[Piuparts-commits] [SCM] piuparts git repository branch, master, updated. 0.49-194-g6f9dd07
Andreas Beckmann
anbe at debian.org
Fri Mar 15 22:52:52 UTC 2013
The following commit has been merged in the master branch:
commit 6ecf3a30a1a78f10e021416d492bfc27e6f51f5a
Author: Andreas Beckmann <anbe at debian.org>
Date: Sun Mar 10 09:44:46 2013 +0100
restrict sudoers permissions a little bit
Signed-off-by: Andreas Beckmann <anbe at debian.org>
diff --git a/README_piatti.txt b/README_piatti.txt
index 75db1ed..174ee87 100644
--- a/README_piatti.txt
+++ b/README_piatti.txt
@@ -19,8 +19,8 @@ Create an SSH keypair for piupartss and put it into ~/.ssh/authorized_keys of th
=== '/etc/sudoers' for piatti
----
-# The piuparts slave needs to handle chroots
-piupartss ALL=(ALL) NOPASSWD: ALL
+# The piuparts slave needs to handle chroots.
+piupartss ALL = NOPASSWD: ALL
#piuparts admins
%piuparts ALL=(piupartss) ALL
diff --git a/TODO b/TODO
index 58161f6..008200d 100644
--- a/TODO
+++ b/TODO
@@ -23,6 +23,10 @@ for 0.5x:
/etc/piuparts/slave.conf?! or use /etc/default/slave to define sections?
debconfify piuparts.conf? allow preseeding of mirror, master, ...
+- sudoers FIXME: the piupartsm user should be very unprivileged
+ (since it may be used for remote ssh access to run the slave)
+ granting permssions to %piuparts works against this
+
- merge/cleanup README_piatti.txt and README_server.txt?
- use cdn.debian.net as mirror default (instead of "your.mirror.here") and
diff --git a/conf/piuparts.sudoers b/conf/piuparts.sudoers
index 69ffeec..d4205fe 100644
--- a/conf/piuparts.sudoers
+++ b/conf/piuparts.sudoers
@@ -1,5 +1,5 @@
-# The piuparts slave needs to handle chroots
-piupartss ALL=(ALL) NOPASSWD: ALL
+# The piuparts slave needs to handle chroots.
+piupartss ALL = NOPASSWD: ALL
#piuparts admins
%piuparts ALL=(piupartss) ALL
--
piuparts git repository
More information about the Piuparts-commits
mailing list