[Mageia-sysadm] [765] add bcd module
Michael Scherer
misc at zarb.org
Wed Jan 12 17:52:33 CET 2011
Le mercredi 12 janvier 2011 à 17:42 +0100, root at mageia.org a écrit :
> + file { "/etc/sudoers.d/bcd":
> + owner => root,
> + group => root,
> + mode => 440,
> + content => template("bcd/sudoers.bcd")
> + }
> + }
Micro optimisation I guess, but maybe we could do a define for that :
define sudoers_config($content) {
file { "/etc/sudoers.d/$name":
owner => root,
group => root,
mode => 440,
content => $content,
}
}
and then :
sudoers_config { "bcd:"
content => template("bcd/sudoers.bcd")
}
( less cut and paste for owner,group and mode, so less risk on error on
something as critic as sudo config )
> + define ssh_access($type, $key) {
> + ssh_authorized_key{$name:
> + type => $type,
> + key => $key,
> + user => $bcd_login,
> + }
> + }
I would rather use login based access ( we do have a module for that )
and let people run bcd using sudo -u bcd.
And use a group of people in ldap for that.
This way :
- we do know who is doing iso, in case of compromission
- we reuse the same ssh keys everywhere, less painful to update or
remove for everybody involved
--
Michael Scherer
More information about the Mageia-sysadm
mailing list