openstack
/
tripleo-common
Code Issues Proposed changes

Fix chown command in sudoers file 

The tripleo-common sudoers file allows an owner change on the
validations identity file. The command is only allowed with the `-h`
option, but this option isn't used everywhere in the code. This breaks
validation runs started through Mistral.

This patch changes the tripleo-common sudoers file to allow the chmod
command with and without the `-h` option.

Change-Id: I8770fc356a46a7a13ba3823a5d157104d08c087a
Closes-Bug: #1716625
(cherry picked from commit 57c9bda9bd)
This commit is contained in:
Florian Fuchs 2017-09-12 15:50:18 +02:00 committed by Ben Nemec
parent 14abf47b57
commit 3d66de50b6
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sudoers
View File

@ -3,6 +3,7 @@ Defaults:validations !requiretty
Defaults:mistral !requiretty
mistral ALL = (validations) NOPASSWD:SETENV: /usr/bin/run-validation
mistral ALL = NOPASSWD: /usr/bin/chown -h validations\: /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
/usr/bin/chown validations\: /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
!/usr/bin/chown /tmp/validations_identity_* *, !/usr/bin/chown /tmp/validations_identity_*..*
mistral ALL = NOPASSWD: /usr/bin/rm -f /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
!/usr/bin/rm /tmp/validations_identity_* *, !/usr/bin/rm /tmp/validations_identity_*..*