Smalyshev added a comment. @Dzahn yes but your proposed config as far as I can see allows only to sudo to user blazegraph, not to root, for services. While services do run under blazegraph user, I think if I am going to start/stop them, I'll still need to sudo to root.
Also, I think some access to journalctl for log viewing may be needed, but this can be worked around by sending the logs to syslog and maybe configuring rsyslogd to put them in files which could be read by wdqs-admins group. I'll check on that. TASK DETAIL https://phabricator.wikimedia.org/T105185 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Joe, Smalyshev Cc: Dzahn, gerritbot, Matanya, Aklapper, Westonnh, tomasz, Jdouglas, Joe, Smalyshev, jkroll, Wikidata-bugs, RobH, aude, Manybubbles, mark, JanZerebecki, faidon, fgiunchedi, chasemp, Malyacko, Krenair, P.Copp _______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
