On Sep 7, 2013 11:24 AM, "Dennis Gilmore" <dennis@xxxxxxxx> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I want to change sudoer on the compose boxes to enable members of
> the releng group to run "sudo cp -l" without a password this is to
> enable easily putting the livecds and disk images in place when staging
> a compose
>
> could I get some +1's please
>
I think I'm -1 to this.
Is this something we can script to constrain which directories to copy to? It seems like unrestricted cp would allow overwriting any file on the system. sudo nopasswd would mean that you no longer need your second factor to authenticate. So that would mean we're down to releng ssh key passphrases being our only protection for the boxes which was a previous problem vector.
-Toshio
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
