Last modified: 2014-05-27 22:14:31 UTC
I used to be able to sudo as mwdeploy but now can't. I am in the 'svn' group. sudo -u mwdeploy -- touch extensions/Wikidata/extensions/Wikibase/lib/resources/wikibase.utilities/wikibase.utilities.GuidGenerator.js [sudo] password for aude: Sorry, user aude is not allowed to execute '/usr/bin/touch extensions/Wikidata/extensions/Wikibase/lib/resources/wikibase.utilities/wikibase.utilities.GuidGenerator.js' as mwdeploy on deployment-bastion.eqiad.wmflabs.
Change 134491 had a related patch set uploaded by BryanDavis: Labs: Add deployment related sudoer rules for svn group https://gerrit.wikimedia.org/r/134491
Does this mean the users should be converted like in: https://bugzilla.wikimedia.org/show_bug.cgi?id=64596 (instead of working around it)?
(In reply to Daniel Zahn from comment #2) > Does this mean the users should be converted like in: > > https://bugzilla.wikimedia.org/show_bug.cgi?id=64596 > > (instead of working around it)? I think it's related but slightly different. The problem here is actually https://bugzilla.wikimedia.org/show_bug.cgi?id=63028. Aude, hashar and apparently about 400 other users have a primary gid of 550(svn) instead of 500(wikidev). This wouldn't be too big of a deal if they were also members of the 500(wikidev) group, but they are not. I think the best fix for this would be to update all users that have 550(svn) as their primary group to have 500(wikidev) as their primary group. Following that one of two things should happen, either all files owned by group 550(svn) should be changed to 500(wikidev) across all of labs, or probably more rationally all users in the 500(wikidev) group should be added to the 550(svn) as a secondary group. If the later action is taken the script that creates new users in ldap should also be updated to add all future users to the 550(svn) group as a secondary group.
Change 134491 merged by Dzahn: Labs: Add deployment related sudoer rules for svn group https://gerrit.wikimedia.org/r/134491
Change 135622 had a related patch set uploaded by BryanDavis: Revert "Labs: Add deployment related sudoer rules for svn group" https://gerrit.wikimedia.org/r/135622
Change 135622 merged by Dzahn: Revert "Labs: Add deployment related sudoer rules for svn group" https://gerrit.wikimedia.org/r/135622