change freeze request
Kevin Fenzi
kevin at scrye.com
Sun Sep 8 16:09:13 UTC 2013
On Sat, 7 Sep 2013 17:36:01 -0700
Toshio Kuratomi <a.badger at gmail.com> wrote:
> On Sep 7, 2013 11:24 AM, "Dennis Gilmore" <dennis at ausil.us> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I want to change sudoer on the compose boxes to enable members of
> > the releng group to run "sudo cp -l" without a password this is to
> > enable easily putting the livecds and disk images in place when
> > staging a compose
> >
> > could I get some +1's please
> >
>
> I think I'm -1 to this.
>
> Is this something we can script to constrain which directories to
> copy to? It seems like unrestricted cp would allow overwriting any
> file on the system. sudo nopasswd would mean that you no longer need
> your second factor to authenticate. So that would mean we're down to
> releng ssh key passphrases being our only protection for the boxes
> which was a previous problem vector.
We could/should restrict it to specific command line arguments I think,
yes.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130908/e279e09e/attachment.sig>
More information about the infrastructure
mailing list