[MediaWiki-commits] [Gerrit] mediawiki...OpenStackManager[master]: Do not create sudo policies for chown ("-chmod")
jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/339832 ) Change subject: Do not create sudo policies for chown ("-chmod") .. Do not create sudo policies for chown ("-chmod") Initially on Tool Labs users were supposed to fix ownership issues in the home directories of their tools by executing: | sudo /bin/chown -R tools.$TOOL:tools.$TOOL /data/project/$TOOL This usage was never promoted and so did not catch on, but was replaced by the utility take(1) which allows tool accounts to assume ownership of files in their home directories if they share a group with the files. This change thus removes the creation of the unpromoted and unused sudo policies. After merging, existing sudo policies "tools.$TOOL-chmod" can be removed manually. Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a --- M nova/OpenStackNovaServiceGroup.php 1 file changed, 0 insertions(+), 14 deletions(-) Approvals: BryanDavis: Looks good to me, approved jenkins-bot: Verified diff --git a/nova/OpenStackNovaServiceGroup.php b/nova/OpenStackNovaServiceGroup.php index d1d18dc..f8404de 100644 --- a/nova/OpenStackNovaServiceGroup.php +++ b/nova/OpenStackNovaServiceGroup.php @@ -353,20 +353,6 @@ return null; } - # Create Sudo policy so that the service user can chown files in its homedir - if ( OpenStackNovaSudoer::createSudoer( $groupName . '-chmod', - $project->getProjectName(), - array( $groupName ), - array(), - array( '/bin/chown -R ' . $groupName . '\:' . $groupName . ' ' . $homeDir ), - array( '!authenticate' ) ) ) { - $ldap->printDebug( "Successfully created chmod sudo policy for $groupName", - NONSENSITIVE ); - } else { - $ldap->printDebug( "Failed to creat chmod sudo policy for $groupName", - NONSENSITIVE ); - } - # Create Sudo policy so that members of the group can sudo as the service user if ( OpenStackNovaSudoer::createSudoer( 'runas-' . $groupName, $project->getProjectName(), -- To view, visit https://gerrit.wikimedia.org/r/339832 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/extensions/OpenStackManager Gerrit-Branch: master Gerrit-Owner: Tim LandscheidtGerrit-Reviewer: Alex Monk Gerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: BryanDavis Gerrit-Reviewer: Chasemp Gerrit-Reviewer: Madhuvishy Gerrit-Reviewer: Tim Landscheidt Gerrit-Reviewer: Yuvipanda Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki...OpenStackManager[master]: Do not create sudo policies for chown ("-chmod")
Hello Andrew Bogott, Alex Monk, Madhuvishy, Chasemp, Yuvipanda, I'd like you to do a code review. Please visit https://gerrit.wikimedia.org/r/339832 to review the following change. Change subject: Do not create sudo policies for chown ("-chmod") .. Do not create sudo policies for chown ("-chmod") Initially on Tool Labs users were supposed to fix ownership issues in the home directories of their tools by executing: | sudo /bin/chown -R tools.$TOOL:tools.$TOOL /data/project/$TOOL This usage was never promoted and so did not catch on, but was replaced by the utility take(1) which allows tool accounts to assume ownership of files in their home directories if they share a group with the files. This change thus removes the creation of the unpromoted and unused sudo policies. After merging, existing sudo policies "tools.$TOOL-chmod" can be removed manually. Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a --- M nova/OpenStackNovaServiceGroup.php 1 file changed, 0 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager refs/changes/32/339832/1 diff --git a/nova/OpenStackNovaServiceGroup.php b/nova/OpenStackNovaServiceGroup.php index d1d18dc..f8404de 100644 --- a/nova/OpenStackNovaServiceGroup.php +++ b/nova/OpenStackNovaServiceGroup.php @@ -353,20 +353,6 @@ return null; } - # Create Sudo policy so that the service user can chown files in its homedir - if ( OpenStackNovaSudoer::createSudoer( $groupName . '-chmod', - $project->getProjectName(), - array( $groupName ), - array(), - array( '/bin/chown -R ' . $groupName . '\:' . $groupName . ' ' . $homeDir ), - array( '!authenticate' ) ) ) { - $ldap->printDebug( "Successfully created chmod sudo policy for $groupName", - NONSENSITIVE ); - } else { - $ldap->printDebug( "Failed to creat chmod sudo policy for $groupName", - NONSENSITIVE ); - } - # Create Sudo policy so that members of the group can sudo as the service user if ( OpenStackNovaSudoer::createSudoer( 'runas-' . $groupName, $project->getProjectName(), -- To view, visit https://gerrit.wikimedia.org/r/339832 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OpenStackManager Gerrit-Branch: master Gerrit-Owner: Tim LandscheidtGerrit-Reviewer: Alex Monk Gerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: Chasemp Gerrit-Reviewer: Madhuvishy Gerrit-Reviewer: Yuvipanda ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits