On Sat, 7 Sep 2013 17:36:01 -0700 Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > On Sep 7, 2013 11:24 AM, "Dennis Gilmore" <dennis@xxxxxxxx> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I want to change sudoer on the compose boxes to enable members of > > the releng group to run "sudo cp -l" without a password this is to > > enable easily putting the livecds and disk images in place when > > staging a compose > > > > could I get some +1's please > > > > I think I'm -1 to this. > > Is this something we can script to constrain which directories to > copy to? It seems like unrestricted cp would allow overwriting any > file on the system. sudo nopasswd would mean that you no longer need > your second factor to authenticate. So that would mean we're down to > releng ssh key passphrases being our only protection for the boxes > which was a previous problem vector. We could/should restrict it to specific command line arguments I think, yes. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
