rawhide, /mnt/koji and /pub/fedora
Jeroen van Meeuwen
kanarip at kanarip.com
Thu Aug 28 09:57:50 UTC 2008
Nigel Jones wrote:
> On Wed, 2008-08-27 at 21:52 -0700, Jesse Keating wrote:
>> On Wed, 2008-08-27 at 21:44 -0700, Jesse Keating wrote:
>>> Comments?
>> One comment just made on IRC by G:
>>
>> <G> f13: can't be allow masher to sudo to ftpsync and run a sync
>> command?
>>
> G = $me :)
>> We would have to allow masher to sudo with no password in order to run
>> the rsync command. I'm not sure how far we can narrow it down since the
>> rsync source changes each day, only the dest (and other options) remain
>> the same.
> Why not something like:
>
> sudo /usr/local/bin/rawhideftpsync.sh <random bit>
> that runs: rsync ...<normal path>.<random bit> ...
>
> Just a thought.
You could configure sudoers to allow the masher user to only be able to
execute whatever it sudo's as the ftpsync user:
masher hostname.domain.tld=(ftpsync) NOPASSWD: rsync $rsync_opts
foo.<wildcardmatch-source> bar
Does that narrow it down sufficiently?
Kind regards,
Jeroen van Meeuwen
-kanarip
More information about the infrastructure
mailing list