[Mageia-sysadm] [765] add bcd module

Michael Scherer misc at zarb.org
Wed Jan 12 17:52:33 CET 2011


Le mercredi 12 janvier 2011 à 17:42 +0100, root at mageia.org a écrit :

> +       file { "/etc/sudoers.d/bcd":
> +            owner => root,
> +            group => root,
> +            mode => 440,
> +            content => template("bcd/sudoers.bcd")
> +        }
> +    }

Micro optimisation I guess, but maybe we could do a define for that :

define sudoers_config($content) {
   file { "/etc/sudoers.d/$name":
            owner => root,
            group => root,
            mode => 440,
            content => $content,

      }
}

and then :

sudoers_config { "bcd:"
   content => template("bcd/sudoers.bcd")
}

( less cut and paste for owner,group and mode, so less risk on error on
something as critic as sudo config )

> +    define ssh_access($type, $key) {
> +	ssh_authorized_key{$name:
> +		type => $type,
> +		key => $key,
> +		user => $bcd_login,
> +	}
> +    }

I would rather use login based access ( we do have a module for that )
and let people run bcd using sudo -u bcd.

And use a group of people in ldap for that. 
This way :
- we do know who is doing iso, in case of compromission
- we reuse the same ssh keys everywhere, less painful to update or
remove for everybody involved
-- 
Michael Scherer



More information about the Mageia-sysadm mailing list