[Mageia-sysadm] [765] add bcd module

Wed Jan 12 18:28:34 CET 2011

On Wed, 12 Jan 2011, Michael Scherer wrote:
+
+> Le mercredi 12 janvier 2011 à 17:42 +0100, root at mageia.org a écrit :
+> 
+> > +       file { "/etc/sudoers.d/bcd":
+> > +            owner => root,
+> > +            group => root,
+> > +            mode => 440,
+> > +            content => template("bcd/sudoers.bcd")
+> > +        }
+> > +    }
+> 
+> Micro optimisation I guess, but maybe we could do a define for that :
+> 
+> define sudoers_config($content) {
+>    file { "/etc/sudoers.d/$name":
+>             owner => root,
+>             group => root,
+>             mode => 440,
+>             content => $content,
+> 
+>       }
+> }
+> 
+> and then :
+> 
+> sudoers_config { "bcd:"
+>    content => template("bcd/sudoers.bcd")
+> }
+> 
+> ( less cut and paste for owner,group and mode, so less risk on error on
+> something as critic as sudo config )
+
+Good idea.
+
+> 
+> > +    define ssh_access($type, $key) {
+> > +	ssh_authorized_key{$name:
+> > +		type => $type,
+> > +		key => $key,
+> > +		user => $bcd_login,
+> > +	}
+> > +    }
+> 
+> I would rather use login based access ( we do have a module for that )
+> and let people run bcd using sudo -u bcd.
+> 
+> And use a group of people in ldap for that. 
+> This way :
+> - we do know who is doing iso, in case of compromission
+> - we reuse the same ssh keys everywhere, less painful to update or
+> remove for everybody involved
+
+Ok, yes, that's better.
+
+