MAAS

Merge lp:~allenap/maas/packaging.restrict-maas-rack-sudo-rule into lp:~maas-maintainers/maas/packaging

  1. packaging.restrict-maas-rack-sudo-rule
  2. Merge into packaging
Proposed by Gavin Panella
Status: Merged
Approved by: Gavin Panella
Approved revision: 547
Merged at revision: 547
Proposed branch: lp:~allenap/maas/packaging.restrict-maas-rack-sudo-rule
Merge into: lp:~maas-maintainers/maas/packaging
Prerequisite: lp:~allenap/maas/packaging.atomic-delete-and-write-scripts
Diff against target: 12 lines (+1/-1)
1 file modified
debian/extras/99-maas-sudoers (+1/-1)
To merge this branch: bzr merge lp:~allenap/maas/packaging.restrict-maas-rack-sudo-rule
Reviewer Review Type Date Requested Status
Blake Rouse (community) Approve
Review via email: mp+320773@code.launchpad.net

Commit message

Restrict sudo rules for maas-rack to only the scan-network command, with any arguments.

To post a comment you must log in.
Revision history for this message
Blake Rouse (blake-rouse) wrote :

Be sure to have ran this installed to make sure this doesn't break anything before landing.

review: Approve
Revision history for this message
Gavin Panella (allenap) wrote :

Thanks for all the reviews. I ran this through CI with lp:~allenap/maas/remove-old-atomic-delete-and-write and the result was green: http://162.213.35.104:8080/job/maas-xenial-trunk-manual/349/

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/extras/99-maas-sudoers'
2--- debian/extras/99-maas-sudoers 2017-03-23 09:12:32 +0000
3+++ debian/extras/99-maas-sudoers 2017-03-23 09:12:32 +0000
4@@ -10,7 +10,7 @@
5 maas ALL= NOPASSWD: /bin/systemctl start tgt
6 maas ALL= NOPASSWD: /bin/systemctl disable maas-rackd
7 maas ALL= NOPASSWD: /bin/systemctl stop maas-rackd
8-maas ALL= NOPASSWD: /usr/sbin/maas-rack
9+maas ALL= NOPASSWD: /usr/sbin/maas-rack scan-network *
10 maas ALL= NOPASSWD: /usr/lib/maas/maas-network-monitor
11 maas ALL= NOPASSWD: /usr/lib/maas/maas-delete-file
12 maas ALL= NOPASSWD: /usr/lib/maas/maas-write-file

Subscribers

People subscribed via source and target branches