On Tue 23 Jul 2013 10:48:46 PM CEST, Ewoud Kohl van Wijngaarden wrote:
On Tue, Jul 23, 2013 at 04:27:08PM -0400, Mike Burns wrote:
I have a task that is currently not allowed due to the current sudo rules. I need to be able to run the edit-node tool to generate ovirt-node isos containing vdsm. This tool requires root or sudo access.
The problem is that I'm extracting the tool from it's rpm since it's generated in a different jenkins job. The execution is done with a command like this:
sudo ${WORKSPACE}/edit-node <options>
AFAIK, this can't be handled in the sudoers file in any easy way.
Any suggestions? Or maybe simply enable universal passwordless sudo?
I was wondering the same thing in http://gerrit.ovirt.org/17261. Since we already give permission to yum and cp to /etc/yum.repos.d, it's not hard to get some package to install extra sudo rules for yourself and have full sudo. _______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Yep, but we need it in order to be able to run the jobs, if we don't want to setup a complicated permission system. I agree with quaid, we can just add ssh access for us and give full sudo acces to the jenkins user and our users, afaik the only sensible information that is there is the hashed password for admin users in the shadowfile, but if we allow passwordless sudo to our users too we do not need to setup any password in the system (that means changes in the users class too btw). -- David Caro Red Hat Czech s.r.o. Continuous Integration Engineer - EMEA ENG Virtualization R&D Tel.: +420 532 294 605 Email: dcaro@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic RHT Global #: 82-62605