[MediaWiki-commits] [Gerrit] tilerator/k10n: add trailing * to journalctl sudo - change (operations/puppet)

Mon, 26 Oct 2015 16:33:07 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/249023

Change subject: tilerator/k10n: add trailing * to journalctl sudo
......................................................................

tilerator/k10n: add trailing * to journalctl sudo

Add a trailing * to the sudo permissions line that allows
reading logfiles with journalctl. The intention was that it
ends in a wildcard to allow variations of the command.

We just wanted to limit on the user. Compare to other admin groups
for other services with a journcalctl line.

quote from Yurik: " does not allow for any other arguments, such as
-a, -r, --no-pager, -x, -o, -n, -f, -e, and possibly others.
Which means that it opens a pager at Aug 13th, and if I try to jump
to the end with "shift+G", it hangs."

and not having this was an oversight.

Bug:T115067
Change-Id: I8919a96db3f2f0e74412571555d6e48076dcf1ca
---
M modules/admin/data/data.yaml
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/249023/1

diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 35b9164..8fdf6ec 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -358,7 +358,7 @@
                  'ALL = NOPASSWD: /bin/systemctl mask kartotherian.service',
                  'ALL = NOPASSWD: /bin/systemctl unmask kartotherian.service',
                  'ALL = (kartotherian) NOPASSWD: ALL',
-                 'ALL = NOPASSWD: /bin/journalctl -u kartotherian']
+                 'ALL = NOPASSWD: /bin/journalctl -u kartotherian *']
   wdqs-admins:
     gid: 755
     description: Admins for the WikiData Query Service project
@@ -382,7 +382,7 @@
                  'ALL = NOPASSWD: /bin/systemctl mask tilerator.service',
                  'ALL = NOPASSWD: /bin/systemctl unmask tilerator.service',
                  'ALL = (tilerator) NOPASSWD: ALL',
-                 'ALL = NOPASSWD: /bin/journalctl -u tilerator']
+                 'ALL = NOPASSWD: /bin/journalctl -u tilerator *']
   mobileapps-admin:
     description: Group of mobileapps admins
     gid: 759

-- 
To view, visit https://gerrit.wikimedia.org/r/249023
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8919a96db3f2f0e74412571555d6e48076dcf1ca
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to