Dzahn has submitted this change and it was merged.
Change subject: admin: fix sudo rules for phab admin, auth strip
......................................................................
admin: fix sudo rules for phab admin, auth strip
A phabricator admin needs to run commands like:
/srv/phab/phabricator/bin/auth strip --user aklapper --all-types
Here, "aklapper" is a Phabricator username not a shell user.
So the user name must be flexible, we re-arrange options to be
able to use a wildcard.
This is making it more restricted than just allowing any "auth"
thing besides just "strip".
Bug:T113124
Change-Id: I393fdc83a128e0cdd75c4ee603cf972b46400a68
---
M modules/admin/data/data.yaml
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 7bfa875..82d0d0d 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -308,7 +308,7 @@
'ALL = NOPASSWD: /srv/phab/phabricator/bin/repository',
'ALL = NOPASSWD: /srv/phab/phabricator/bin/phd',
'ALL = NOPASSWD: /srv/phab/phabricator/bin/worker',
- 'ALL = NOPASSWD: /srv/phab/phabricator/auth strip']
+ 'ALL = NOPASSWD: /srv/phab/phabricator/auth strip --all-types
--user *']
zotero-admin:
gid: 747
description: group of zotero admins
--
To view, visit https://gerrit.wikimedia.org/r/244214
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I393fdc83a128e0cdd75c4ee603cf972b46400a68
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Aklapper <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Rush <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
