Dzahn has submitted this change and it was merged.
Change subject: admin: add new sectools-roots admin group
......................................................................
admin: add new sectools-roots admin group
Add a new admin group for root access on (virtual) machines
for running security tools. Will be used for granting access
to members of the security team.
Bug:T138873
Change-Id: I5ac4bf3eabb6670b8ac79bb3ea6543640a2f3f67
---
M modules/admin/data/data.yaml
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
Dpatrick: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index dfc9db3..182b765 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -528,6 +528,11 @@
members: [halfak, ladsgroup]
privileges: ['ALL = NOPASSWD: /usr/sbin/service uwsgi-ores *',
'ALL = NOPASSWD: /usr/sbin/service celery-ores-worker *']
+ sectools-roots:
+ description: root access on servers for security tools
+ gid: 783
+ members: []
+ privileges: ['ALL = (ALL) NOPASSWD: ALL']
users:
rush:
ensure: present
--
To view, visit https://gerrit.wikimedia.org/r/296438
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5ac4bf3eabb6670b8ac79bb3ea6543640a2f3f67
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Dpatrick <dpatr...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
