Sudoers interface should provide an option for ALL
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	coren
	Jul 30 2014, 1:29 AM

Description

Currently, the sudoers per-project interface allows creation of sudo rules with individual users or "all project users" as targets. There is no provision for a "ALL" target as project admins may wish to use.

Adding this option should be fairly trivial.

Version: unspecified
Severity: normal

Details

Reference: bz68834

Event Timeline

• bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:34 AM

• bzimport added a project: wikitech.wikimedia.org.

• bzimport set Reference to bz68834.

coren created this task.Jul 30 2014, 1:29 AM

What is an example of a user who is a member of ALL yet not a member of 'all project users'?

All system users?

Also, 'all project users' excludes root. :-)

Having sudo policies in ldap doesn't preclude setting up sudo policies directly on the box... To the extent that system users are puppetized, it seems like their sudo policy should derive from puppet as well.

Oh, my mistake, I misunderstood what we meant by 'target' here. This makes sense after all :)

https://gerrit.wikimedia.org/r/#/c/153723

Change 153723 had a related patch set uploaded by Tim Landscheidt:
Replace support for 'ALL' in the 'Allow running as' sudo column.

https://gerrit.wikimedia.org/r/153723

• Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:58 PM

Restricted Application added a project: Cloud-Services. · View Herald TranscriptJun 7 2017, 6:58 PM

Sudoers interface should provide an option for ALLClosed, ResolvedPublicActions

Description

Details

Event Timeline

Sudoers interface should provide an option for ALL
Closed, ResolvedPublic
Actions