[Labs-l] Passwordless sudo on all instances
Ryan Lane
rlane at wikimedia.org
Fri Jan 25 02:22:28 UTC 2013
This is really awesome. Great work Andrew!
On Thu, Jan 24, 2013 at 5:27 PM, Andrew Bogott <abogott at wikimedia.org>wrote:
> I've just made a few changes to the way sudo is handled in labs. Most
> users will only notice the first one:
>
> 1) Password-free: anyone who had sudo rights before will still have
> them, but now sudo commands will execute immediately without first
> prompting for a password.
>
> 2) Default policies: Newly created projects will automatically have a
> permissive sudo policy that provides sudo rights for all project members
> and all commands.
>
> 3) No more 'ALL' users: The user group named 'ALL' has been replaced by
> the slightly-more-secure 'All project members.'
>
> If you are a project sysadmin and find #1 alarming, it's easy to turn
> passwords back on. Visit https://labsconsole.wikimedia.**
> org/wiki/Special:NovaSudoer<https://labsconsole.wikimedia.org/wiki/Special:NovaSudoer>-- passwordless sudo is reflected by the "!authenticate" option. To
> require passwords for a given policy, click the 'modify' link and then
> check the 'require authentication' box on the following page.
>
> Please let me know if you find any breakage with these changes!
>
> -Andrew
>
>
> ______________________________**_________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/**mailman/listinfo/labs-l<https://lists.wikimedia.org/mailman/listinfo/labs-l>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130124/9ae61e77/attachment.html>
More information about the Labs-l
mailing list