X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=blobdiff_plain;f=modules%2Fsudo%2Ffiles%2Fsudoers;h=780eb11bfb2fe8614d2a84e28119341ef89f1523;hp=73e504ab41b6b8d5deefb9f58c20cbdde59d47f4;hb=b77434dd8426d362d9109281022d9239fd1bdcd9;hpb=ce8d2c8bd3204fb16214604785f755e8870367b6 diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 73e504ab..780eb11b 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -27,13 +27,12 @@ Host_Alias WEBHOSTS = wolkenstein Host_Alias SECHOSTS = chopin Host_Alias FTPHOSTS = franck Host_Alias ZIVITHOSTS = zelenka, zandonai -Host_Alias AACRAIDHOSTS = respighi, beethoven, pettersson +Host_Alias AACRAIDHOSTS = beethoven, pettersson Host_Alias MEGARAIDHOSTS = rautavaara, sibelius -Host_Alias MPTRAIDHOSTS = barber, biber, vitry Host_Alias MEGACTLHOSTS = nielsen Host_Alias LISTHOSTS = bendel Host_Alias BUILDD_MASTER = wuiet -Host_Alias PORTERBOXES = abel, barriere, eder, falla, fischer, gabrielli, harris, merulo, partch, smetana, zelenka +Host_Alias PORTERBOXES = abel, asachi, barriere, eder, falla, fischer, gabrielli, harris, merulo, partch, smetana, zelenka Host_Alias PIUPARTS_SLAVE_HOSTS = piu-slave-bm-a Host_Alias MQ_HOSTS = rainier, rapoport Host_Alias NOVAHOSTS = oyens, bm-bl9, bm-bl10, bm-bl11, bm-bl12 @@ -72,17 +71,17 @@ nagios franck=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E # other raid controllers nagios powell=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status -nagios MPTRAIDHOSTS=(ALL) NOPASSWD: /usr/sbin/mpt-status -s nagios AACRAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD nagios MEGARAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog, /usr/local/bin/megarc -dispCfg -a0 -nolog nagios MEGACTLHOSTS=(ALL) NOPASSWD: /usr/sbin/megactl -Hv # other nagios things -nagios beethoven,backuphost=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg "" +nagios backuphost,storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg "" # groups and their role accounts %auditor ALL=(accounting) ALL %backports ALL=(backports) ALL %blends ALL=(blends) ALL +%btslink ALL=(btslink) ALL %buildd ALL=(buildd) ALL %codesearch ALL=(codesearch) ALL %d-i ALL=(d-i) ALL @@ -98,9 +97,11 @@ nagios beethoven,backuphost=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-c %debtags ALL=(debtags) ALL %debwww ALL=(debwww) ALL %dedup ALL=(dedup) ALL -%btslink ALL=(btslink) ALL +%dgit ALL=(dgit) ALL %emdebian ALL=(emdebian) ALL %forums ALL=(forums) ALL +%httpredir ALL=(httpredir) ALL +%httpredir ALL=(httpredir-app) ALL %keyring ALL=(keyring) ALL %lintian ALL=(lintian) ALL %listweb ALL=(listweb) ALL @@ -126,6 +127,7 @@ nagios beethoven,backuphost=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-c %uddadm ALL=(udd) ALL %volatile ALL=(volatile) ALL %wbadm ALL=(wbadm) ALL +%wbadm-ports ALL=(wbadm-ports) ALL %mujeres ALL=(women) ALL %wikiadm ALL=(wiki,wikiweb) ALL %qa-core ALL=(qa) ALL @@ -139,6 +141,9 @@ dak ALL=(dak-unpriv) NOPASSWD: ALL # and ftpmaster can access the role user for their web services %debadmin FTPHOSTS=(dak-web) ALL +# the httpredir role use can run things as httpredir-app +httpredir ALL=(httpredir-app) NOPASSWD: ALL + # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost %apachectrl ALL=(root) /usr/sbin/apache2-vhost-update @@ -149,7 +154,9 @@ buildd ALL=(ALL) NOPASSWD: ALL %backports franck,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org +lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org +dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org %debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org %webwml master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component network-test.debian.org @@ -161,6 +168,8 @@ debwww wolkenstein=(staticsync) NOPASSWD: /usr/local/bin/static-update-componen %ports dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component www.ports.debian.org %debvoip dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component rtc.debian.org %security dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component security-team.debian.org +%lintian lilburn=(staticsync) NOPASSWD: /usr/local/bin/static-update-component lintian.debian.org +%lintian lindsay=(staticsync) NOPASSWD: /usr/local/bin/static-update-component lintian.debian.org # The piuparts slave needs to handle chroots piupartss PIUPARTS_SLAVE_HOSTS=(ALL) NOPASSWD: ALL @@ -176,8 +185,8 @@ dnsadm denis=(root) NOPASSWD: /usr/sbin/service bind9 reload dak FTPHOSTS,SECHOSTS=(archvsync) NOPASSWD:/home/archvsync/runmirrors dak franck=(backports) NOPASSWD: /home/backports/bin/update-archive # archvsync triggers snapshot -archvsync sibelius,stabile=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger -archvsync sibelius,stabile=(snapshot) NOPASSWD: /srv/2ndsnapshot/bin/update-trigger +archvsync sibelius=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger +archvsync sibelius=(snapshot) NOPASSWD: /srv/2ndsnapshot/bin/update-trigger # dak stuff %debian-release FTPHOSTS=(dak) /usr/local/bin/dak transitions --import * %ftpteam FTPHOSTS=(dak) /usr/local/bin/dak transitions --import * @@ -189,6 +198,7 @@ dak SECHOSTS=(archvsync) NOPASSWD: /home/archvsync/signal_security # web stuff debwww WEBHOSTS=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors %press WEBHOSTS=(debwww) /srv/www.debian.org/update-part News +%debvote WEBHOSTS=(debwww) /srv/www.debian.org/update-part vote # more list stuff %list LISTHOSTS=(root) /usr/sbin/postfix reload %list stockhausen=(root) /usr/sbin/service jetty restart