[MediaWiki-commits] [Gerrit] tools: silence sudo security e-mails - change (operations/puppet)

Yuvipanda (Code Review) Sun, 10 May 2015 13:01:14 -0700

Yuvipanda has submitted this change and it was merged.

Change subject: tools: silence sudo security e-mails
......................................................................



tools: silence sudo security e-mails

These e-mails are basically useless, as we don't use passwords anyway. All
e-mails will therefore just be users running sudo by accident, and we're not
interested in those e-mails.

Bug: T95882
Change-Id: Ieedda05687a29de56326e9c72395c89b924df1f7
---
A modules/toollabs/files/40-tools-sudoers-no-warning
M modules/toollabs/manifests/init.pp
2 files changed, 19 insertions(+), 0 deletions(-)

Approvals:
  Yuvipanda: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/toollabs/files/40-tools-sudoers-no-warning 
b/modules/toollabs/files/40-tools-sudoers-no-warning
new file mode 100644
index 0000000..a2595e4
--- /dev/null
+++ b/modules/toollabs/files/40-tools-sudoers-no-warning
@@ -0,0 +1,10 @@
+# By default, the sudo module doesn't set any options, which means
+# only mail_no_user should be set
+Defaults       !mail_no_user
+
+# In case the defaults change, these are the other options that send e-mail
+Defaults       !mail_always
+Defaults       !mail_badpass
+Defaults       !mail_no_host
+Defaults       !mail_no_perms
+Defaults       !mail_no_user
diff --git a/modules/toollabs/manifests/init.pp 
b/modules/toollabs/manifests/init.pp
index 1cc220b..19979fe 100644
--- a/modules/toollabs/manifests/init.pp
+++ b/modules/toollabs/manifests/init.pp
@@ -198,5 +198,14 @@
         mode   => '0644'
     }
 
+    # Silence e-mails sent when regular users try to sudo (T95882)
+    file { '/etc/sudoers.d/40-tools-sudoers-no-warning':
+        ensure => file,
+        mode   => '0440',
+        owner  => 'root',
+        group  => 'root',
+        source => 'puppet:///modules/toollabs/40-tools-sudoers-no-warning',
+    }
+
     diamond::collector::localcrontab { 'localcrontabcollector': }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/203876
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ieedda05687a29de56326e9c72395c89b924df1f7
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Merlijn van Deen <[email protected]>
Gerrit-Reviewer: Merlijn van Deen <[email protected]>
Gerrit-Reviewer: Tim Landscheidt <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] tools: silence sudo security e-mails - change (operations/puppet)

Reply via email to