[Piuparts-devel] the "piuparts" group (as in getent group)
Andreas Beckmann
anbe at debian.org
Mon May 13 14:18:32 UTC 2013
On 2013-05-13 15:36, Holger Levsen wrote:
>> * it is used for giving humans sudo access to control master and slave
>
> yes
>
>> * therefore piupartsm and piupartss should *not* be in this group
>
> it's useful if the files they write can be modified by us,
That's primarily interesting for master, does it run with an appropriate
umask? Or does a piuparts admin still need to
sudo -u piuparts-master $SHELL
?
> why do you see a
> problem there?
I'm a bit concerned about running an unprivileged service
(piuparts-master) with (indirect) access to sudo via the group ...
For slave it's a bit moot since this needs nearly full sudo power anyway ...
Andreas
More information about the Piuparts-devel
mailing list