Difference: SudoInQuattor (1 vs. 2)

Revision 22008-02-19 - LoicBrarda

Line: 1 to 1
 
META TOPICPARENT name="ManagementWiki"

How to add sudo rights in Quattor

Changed:
<
<
System wide sudo rights are defined in pro-system_lhcb_ux.tpl. New system wide rights should be added there. Other rights should be added either in the host template if it concerns only one host, or in a admin_* template which will be included in hosts concerned.
>
>
System wide sudo rights are defined in pro_system_lhcb_ux.tpl. New system wide rights should be added there. Other rights should be added either in the host template if it concerns only one host, or in a admin_* template which will be included in hosts concerned.
  Sudo rights are defined like this :

Revision 12007-11-28 - LoicBrarda

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="ManagementWiki"

How to add sudo rights in Quattor

System wide sudo rights are defined in pro-system_lhcb_ux.tpl. New system wide rights should be added there. Other rights should be added either in the host template if it concerns only one host, or in a admin_* template which will be included in hosts concerned.

Sudo rights are defined like this :

"/software/components/access_control/roles/ROLE_NAME" = list(UG_LIST);
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/targets" = list("+span::ALL");
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/commands" = list(CMD);

Where ROLE_NAME is a name defining the role (eg. : muhv_admins), UG_LIST is a coma separated list of users and/or groups, with groups enclosed in a escape() function (eg : "loic", escape("%muon") ) and CMD a list of commands as defined in the sudoers man page (eg. : "ALL=(ALL) NOPASSWD: /sbin/service hvcard *").

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback