[Labs-l] Passwordless sudo on all instances

[Patrick Reilly]

Great work Andrew!

— Patrick

On Thu, Jan 24, 2013 at 6:22 PM, Ryan Lane <rlane at wikimedia.org> wrote:

> This is really awesome. Great work Andrew!
>
>
> On Thu, Jan 24, 2013 at 5:27 PM, Andrew Bogott <abogott at wikimedia.org>wrote:
>
>> I've just made a few changes to the way sudo is handled in labs. Most
>> users will only notice the first one:
>>
>> 1)  Password-free:  anyone who had sudo rights before will still have
>> them, but now sudo commands will execute immediately without first
>> prompting for a password.
>>
>> 2)  Default policies:  Newly created projects will automatically have a
>> permissive sudo policy that provides sudo rights for all project members
>> and all commands.
>>
>> 3)  No more 'ALL' users:  The user group named 'ALL' has been replaced by
>> the slightly-more-secure 'All project members.'
>>
>> If you are a project sysadmin and find #1 alarming, it's easy to turn
>> passwords back on.  Visit https://labsconsole.wikimedia.**
>> org/wiki/Special:NovaSudoer<https://labsconsole.wikimedia.org/wiki/Special:NovaSudoer>-- passwordless sudo is reflected by the "!authenticate" option.  To
>> require passwords for a given policy, click the 'modify' link and then
>> check the 'require authentication' box on the following page.
>>
>> Please let me know if you find any breakage with these changes!
>>
>> -Andrew
>>
>>
>> ______________________________**_________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/**mailman/listinfo/labs-l<https://lists.wikimedia.org/mailman/listinfo/labs-l>
>>
>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130124/6d1d16b0/attachment.html>