[Mageia-sysadm] [765] add bcd module
nicolas vigier
boklm at mars-attacks.org
Wed Jan 12 18:28:34 CET 2011
On Wed, 12 Jan 2011, Michael Scherer wrote:
> Le mercredi 12 janvier 2011 à 17:42 +0100, root at mageia.org a écrit :
>
> > + file { "/etc/sudoers.d/bcd":
> > + owner => root,
> > + group => root,
> > + mode => 440,
> > + content => template("bcd/sudoers.bcd")
> > + }
> > + }
>
> Micro optimisation I guess, but maybe we could do a define for that :
>
> define sudoers_config($content) {
> file { "/etc/sudoers.d/$name":
> owner => root,
> group => root,
> mode => 440,
> content => $content,
>
> }
> }
>
> and then :
>
> sudoers_config { "bcd:"
> content => template("bcd/sudoers.bcd")
> }
>
> ( less cut and paste for owner,group and mode, so less risk on error on
> something as critic as sudo config )
Good idea.
>
> > + define ssh_access($type, $key) {
> > + ssh_authorized_key{$name:
> > + type => $type,
> > + key => $key,
> > + user => $bcd_login,
> > + }
> > + }
>
> I would rather use login based access ( we do have a module for that )
> and let people run bcd using sudo -u bcd.
>
> And use a group of people in ldap for that.
> This way :
> - we do know who is doing iso, in case of compromission
> - we reuse the same ssh keys everywhere, less painful to update or
> remove for everybody involved
Ok, yes, that's better.
More information about the Mageia-sysadm
mailing list