[Labs-l] Passwordless sudo on all instances
Petr Bena
benapetr at gmail.com
Fri Jan 25 08:15:25 UTC 2013
Why renaming ALL?
On Fri, Jan 25, 2013 at 3:27 AM, Patrick Reilly <preilly at wikimedia.org>wrote:
> Great work Andrew!
>
> — Patrick
>
> On Thu, Jan 24, 2013 at 6:22 PM, Ryan Lane <rlane at wikimedia.org> wrote:
>
>> This is really awesome. Great work Andrew!
>>
>>
>> On Thu, Jan 24, 2013 at 5:27 PM, Andrew Bogott <abogott at wikimedia.org>wrote:
>>
>>> I've just made a few changes to the way sudo is handled in labs. Most
>>> users will only notice the first one:
>>>
>>> 1) Password-free: anyone who had sudo rights before will still have
>>> them, but now sudo commands will execute immediately without first
>>> prompting for a password.
>>>
>>> 2) Default policies: Newly created projects will automatically have a
>>> permissive sudo policy that provides sudo rights for all project members
>>> and all commands.
>>>
>>> 3) No more 'ALL' users: The user group named 'ALL' has been replaced
>>> by the slightly-more-secure 'All project members.'
>>>
>>> If you are a project sysadmin and find #1 alarming, it's easy to turn
>>> passwords back on. Visit https://labsconsole.wikimedia.**
>>> org/wiki/Special:NovaSudoer<https://labsconsole.wikimedia.org/wiki/Special:NovaSudoer>-- passwordless sudo is reflected by the "!authenticate" option. To
>>> require passwords for a given policy, click the 'modify' link and then
>>> check the 'require authentication' box on the following page.
>>>
>>> Please let me know if you find any breakage with these changes!
>>>
>>> -Andrew
>>>
>>>
>>> ______________________________**_________________
>>> Labs-l mailing list
>>> Labs-l at lists.wikimedia.org
>>> https://lists.wikimedia.org/**mailman/listinfo/labs-l<https://lists.wikimedia.org/mailman/listinfo/labs-l>
>>>
>>
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130125/fc21d355/attachment.html>
More information about the Labs-l
mailing list