Hello Andrew Bogott, Alex Monk, Madhuvishy, Chasemp, Yuvipanda, I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/339832 to review the following change. Change subject: Do not create sudo policies for chown ("-chmod") ...................................................................... Do not create sudo policies for chown ("-chmod") Initially on Tool Labs users were supposed to fix ownership issues in the home directories of their tools by executing: | sudo /bin/chown -R tools.$TOOL:tools.$TOOL /data/project/$TOOL This usage was never promoted and so did not catch on, but was replaced by the utility take(1) which allows tool accounts to assume ownership of files in their home directories if they share a group with the files. This change thus removes the creation of the unpromoted and unused sudo policies. After merging, existing sudo policies "tools.$TOOL-chmod" can be removed manually. Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a --- M nova/OpenStackNovaServiceGroup.php 1 file changed, 0 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager refs/changes/32/339832/1 diff --git a/nova/OpenStackNovaServiceGroup.php b/nova/OpenStackNovaServiceGroup.php index d1d18dc..f8404de 100644 --- a/nova/OpenStackNovaServiceGroup.php +++ b/nova/OpenStackNovaServiceGroup.php @@ -353,20 +353,6 @@ return null; } - # Create Sudo policy so that the service user can chown files in its homedir - if ( OpenStackNovaSudoer::createSudoer( $groupName . '-chmod', - $project->getProjectName(), - array( $groupName ), - array(), - array( '/bin/chown -R ' . $groupName . '\:' . $groupName . ' ' . $homeDir ), - array( '!authenticate' ) ) ) { - $ldap->printDebug( "Successfully created chmod sudo policy for $groupName", - NONSENSITIVE ); - } else { - $ldap->printDebug( "Failed to creat chmod sudo policy for $groupName", - NONSENSITIVE ); - } - # Create Sudo policy so that members of the group can sudo as the service user if ( OpenStackNovaSudoer::createSudoer( 'runas-' . $groupName, $project->getProjectName(), -- To view, visit https://gerrit.wikimedia.org/r/339832 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OpenStackManager Gerrit-Branch: master Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de> Gerrit-Reviewer: Alex Monk <kren...@gmail.com> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Chasemp <r...@wikimedia.org> Gerrit-Reviewer: Madhuvishy <mviswanat...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits