[Labs-l] Passwordless sudo on all instances
Andrew Bogott
abogott at wikimedia.org
Fri Jan 25 01:27:10 UTC 2013
I've just made a few changes to the way sudo is handled in labs. Most
users will only notice the first one:
1) Password-free: anyone who had sudo rights before will still have
them, but now sudo commands will execute immediately without first
prompting for a password.
2) Default policies: Newly created projects will automatically have a
permissive sudo policy that provides sudo rights for all project members
and all commands.
3) No more 'ALL' users: The user group named 'ALL' has been replaced
by the slightly-more-secure 'All project members.'
If you are a project sysadmin and find #1 alarming, it's easy to turn
passwords back on. Visit
https://labsconsole.wikimedia.org/wiki/Special:NovaSudoer --
passwordless sudo is reflected by the "!authenticate" option. To
require passwords for a given policy, click the 'modify' link and then
check the 'require authentication' box on the following page.
Please let me know if you find any breakage with these changes!
-Andrew
More information about the Labs-l
mailing list