-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
El Sat, 7 Sep 2013 17:36:01 -0700
Toshio Kuratomi <a.badger(a)gmail.com> escribió:
On Sep 7, 2013 11:24 AM, "Dennis Gilmore"
<dennis(a)ausil.us> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I want to change sudoer on the compose boxes to enable members of
> the releng group to run "sudo cp -l" without a password this is to
> enable easily putting the livecds and disk images in place when
> staging a compose
>
> could I get some +1's please
>
I think I'm -1 to this.
Is this something we can script to constrain which directories to
copy to? It seems like unrestricted cp would allow overwriting any
file on the system. sudo nopasswd would mean that you no longer need
your second factor to authenticate. So that would mean we're down to
releng ssh key passphrases being our only protection for the boxes
which was a previous problem vector.
-Toshio
sudo /usr/bin/cp -l
/mnt/fedora_koji/koji/scratch/$USER/task_*/Fedora*armhfp-$VERSION*raw.xz
$FINALDEST/$VERSION/Images/armhfp/
sudo /usr/bin/cp -l /mnt/fedora_koji/koji/scratch/$USER/task_*/Fedora-i386*$VERSION*raw.xz
$FINALDEST/$VERSION/Images/i386/
sudo /usr/bin/cp -l /mnt/fedora_koji/koji/scratch/$USER/task_*/Fedora-i386*$VERSION*qcow2
$FINALDEST/$VERSION/Images/i386/
sudo /usr/bin/cp -l
/mnt/fedora_koji/koji/scratch/$USER/task_*/Fedora-x86_64*$VERSION*raw.xz
$FINALDEST/$VERSION/Images/x86_64/
sudo /usr/bin/cp -l
/mnt/fedora_koji/koji/scratch/$USER/task_*/Fedora-x86_64*$VERSION*qcow2
$FINALDEST/$VERSION/Images/x86_64/
sudo /usr/bin/cp -l /mnt/fedora_koji/koji/scratch/$USER/task*/*i686*$VERSION*iso
$FINALDEST/$VERSION/Spins/i386/
sudo /usr/bin/cp -l /mnt/fedora_koji/koji/scratch/$USER/task*/*x86_64*$VERSION*iso
$FINALDEST/$VERSION/Spins/x86_64/
is the commands im wanting to run right now.
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
iEYEARECAAYFAlIvSlQACgkQkSxm47BaWfctvACguBv4zuj1iXGHfKqS+x3hZ92R
/VAAn08viyLqcJECW+G1a3UVAMGfLwVC
=4TDn
-----END PGP SIGNATURE-----