1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] [765] add bcd module
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B765%5D%20add%20bcd%20module&In-Reply-To=%3C20110112172834.GJ21938%40mars-attacks.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="001955.html">
<LINK REL="Next" HREF="001953.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] [765] add bcd module</H1>
<B>nicolas vigier</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B765%5D%20add%20bcd%20module&In-Reply-To=%3C20110112172834.GJ21938%40mars-attacks.org%3E"
TITLE="[Mageia-sysadm] [765] add bcd module">boklm at mars-attacks.org
</A><BR>
<I>Wed Jan 12 18:28:34 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="001955.html">[Mageia-sysadm] [765] add bcd module
</A></li>
<LI>Next message: <A HREF="001953.html">[Mageia-sysadm] [766] typo in filename
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#1961">[ date ]</a>
<a href="thread.html#1961">[ thread ]</a>
<a href="subject.html#1961">[ subject ]</a>
<a href="author.html#1961">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Wed, 12 Jan 2011, Michael Scherer wrote:
><i> Le mercredi 12 janvier 2011 à 17:42 +0100, <A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">root at mageia.org</A> a écrit :
</I>><i>
</I>><i> > + file { "/etc/sudoers.d/bcd":
</I>><i> > + owner => root,
</I>><i> > + group => root,
</I>><i> > + mode => 440,
</I>><i> > + content => template("bcd/sudoers.bcd")
</I>><i> > + }
</I>><i> > + }
</I>><i>
</I>><i> Micro optimisation I guess, but maybe we could do a define for that :
</I>><i>
</I>><i> define sudoers_config($content) {
</I>><i> file { "/etc/sudoers.d/$name":
</I>><i> owner => root,
</I>><i> group => root,
</I>><i> mode => 440,
</I>><i> content => $content,
</I>><i>
</I>><i> }
</I>><i> }
</I>><i>
</I>><i> and then :
</I>><i>
</I>><i> sudoers_config { "bcd:"
</I>><i> content => template("bcd/sudoers.bcd")
</I>><i> }
</I>><i>
</I>><i> ( less cut and paste for owner,group and mode, so less risk on error on
</I>><i> something as critic as sudo config )
</I>
Good idea.
><i>
</I>><i> > + define ssh_access($type, $key) {
</I>><i> > + ssh_authorized_key{$name:
</I>><i> > + type => $type,
</I>><i> > + key => $key,
</I>><i> > + user => $bcd_login,
</I>><i> > + }
</I>><i> > + }
</I>><i>
</I>><i> I would rather use login based access ( we do have a module for that )
</I>><i> and let people run bcd using sudo -u bcd.
</I>><i>
</I>><i> And use a group of people in ldap for that.
</I>><i> This way :
</I>><i> - we do know who is doing iso, in case of compromission
</I>><i> - we reuse the same ssh keys everywhere, less painful to update or
</I>><i> remove for everybody involved
</I>
Ok, yes, that's better.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="001955.html">[Mageia-sysadm] [765] add bcd module
</A></li>
<LI>Next message: <A HREF="001953.html">[Mageia-sysadm] [766] typo in filename
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#1961">[ date ]</a>
<a href="thread.html#1961">[ thread ]</a>
<a href="subject.html#1961">[ subject ]</a>
<a href="author.html#1961">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
