[Mageia-sysadm] [765] add bcd module

Wed Jan 12 17:52:33 CET 2011

Le mercredi 12 janvier 2011 à 17:42 +0100, root at mageia.org a écrit :
+
+> +       file { "/etc/sudoers.d/bcd":
+> +            owner => root,
+> +            group => root,
+> +            mode => 440,
+> +            content => template("bcd/sudoers.bcd")
+> +        }
+> +    }
+
+Micro optimisation I guess, but maybe we could do a define for that :
+
+define sudoers_config($content) {
+   file { "/etc/sudoers.d/$name":
+            owner => root,
+            group => root,
+            mode => 440,
+            content => $content,
+
+      }
+}
+
+and then :
+
+sudoers_config { "bcd:"
+   content => template("bcd/sudoers.bcd")
+}
+
+( less cut and paste for owner,group and mode, so less risk on error on
+something as critic as sudo config )
+
+> +    define ssh_access($type, $key) {
+> +	ssh_authorized_key{$name:
+> +		type => $type,
+> +		key => $key,
+> +		user => $bcd_login,
+> +	}
+> +    }
+
+I would rather use login based access ( we do have a module for that )
+and let people run bcd using sudo -u bcd.
+
+And use a group of people in ldap for that. 
+This way :
+- we do know who is doing iso, in case of compromission
+- we reuse the same ssh keys everywhere, less painful to update or
+remove for everybody involved
+-- 
+Michael Scherer
+
+