integ: Convert wrsroot -> sysadmin
This also changes the group wrs_protected to sys_protected to de-brand the user and group names. Depends-On: I887464a20fc17d66529caea03be2b445156f9426 Change-Id: Ic2ea06d3ac15c31854a604af5f4cecf9094fcaea Story: 2004716 Task: 28748 Signed-off-by: Saul Wold <sgw@linux.intel.com>
This commit is contained in:
Saul Wold
parent
39c99f7b7c
commit
2bd5399bdc
|
|
@ -1,2 +1,2 @@
|
|||
COPY_LIST="files/*"
|
||||
TIS_PATCH_VER=0
|
||||
TIS_PATCH_VER=1
|
||||
|
|
|
|||
|
|
@ -12,26 +12,25 @@ Group: base
|
|||
Packager: StarlingX
|
||||
URL: unknown
|
||||
|
||||
Source0: wrs.sudo
|
||||
Source0: sysadmin.sudo
|
||||
Source1: LICENSE
|
||||
|
||||
%define WRSROOT_P cBglipPpsKwBQ
|
||||
%define SYSADMIN_P 4SuW8cnXFyxsk
|
||||
|
||||
%description
|
||||
StarlingX sudo configuration file
|
||||
|
||||
%install
|
||||
install -d %{buildroot}/%{_sysconfdir}/sudoers.d
|
||||
install -m 440 %{SOURCE0} %{buildroot}/%{_sysconfdir}/sudoers.d/wrs
|
||||
install -m 440 %{SOURCE0} %{buildroot}/%{_sysconfdir}/sudoers.d/sysadmin
|
||||
|
||||
%pre
|
||||
getent group wrs >/dev/null || groupadd -r wrs
|
||||
getent group wrs_protected >/dev/null || groupadd -f -g 345 wrs_protected
|
||||
getent passwd wrsroot > /dev/null || \
|
||||
useradd -m -g wrs -G root,wrs_protected \
|
||||
-d /home/wrsroot -p %{WRSROOT_P} \
|
||||
-s /bin/sh wrsroot 2> /dev/null || :
|
||||
getent group sys_protected >/dev/null || groupadd -f -g 345 sys_protected
|
||||
getent passwd sysadmin > /dev/null || \
|
||||
useradd -m -g sys_protected -G root \
|
||||
-d /home/sysadmin -p %{SYSADMIN_P} \
|
||||
-s /bin/sh sysadmin 2> /dev/null || :
|
||||
|
||||
%files
|
||||
%license ../SOURCES/LICENSE
|
||||
%config(noreplace) %{_sysconfdir}/sudoers.d/wrs
|
||||
%config(noreplace) %{_sysconfdir}/sudoers.d/sysadmin
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
##
|
||||
## User privilege specification
|
||||
##
|
||||
sysadmin ALL=(ALL) ALL
|
||||
sysadmin ALL=(root) NOPASSWD: /usr/bin/config_controller
|
||||
sysadmin ALL=(root) NOPASSWD: /usr/bin/config_region
|
||||
sysadmin ALL=(root) NOPASSWD: /usr/bin/config_subcloud
|
||||
sysadmin ALL=(root) NOPASSWD: /usr/bin/config_management
|
||||
sysadmin ALL=(root) NOPASSWD: /usr/local/sbin/collect
|
||||
|
||||
Defaults lecture=never, secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
|
||||
Defaults passprompt="Password: "
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
##
|
||||
## User privilege specification
|
||||
##
|
||||
wrsroot ALL=(ALL) ALL
|
||||
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_controller
|
||||
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_region
|
||||
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_subcloud
|
||||
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_management
|
||||
wrsroot ALL=(root) NOPASSWD: /usr/local/sbin/collect
|
||||
|
||||
Defaults lecture=never, secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
|
||||
Defaults passprompt="Password: "
|
||||
|
|
@ -25,18 +25,18 @@ d /run/log 0755 root root -
|
|||
z /run/log/journal 2755 root systemd-journal - -
|
||||
Z /run/log/journal/%m ~2750 root systemd-journal - -
|
||||
|
||||
a+ /run/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
A+ /run/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
a+ /run/log/journal/%m - - - - d:group:sys_protected:r-x,d:group:wheel:r-x
|
||||
A+ /run/log/journal/%m - - - - group:sys_protected:r-x,group:wheel:r-x
|
||||
|
||||
z /var/log/journal 2755 root systemd-journal - -
|
||||
z /var/log/journal/%m 2755 root systemd-journal - -
|
||||
z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
|
||||
|
||||
a+ /var/log/journal - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
a+ /var/log/journal - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
|
||||
a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
|
||||
a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r--
|
||||
a+ /var/log/journal - - - - d:group:sys_protected:r-x,d:group:wheel:r-x
|
||||
a+ /var/log/journal - - - - group:sys_protected:r-x,group:wheel:r-x
|
||||
a+ /var/log/journal/%m - - - - d:group:sys_protected:r-x,d:group:wheel:r-x
|
||||
a+ /var/log/journal/%m - - - - group:sys_protected:r-x,group:wheel:r-x
|
||||
a+ /var/log/journal/%m/system.journal - - - - group:sys_protected:r--,group:wheel:r--
|
||||
|
||||
d /var/lib/systemd 0755 root root -
|
||||
d /var/lib/systemd/coredump 0755 root root 3d
|
||||
|
|
|
|||
Loading…
Reference in New Issue