[Labs-l] Per-project sudo, managed via labsconsole
Ben Hartshorne
bhartshorne at wikimedia.org
Wed May 2 18:18:38 UTC 2012
On Mon, Apr 23, 2012 at 3:06 PM, Ryan Lane <rlane32 at gmail.com> wrote:
> I've recently added support for managing sudo policies in LDAP in a
> per-project manner via labsconsole. In the sidebar, there's a "Manage
> sudo policies" link. If you are a sysadmin in a project, you can
> modify the sudo policies for that project. A sudo policy, in this
> context, lets you define:
>
> 1. Sudo users: the users a policy applies to
> 2. Sudo hosts: the instances a policy applies to
> 3. Sudo commands: the commands the specified users are allowed to run
> on the specified hosts
> 4. Sudo options: options to modify sudo's behavior
>
> When projects are created, they are also created with a default policy:
>
> 1. Sudo users: ALL
> 2. Sudo hosts: ALL
> 3. Sudo commands: ALL
> 4. Sudo options: (none)
>
What would you think of adding NOPASSWD to the default list of options?
-ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20120502/346c91a9/attachment.html>
More information about the Labs-l
mailing list