[Mageia-sysadm] [765] add bcd module

nicolas vigier boklm at mars-attacks.org
Wed Jan 12 18:28:34 CET 2011


On Wed, 12 Jan 2011, Michael Scherer wrote:

> Le mercredi 12 janvier 2011 à 17:42 +0100, root at mageia.org a écrit :
> 
> > +       file { "/etc/sudoers.d/bcd":
> > +            owner => root,
> > +            group => root,
> > +            mode => 440,
> > +            content => template("bcd/sudoers.bcd")
> > +        }
> > +    }
> 
> Micro optimisation I guess, but maybe we could do a define for that :
> 
> define sudoers_config($content) {
>    file { "/etc/sudoers.d/$name":
>             owner => root,
>             group => root,
>             mode => 440,
>             content => $content,
> 
>       }
> }
> 
> and then :
> 
> sudoers_config { "bcd:"
>    content => template("bcd/sudoers.bcd")
> }
> 
> ( less cut and paste for owner,group and mode, so less risk on error on
> something as critic as sudo config )

Good idea.

> 
> > +    define ssh_access($type, $key) {
> > +	ssh_authorized_key{$name:
> > +		type => $type,
> > +		key => $key,
> > +		user => $bcd_login,
> > +	}
> > +    }
> 
> I would rather use login based access ( we do have a module for that )
> and let people run bcd using sudo -u bcd.
> 
> And use a group of people in ldap for that. 
> This way :
> - we do know who is doing iso, in case of compromission
> - we reuse the same ssh keys everywhere, less painful to update or
> remove for everybody involved

Ok, yes, that's better.



More information about the Mageia-sysadm mailing list