --- /dev/null +++ b/modules/sudo/files/per-host/rore.debian.org/sudoers @@ -0,0 +1,37 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status diff --git a/modules/sudo/files/per-host/saens.debian.org/sudoers b/modules/sudo/files/per-host/saens.debian.org/sudoers new file mode 100644 index 00000000..052539f9 --- /dev/null +++ b/modules/sudo/files/per-host/saens.debian.org/sudoers @@ -0,0 +1,40 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Local Admins +sdier ALL=ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# allow the mirroradm group to mess with the sync scripts and stuff +# weasel, Tue, 13 Nov 2007 17:22:51 +0100, rt#180 +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/samosa.debian.org/sudoers b/modules/sudo/files/per-host/samosa.debian.org/sudoers new file mode 100644 index 00000000..fcf142f2 --- /dev/null +++ b/modules/sudo/files/per-host/samosa.debian.org/sudoers @@ -0,0 +1,38 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# HP local admin group +%hpadmins ALL=(ALL) ALL + +# dns-update calls "sudo /etc/init.d/bind9 reload" +%dnsadmin ALL=(root) NOPASSWD: /etc/init.d/bind9 reload +%adm ALL=(root) NOPASSWD: /etc/init.d/bind9 reload + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/schein.debian.org/sudoers b/modules/sudo/files/per-host/schein.debian.org/sudoers new file mode 100644 index 00000000..8097209c --- /dev/null +++ b/modules/sudo/files/per-host/schein.debian.org/sudoers @@ -0,0 +1,40 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/schroeder.debian.org/sudoers b/modules/sudo/files/per-host/schroeder.debian.org/sudoers new file mode 100644 index 00000000..3b32a908 --- /dev/null +++ b/modules/sudo/files/per-host/schroeder.debian.org/sudoers @@ -0,0 +1,34 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/schumann.debian.org/sudoers b/modules/sudo/files/per-host/schumann.debian.org/sudoers new file mode 100644 index 00000000..10cb0bad --- /dev/null +++ b/modules/sudo/files/per-host/schumann.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + +%debadmin ALL=(dak) ALL +dak ALL=(archvsync) NOPASSWD:/home/archvsync/bin/runmirrors, NOPASSWD:/home/archvsync/signal_security diff --git a/modules/sudo/files/per-host/smetana.debian.org/sudoers b/modules/sudo/files/per-host/smetana.debian.org/sudoers new file mode 100644 index 00000000..55be204e --- /dev/null +++ b/modules/sudo/files/per-host/smetana.debian.org/sudoers @@ -0,0 +1,31 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +# local admin +%sanger ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/sperger.debian.org/sudoers b/modules/sudo/files/per-host/sperger.debian.org/sudoers new file mode 100644 index 00000000..0fac1d87 --- /dev/null +++ b/modules/sudo/files/per-host/sperger.debian.org/sudoers @@ -0,0 +1,34 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +# local admin +bzed ALL=(ALL) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + diff --git a/modules/sudo/files/per-host/spohr.debian.org/sudoers b/modules/sudo/files/per-host/spohr.debian.org/sudoers new file mode 100644 index 00000000..3906f452 --- /dev/null +++ b/modules/sudo/files/per-host/spohr.debian.org/sudoers @@ -0,0 +1,33 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/spontini.debian.org/sudoers b/modules/sudo/files/per-host/spontini.debian.org/sudoers new file mode 100644 index 00000000..5a9a315d --- /dev/null +++ b/modules/sudo/files/per-host/spontini.debian.org/sudoers @@ -0,0 +1,30 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=NOPASSWD: ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/steffani.debian.org/sudoers b/modules/sudo/files/per-host/steffani.debian.org/sudoers new file mode 100644 index 00000000..32cbff51 --- /dev/null +++ b/modules/sudo/files/per-host/steffani.debian.org/sudoers @@ -0,0 +1,29 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/tartini.debian.org/sudoers b/modules/sudo/files/per-host/tartini.debian.org/sudoers new file mode 100644 index 00000000..b64a3c30 --- /dev/null +++ b/modules/sudo/files/per-host/tartini.debian.org/sudoers @@ -0,0 +1,24 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +jeroen ALL=(ALL) ALL + +%forums ALL=(forums) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/unger.debian.org/sudoers b/modules/sudo/files/per-host/unger.debian.org/sudoers new file mode 100644 index 00000000..992dc4aa --- /dev/null +++ b/modules/sudo/files/per-host/unger.debian.org/sudoers @@ -0,0 +1,42 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + +# to babylon5 +joerg ALL=(ALL) /usr/bin/sispmctl -t 1 +joerg ALL=(ALL) /usr/bin/sispmctl -g 1 diff --git a/modules/sudo/files/per-host/verdi.debian.org/sudoers b/modules/sudo/files/per-host/verdi.debian.org/sudoers new file mode 100644 index 00000000..659f8adc --- /dev/null +++ b/modules/sudo/files/per-host/verdi.debian.org/sudoers @@ -0,0 +1,28 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%volatile ALL=(volatile) ALL +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/villa.debian.org/sudoers b/modules/sudo/files/per-host/villa.debian.org/sudoers new file mode 100644 index 00000000..ff5e7875 --- /dev/null +++ b/modules/sudo/files/per-host/villa.debian.org/sudoers @@ -0,0 +1,33 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show +nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/voltaire.debian.org/sudoers b/modules/sudo/files/per-host/voltaire.debian.org/sudoers new file mode 100644 index 00000000..0b0743bc --- /dev/null +++ b/modules/sudo/files/per-host/voltaire.debian.org/sudoers @@ -0,0 +1,35 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +#Defaults secure_path="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# DSA +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +# buildd +#archvsync ALL=(ALL) NOPASSWD : /usr/local/bin/update-chroots +Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" +buildd ALL=(ALL) NOPASSWD : ALL +%buildd ALL=(buildd) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/widor.debian.org/sudoers b/modules/sudo/files/per-host/widor.debian.org/sudoers new file mode 100644 index 00000000..0500460e --- /dev/null +++ b/modules/sudo/files/per-host/widor.debian.org/sudoers @@ -0,0 +1,34 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# Uncomment to allow members of group sudo to not need a password +# (Note that later entries override this, so you might need to move +# it further down) +# %sudo ALL=NOPASSWD: ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%wikiadm ALL=(wiki) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none + diff --git a/modules/sudo/files/per-host/wieck.debian.org/sudoers b/modules/sudo/files/per-host/wieck.debian.org/sudoers new file mode 100644 index 00000000..eb124c11 --- /dev/null +++ b/modules/sudo/files/per-host/wieck.debian.org/sudoers @@ -0,0 +1,29 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none + +%mirroradm ALL=(archvsync) ALL + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/files/per-host/zelenka.debian.org/sudoers b/modules/sudo/files/per-host/zelenka.debian.org/sudoers new file mode 100644 index 00000000..fd9f4de2 --- /dev/null +++ b/modules/sudo/files/per-host/zelenka.debian.org/sudoers @@ -0,0 +1,32 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# /etc/sudoers +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the man page for details on how to write a sudoers file. +# + +Defaults env_reset + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL) ALL + +# local folks +%zivit-admins ALL= NOPASSWD: ALL + +%adm ALL=(ALL) ALL +%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none +%adm ALL=(ALL) NOPASSWD: /usr/sbin/upgrade-porter-chroots + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" +nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp new file mode 100644 index 00000000..d6705dd2 --- /dev/null +++ b/modules/sudo/manifests/init.pp @@ -0,0 +1,12 @@ +class sudo { + package { sudo: ensure => installed } + + file { "/etc/sudoers": + owner => root, + group => root, + mode => 440, + source => [ "puppet:///sudo/per-host/$fqdn/sudoers", + "puppet:///sudo/common/sudoers" ], + require => Package["sudo"], + } +}