Nigel Jones wrote:
On Wed, 2008-08-27 at 21:52 -0700, Jesse Keating wrote:
On Wed, 2008-08-27 at 21:44 -0700, Jesse Keating wrote:
Comments?
One comment just made on IRC by G:

<G> f13: can't be allow masher to sudo to ftpsync and run a sync
command?

G = $me :)
We would have to allow masher to sudo with no password in order to run
the rsync command.  I'm not sure how far we can narrow it down since the
rsync source changes each day, only the dest (and other options) remain
the same.
Why not something like:

sudo /usr/local/bin/rawhideftpsync.sh <random bit>
that runs: rsync ...<normal path>.<random bit> ...

Just a thought.

You could configure sudoers to allow the masher user to only be able to execute whatever it sudo's as the ftpsync user:

masher hostname.domain.tld=(ftpsync) NOPASSWD: rsync $rsync_opts foo.<wildcardmatch-source> bar

Does that narrow it down sufficiently?

Kind regards,

Jeroen van Meeuwen
-kanarip

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

Reply via email to