I'm sorry, I have only checked using EL with CentOS Stream repos Regards Francesco Di Nucci On 13/06/24 12:43, Thomas Goirand wrote:
On 6/13/24 09:48, Francesco Di Nucci wrote:
Hello,
I was reviewing the sudoers entries I'm using for rootwrap (https://wiki.openstack.org/wiki/Rootwrap) and I was wondering - would it be possible to sudoers config in the packages?
Maybe as files to be placed in /etc/sudoers.d, especially as apart from Nova the usage is not well documented, and I had to use kolla's files as examples
Best regards
Francesco Di Nucci
Hi Francesco,
I'm not sure for what distribution you're talking about, but at least in Debian, each package that needs it has a /etc/sudoers.d file. For example, in a compute node, you'll get:
- ceph-smartctl - cinder-common - neutron_sudoers - nova-common
For example, the Neutron one contains:
# cat neutron_sudoers Defaults:neutron !requiretty
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
I hope this helps, Cheers,
Thomas Goirand (zigo)