]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - modules/sudo/files/sudoers
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
do not run an authority on draghi
[dsa-puppet.git] / modules / sudo / files / sudoers
diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 27fbfc32f8b8d6e6caa03b0d63c704e47924cb47..71b72452af9296d888c2bfc5e64fdef55ec65434 100644 (file)
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -128,6 +128,8 @@ nagios              beethoven,backuphost=(debbackup)        NOPASSWD: /usr/lib/nagios/plugins/dsa-c
 # the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
 %ftptrainee    FTPHOSTS=(dak-unpriv)   NOPASSWD: /usr/bin/lintian
 dak            ALL=(dak-unpriv)        NOPASSWD: ALL
+# and ftpmaster can access the role user for their web services
+%debadmin      FTPHOSTS=(dak-web)      ALL
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
 %apachectrl    ALL=(root)      /usr/sbin/apache2-vhost-update
@@ -153,10 +155,9 @@ debwww             wolkenstein=(staticsync)        NOPASSWD: /usr/local/bin/static-update-componen
 piupartss      PIUPARTS_SLAVE_HOSTS=(ALL)              NOPASSWD: ALL
 # trigger of mirror run for packages
 #pkg_user      powell=(archvsync)      NOPASSWD: /home/archvsync/bin/pushpdo
-# on draghi, the domains git thing will run bind9 reload afterwards
 dnsadm         denis=(root)                    NOPASSWD: /usr/sbin/service bind9 reload
-%dnsadm                draghi,orff=(root)              NOPASSWD: /etc/init.d/bind9 reload
-%dnsadm                draghi,orff=(geodnssync)        NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
+%dnsadm                orff=(root)             NOPASSWD: /etc/init.d/bind9 reload
+%dnsadm                orff=(geodnssync)       NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
 %adm           draghi=(puppet)                 NOPASSWD: /usr/bin/make -s -C /srv/db.debian.org/var/gitnagios/dsa-nagios/config install
 # wbadm can update all buildd* users' keys on buildd.d.o
 %wbadm         BUILDD_MASTER=(wb-buildd)       ALL
@@ -182,6 +183,7 @@ debwww              WEBHOSTS=(archvsync)    NOPASSWD: /home/archvsync/webmirrors/runmirrors
 %press         WEBHOSTS=(debwww)       /srv/www.debian.org/update-part News
 # more list stuff
 %list          LISTHOSTS=(root)                /usr/sbin/postfix reload
+%list          stockhausen=(root)              /usr/sbin/service jetty restart
 %list          LISTHOSTS=(root)                /usr/sbin/qshape, /usr/sbin/postsuper
 %list          LISTHOSTS=(root)                /etc/init.d/spamassassin, /etc/init.d/amavis
 %list          LISTHOSTS=(amavis)              NOPASSWD: /usr/bin/sa-learn
Unnamed repository; edit this file 'description' to name the repository.