How to add sudo rights in Quattor

System wide sudo rights are defined in pro_system_lhcb_ux.tpl. New system wide rights should be added there. Other rights should be added either in the host template if it concerns only one host, or in a admin_* template which will be included in hosts concerned.

Sudo rights are defined like this :

"/software/components/access_control/roles/ROLE_NAME" = list(UG_LIST);
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/targets" = list("+span::ALL");
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/commands" = list(CMD);

Where ROLE_NAME is a name defining the role (eg. : muhv_admins), UG_LIST is a coma separated list of users and/or groups, with groups enclosed in a escape() function (eg : "loic", escape("%muon") ) and CMD a list of commands as defined in the sudoers man page (eg. : "ALL=(ALL) NOPASSWD: /sbin/service hvcard *").

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2008-03-11 - LoicBrarda
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LHCb All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback