[MediaWiki-commits] [Gerrit] mediawiki...OpenStackManager[master]: Do not create sudo policies for chown ("-chmod")

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/339832 )

Change subject: Do not create sudo policies for chown ("-chmod")
..


Do not create sudo policies for chown ("-chmod")

Initially on Tool Labs users were supposed to fix ownership issues in
the home directories of their tools by executing:

| sudo /bin/chown -R tools.$TOOL:tools.$TOOL /data/project/$TOOL

This usage was never promoted and so did not catch on, but was
replaced by the utility take(1) which allows tool accounts to assume
ownership of files in their home directories if they share a group
with the files.

This change thus removes the creation of the unpromoted and unused
sudo policies.  After merging, existing sudo policies
"tools.$TOOL-chmod" can be removed manually.

Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a
---
M nova/OpenStackNovaServiceGroup.php
1 file changed, 0 insertions(+), 14 deletions(-)

Approvals:
  BryanDavis: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/nova/OpenStackNovaServiceGroup.php 
b/nova/OpenStackNovaServiceGroup.php
index d1d18dc..f8404de 100644
--- a/nova/OpenStackNovaServiceGroup.php
+++ b/nova/OpenStackNovaServiceGroup.php
@@ -353,20 +353,6 @@
return null;
}
 
-   # Create Sudo policy so that the service user can chown files 
in its homedir
-   if ( OpenStackNovaSudoer::createSudoer( $groupName . '-chmod',
-   $project->getProjectName(),
-   array( $groupName ),
-   array(),
-   array( '/bin/chown -R ' . $groupName . '\:' . 
$groupName . ' ' . $homeDir ),
-   array( '!authenticate' ) ) ) {
-   $ldap->printDebug( "Successfully created chmod sudo 
policy for $groupName",
-   NONSENSITIVE );
-   } else {
-   $ldap->printDebug( "Failed to  creat chmod sudo policy 
for $groupName",
-   NONSENSITIVE );
-   }
-
# Create Sudo policy so that members of the group can sudo as 
the service user
if ( OpenStackNovaSudoer::createSudoer( 'runas-' . $groupName,
$project->getProjectName(),

-- 
To view, visit https://gerrit.wikimedia.org/r/339832
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Tim Landscheidt 
Gerrit-Reviewer: Alex Monk 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: BryanDavis 
Gerrit-Reviewer: Chasemp 
Gerrit-Reviewer: Madhuvishy 
Gerrit-Reviewer: Tim Landscheidt 
Gerrit-Reviewer: Yuvipanda 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...OpenStackManager[master]: Do not create sudo policies for chown ("-chmod")

[Tim Landscheidt (Code Review)]

Hello Andrew Bogott, Alex Monk, Madhuvishy, Chasemp, Yuvipanda,

I'd like you to do a code review.  Please visit

https://gerrit.wikimedia.org/r/339832

to review the following change.


Change subject: Do not create sudo policies for chown ("-chmod")
..

Do not create sudo policies for chown ("-chmod")

Initially on Tool Labs users were supposed to fix ownership issues in
the home directories of their tools by executing:

| sudo /bin/chown -R tools.$TOOL:tools.$TOOL /data/project/$TOOL

This usage was never promoted and so did not catch on, but was
replaced by the utility take(1) which allows tool accounts to assume
ownership of files in their home directories if they share a group
with the files.

This change thus removes the creation of the unpromoted and unused
sudo policies.  After merging, existing sudo policies
"tools.$TOOL-chmod" can be removed manually.

Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a
---
M nova/OpenStackNovaServiceGroup.php
1 file changed, 0 insertions(+), 14 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager 
refs/changes/32/339832/1

diff --git a/nova/OpenStackNovaServiceGroup.php 
b/nova/OpenStackNovaServiceGroup.php
index d1d18dc..f8404de 100644
--- a/nova/OpenStackNovaServiceGroup.php
+++ b/nova/OpenStackNovaServiceGroup.php
@@ -353,20 +353,6 @@
return null;
}
 
-   # Create Sudo policy so that the service user can chown files 
in its homedir
-   if ( OpenStackNovaSudoer::createSudoer( $groupName . '-chmod',
-   $project->getProjectName(),
-   array( $groupName ),
-   array(),
-   array( '/bin/chown -R ' . $groupName . '\:' . 
$groupName . ' ' . $homeDir ),
-   array( '!authenticate' ) ) ) {
-   $ldap->printDebug( "Successfully created chmod sudo 
policy for $groupName",
-   NONSENSITIVE );
-   } else {
-   $ldap->printDebug( "Failed to  creat chmod sudo policy 
for $groupName",
-   NONSENSITIVE );
-   }
-
# Create Sudo policy so that members of the group can sudo as 
the service user
if ( OpenStackNovaSudoer::createSudoer( 'runas-' . $groupName,
$project->getProjectName(),

-- 
To view, visit https://gerrit.wikimedia.org/r/339832
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie13f33765e7c3995b001e754ed2c8e81eb1eea3a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Tim Landscheidt 
Gerrit-Reviewer: Alex Monk 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: Chasemp 
Gerrit-Reviewer: Madhuvishy 
Gerrit-Reviewer: Yuvipanda 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits