[Piuparts-devel] the "piuparts" group (as in getent group)

Holger Levsen holger at layer-acht.org
Mon May 13 15:10:37 UTC 2013


Hi Andreas,

On Montag, 13. Mai 2013, Andreas Beckmann wrote:
> That's primarily interesting for master, does it run with an appropriate
> umask?

no, umask is 0022, not 0002

> Or does a piuparts admin still need to
>   sudo -u piuparts-master $SHELL

well, for what?

> > why do you see a
> > problem there?
> 
> I'm a bit concerned about running an unprivileged service
> (piuparts-master) with (indirect) access to sudo via the group ...
> For slave it's a bit moot since this needs nearly full sudo power anyway

piupartsm cannot use sudo for anything. piupartss can use sudo for everything, 
but only on the slave.


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/piuparts-devel/attachments/20130513/df14b2a3/attachment.pgp>


More information about the Piuparts-devel mailing list