jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/339832 )
Change subject: Do not create sudo policies for chown ("-chmod")
......................................................................
Do not create sudo policies for chown ("-chmod")
Initially on Tool Labs users were supposed to fix ownership issues in
the home directories of their tools by executing:
| sudo /bin/chown -R tools.$TOOL:tools.$TOOL /data/project/$TOOL
This usage was never promoted and so did not catch on, but was
replaced by the utility take(1) which allows tool accounts to assume
ownership of files in their home directories if they share a group
with the files.
This change thus removes the creation of the unpromoted and unused
sudo policies. After merging, existing sudo policies
"tools.$TOOL-chmod" can be removed manually.
Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a
---
M nova/OpenStackNovaServiceGroup.php
1 file changed, 0 insertions(+), 14 deletions(-)
Approvals:
BryanDavis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/nova/OpenStackNovaServiceGroup.php
b/nova/OpenStackNovaServiceGroup.php
index d1d18dc..f8404de 100644
--- a/nova/OpenStackNovaServiceGroup.php
+++ b/nova/OpenStackNovaServiceGroup.php
@@ -353,20 +353,6 @@
return null;
}
- # Create Sudo policy so that the service user can chown files
in its homedir
- if ( OpenStackNovaSudoer::createSudoer( $groupName . '-chmod',
- $project->getProjectName(),
- array( $groupName ),
- array(),
- array( '/bin/chown -R ' . $groupName . '\:' .
$groupName . ' ' . $homeDir ),
- array( '!authenticate' ) ) ) {
- $ldap->printDebug( "Successfully created chmod sudo
policy for $groupName",
- NONSENSITIVE );
- } else {
- $ldap->printDebug( "Failed to creat chmod sudo policy
for $groupName",
- NONSENSITIVE );
- }
-
# Create Sudo policy so that members of the group can sudo as
the service user
if ( OpenStackNovaSudoer::createSudoer( 'runas-' . $groupName,
$project->getProjectName(),
--
To view, visit https://gerrit.wikimedia.org/r/339832
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org>
Gerrit-Reviewer: Chasemp <r...@wikimedia.org>
Gerrit-Reviewer: Madhuvishy <mviswanat...@wikimedia.org>
Gerrit-Reviewer: Tim Landscheidt <t...@tim-landscheidt.de>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
