How to add sudo rights in Quattor
System wide sudo rights are defined in pro_system_lhcb_ux.tpl. New system wide rights should be added there. Other rights should be added either in the host template if it concerns only one host, or in a admin_* template which will be included in hosts concerned.
Sudo rights are defined like this :
"/software/components/access_control/roles/ROLE_NAME" = list(UG_LIST);
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/targets" = list("+span::ALL");
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/commands" = list(CMD);
Where
ROLE_NAME is a name defining the role (eg. : muhv_admins),
UG_LIST is a coma separated list of users and/or groups, with groups enclosed in a
escape()
function (eg :
"loic", escape("%muon")
) and
CMD a list of commands as defined in the sudoers man page (eg. :
"ALL=(ALL) NOPASSWD: /sbin/service hvcard *"
).