20after4 has uploaded a new change for review. https://gerrit.wikimedia.org/r/322781
Change subject: Allow aklapper to `sudo -E` phabricator admin utilities ...................................................................... Allow aklapper to `sudo -E` phabricator admin utilities Due to changes from T146055, Phabricator now requires that the environment variable PHABRICATOR_ENV is set when running any phabricator cli tools. @aklapper has sudoers rules to allow him to use some of the admin tools, however, preserve_environment (`sudo -E`) is not enabled: ``` aklapper@iridium:~$ export PHABRICATOR_ENV=phd aklapper@iridium:~$ sudo -E /srv/phab/phabricator/bin/remove destroy F4740754 sudo: sorry, you are not allowed to preserve the environment ``` This change should allow sudo -E. Bug: T151148 Change-Id: I7e714fbbcabf5228704e73ac5b640ece7e3cd5f1 --- M modules/admin/data/data.yaml 1 file changed, 8 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/81/322781/1 diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml index 7d4ef8d..cbf4cf0 100644 --- a/modules/admin/data/data.yaml +++ b/modules/admin/data/data.yaml @@ -292,14 +292,14 @@ * Delete users (e.g. unverified accounts due to wrong email address) * Delete files (e.g. copyright violations) members: [aklapper] - privileges: ['ALL = NOPASSWD: /srv/phab/phabricator/bin/remove destroy F*', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/remove destroy r*', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/remove destroy @*', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/repository', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/phd', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/policy', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/worker', - 'ALL = NOPASSWD: /srv/phab/phabricator/bin/auth strip --all-types --user *'] + privileges: ['ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/remove destroy F*', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/remove destroy r*', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/remove destroy @*', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/repository', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/phd', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/policy', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/worker', + 'ALL = NOPASSWD:SETENV: /srv/phab/phabricator/bin/auth strip --all-types --user *'] zotero-admin: gid: 747 description: group of zotero admins -- To view, visit https://gerrit.wikimedia.org/r/322781 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7e714fbbcabf5228704e73ac5b640ece7e3cd5f1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: 20after4 <mmod...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits