How to add sudo rights in Quattor

System wide sudo rights are defined in pro_system_lhcb_ux.tpl. New system wide rights should be added there. Other rights should be added either in the host template if it concerns only one host, or in a admin_* template which will be included in hosts concerned.

Sudo rights are defined like this :

"/software/components/access_control/roles/ROLE_NAME" = list(UG_LIST);
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/targets" = list("+span::ALL");
"/software/components/access_control/privileges/acl_sudo/role/ROLE_NAME/0/commands" = list(CMD);

Where ROLE_NAME is a name defining the role (eg. : muhv_admins), UG_LIST is a coma separated list of users and/or groups, with groups enclosed in a escape() function (eg : "loic", escape("%muon") ) and CMD a list of commands as defined in the sudoers man page (eg. : "ALL=(ALL) NOPASSWD: /sbin/service hvcard *").


This topic: LHCb > WebHome > LHCbOnline > LinuxManagementWiki > SudoInQuattor
Topic revision: r3 - 2008-03-11 - LoicBrarda
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback