Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/244214
Change subject: admin: fix sudo rules for phab admin, auth strip
......................................................................
admin: fix sudo rules for phab admin, auth strip
A phabricator admin needs to run commands like:
/srv/phab/phabricator/bin/auth strip --user aklapper --all-types
Here, "aklapper" is a Phabricator username not a shell user.
So the user name must be flexible, we re-arrange options to be
able to use a wildcard.
This is making it more restricted than just allowing any "auth"
thing besides just "strip".
Bug:T113124
Change-Id: I393fdc83a128e0cdd75c4ee603cf972b46400a68
---
M modules/admin/data/data.yaml
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/14/244214/1
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 7bfa875..82d0d0d 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -308,7 +308,7 @@
'ALL = NOPASSWD: /srv/phab/phabricator/bin/repository',
'ALL = NOPASSWD: /srv/phab/phabricator/bin/phd',
'ALL = NOPASSWD: /srv/phab/phabricator/bin/worker',
- 'ALL = NOPASSWD: /srv/phab/phabricator/auth strip']
+ 'ALL = NOPASSWD: /srv/phab/phabricator/auth strip --all-types
--user *']
zotero-admin:
gid: 747
description: group of zotero admins
--
To view, visit https://gerrit.wikimedia.org/r/244214
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I393fdc83a128e0cdd75c4ee603cf972b46400a68
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
