[MediaWiki-commits] [Gerrit] sudo: adjust sudoers for compat with newer sudo - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: sudo: adjust sudoers for compat with newer sudo .. sudo: adjust sudoers for compat with newer sudo As NEWS.Debian informs us: - sudo = 1.7.4p4-2 is resetting $HOME and $MAIL to the target user when sudoing. Undo this for $HOME by adding it to env_keep as we're too used to it. - sudo = 1.8.2-1 is not configured with --with-secure-path anymore and the setting has been moved into a sudoers directive. Add this directive to our own sudoers file. Finally, remove the special-handling of the sudo group. We don't use this here and we shouldn't treat it like that, especially since we don't manage the group members. Change-Id: I9052a89b4aa4a534fe2ca4473aa15aa72ad3d76b --- M modules/sudo/files/sudoers 1 file changed, 4 insertions(+), 18 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index cf4447c..ea823fd 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -1,25 +1,11 @@ # /etc/sudoers # -# This file MUST be edited with the 'visudo' command as root. -# -# See the man page for details on how to write a sudoers file. -# +# This file is managed by Puppet -Defaultsenv_reset +Defaults env_reset +Defaults env_keep += HOME +Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification rootALL=(ALL) ALL -# Allow members of group sudo to execute any command after they have -# provided their password -# (Note that later entries override this, so you might need to move -# it further down) -%sudo ALL=(ALL) ALL -# #includedir /etc/sudoers.d -- To view, visit https://gerrit.wikimedia.org/r/180506 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I9052a89b4aa4a534fe2ca4473aa15aa72ad3d76b Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Giuseppe Lavagetto glavage...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] sudo: adjust sudoers for compat with newer sudo - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/180506 Change subject: sudo: adjust sudoers for compat with newer sudo .. sudo: adjust sudoers for compat with newer sudo As NEWS.Debian informs us: - sudo = 1.7.4p4-2 is resetting $HOME and $MAIL to the target user when sudoing. Undo this for $HOME by adding it to env_keep as we're too used to it. - sudo = 1.8.2-1 is not configured with --with-secure-path anymore and the setting has been moved into a sudoers directive. Add this directive to our own sudoers file. Finally, remove the special-handling of the sudo group. We don't use this here and we shouldn't treat it like that, especially since we don't manage the group members. Change-Id: I9052a89b4aa4a534fe2ca4473aa15aa72ad3d76b --- M modules/sudo/files/sudoers 1 file changed, 4 insertions(+), 18 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/06/180506/1 diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index cf4447c..ea823fd 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -1,25 +1,11 @@ # /etc/sudoers # -# This file MUST be edited with the 'visudo' command as root. -# -# See the man page for details on how to write a sudoers file. -# +# This file is managed by Puppet -Defaultsenv_reset +Defaults env_reset +Defaults env_keep += HOME +Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification rootALL=(ALL) ALL -# Allow members of group sudo to execute any command after they have -# provided their password -# (Note that later entries override this, so you might need to move -# it further down) -%sudo ALL=(ALL) ALL -# #includedir /etc/sudoers.d -- To view, visit https://gerrit.wikimedia.org/r/180506 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9052a89b4aa4a534fe2ca4473aa15aa72ad3d76b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
