tools-login
Closed, DeclinedPublic
Actions

Assigned To

Authored By

	scfc
	Feb 6 2014, 2:22 AM

Description

Those seem to have been created April 2013 and earlier; they should be removed as to not confuse the upcoming tool usernames change.

Version: unspecified
Severity: normal

Details

Reference: bz60937

Event Timeline

• bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:00 AM

• bzimport added a project: Toolforge.

• bzimport set Reference to bz60937.

scfc created this task.Feb 6 2014, 2:22 AM

Deleted /data/project/.system/sudoers; all entries also in LDAP.

... and /etc/sudoers.d/tools-{dev,login} (configuration for the above to work on the respective hosts) as well.

(In reply to comment #1)

Deleted /data/project/.system/sudoers; all entries also in LDAP.

Yes, but only as rules for the new service group system; no old ones, and so broke "become" for the affected tools.

I'll diff [[wikitech:Special:NovaServiceGroup]] and [[wikitech:Special:NovaSudoer]] to create a list of affected tools, deploy a hot fix to /etc/sudoers.d and submit a change to Puppet.

List of affected tools:

afcbot
anagrimes
csbot
daahbot
ftl
legobot
matilda
wiktioutils

/etc/sudoers.d/tools-ldap-fix deployed to all Tools nodes.

Change 112666 had a related patch set uploaded by Tim Landscheidt:
Tools: Work around missing LDAP sudo rules

https://gerrit.wikimedia.org/r/112666

Change 112666 abandoned by Tim Landscheidt:
Tools: Work around missing LDAP sudo rules

Reason:
In eqiad no longer necessary.

https://gerrit.wikimedia.org/r/112666

Remove remnant /data/project/.system/sudoers and /etc/sudoers.d/tools-loginClosed, DeclinedPublicActions

Description

Details

Event Timeline

Remove remnant /data/project/.system/sudoers and /etc/sudoers.d/tools-login
Closed, DeclinedPublic
Actions