Last modified: 2014-08-29 15:56:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T70834, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 68834 - Sudoers interface should provide an option for ALL
Sudoers interface should provide an option for ALL
Status: RESOLVED FIXED
Product: Wikimedia Labs
Classification: Unclassified
wikitech-interface (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Andrew Bogott
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-30 01:29 UTC by Marc A. Pelletier
Modified: 2014-08-29 15:56 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc A. Pelletier 2014-07-30 01:29:33 UTC 
Currently, the sudoers per-project interface allows creation of sudo rules with individual users or "all project users" as targets.  There is no provision for a "ALL" target as project admins may wish to use.

Adding this option should be fairly trivial.
Comment 1 Andrew Bogott 2014-07-30 04:05:14 UTC 
What is an example of a user who is a member of ALL yet not a member of 'all project users'?
Comment 2 Yuvi Panda 2014-07-30 09:23:15 UTC 
All system users?
Comment 3 Marc A. Pelletier 2014-07-30 13:31:40 UTC 
Also, 'all project users' excludes root.  :-)
Comment 4 Andrew Bogott 2014-07-30 14:33:02 UTC 
Having sudo policies in ldap doesn't preclude setting up sudo policies directly on the box...  To the extent that system users are puppetized, it seems like their sudo policy should derive from puppet as well.
Comment 5 Andrew Bogott 2014-07-30 14:34:54 UTC 
Oh, my mistake, I misunderstood what we meant by 'target' here.  This makes sense after all :)
Comment 6 Andrew Bogott 2014-08-12 22:46:03 UTC 
https://gerrit.wikimedia.org/r/#/c/153723
Comment 7 Gerrit Notification Bot 2014-08-12 23:52:02 UTC 
Change 153723 had a related patch set uploaded by Tim Landscheidt:
Replace support for 'ALL' in the 'Allow running as' sudo column.

https://gerrit.wikimedia.org/r/153723
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links