diff options
| author | Holger Levsen <holger@layer-acht.org> | 2016-03-25 14:04:17 -0400 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2016-03-25 14:04:17 -0400 |
| commit | d4a521c6aadfb2b86d8a278d8d850050d14315ee (patch) | |
| tree | d33fce16704be09d60892a3c33764912ce0e4c8d /hosts/profitbricks-build2-i386/etc/sudoers.d | |
| parent | c4e034a518e8d034a2fa5d9127579d774e8f6e79 (diff) | |
| download | jenkins.debian.net-d4a521c6aadfb2b86d8a278d8d850050d14315ee.tar.xz | |
reproducible debian: pb-build2+6-amd64 have been reinstalled and renamed to pb-build2+6-i386
Diffstat (limited to 'hosts/profitbricks-build2-i386/etc/sudoers.d')
| -rw-r--r-- | hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins | 53 | ||||
| -rw-r--r-- | hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins-adm | 7 |
2 files changed, 60 insertions, 0 deletions
diff --git a/hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins b/hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins new file mode 100644 index 00000000..b3e138e3 --- /dev/null +++ b/hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins @@ -0,0 +1,53 @@ +jenkins ALL= \ + NOPASSWD: /usr/sbin/debootstrap *, \ + /usr/bin/tee /schroots/*, \ + /usr/bin/tee -a /schroots/*, \ + /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \ + /bin/chmod +x /schroots/*, \ + /usr/sbin/chroot /schroots/*, \ + /usr/sbin/chroot /chroots/*, \ + /usr/sbin/chroot /media/*, \ + /bin/ls -la /media/*, \ + /bin/rm -rf --one-file-system /chroots/*, \ + /bin/rm -rf --one-file-system /schroots/*, \ + /bin/rm -rf --one-file-system /srv/live-build/*, \ + /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \ + /bin/cp -v *.iso /srv/live-build/results/*, \ + /bin/mv /chroots/* /schroots/*, \ + /bin/mv /schroots/* /schroots/*, \ + /bin/umount -l /chroots/*, \ + /bin/umount -l /schroots/*, \ + /bin/umount -l /media/*, \ + /bin/rmdir /media/*, \ + /bin/mount -o loop*, \ + /bin/mount --bind *, \ + /usr/bin/du *, \ + /bin/kill *, \ + /usr/bin/file *, \ + /bin/dd if=/dev/zero of=/dev/jenkins*, \ + /usr/bin/qemu-system-x86_64 *, \ + /usr/bin/qemu-img *, \ + /sbin/lvcreate *, /sbin/lvremove *, \ + /bin/mkdir -p /media/*, \ + /usr/bin/guestmount *, \ + /bin/cp -rv /media/*, \ + /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\ + SETENV: NOPASSWD: /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k 12.1h 12h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k 12.1h 12h /usr/bin/ionice -c 3 /usr/bin/nice /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \ + /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \ + /bin/rm /var/cache/pbuilder/*base*.tgz, \ + /bin/rm -v /var/cache/pbuilder/*base*.tgz, \ + /bin/rm /var/cache/pbuilder/result/*, \ + /usr/bin/dcmd rm *.changes, \ + /usr/bin/dcmd rm *.dsc, \ + /usr/bin/apt-get update, \ + /usr/bin/killall timeout, \ + /usr/sbin/slay 1111, \ + /usr/sbin/slay 2222, \ + /usr/sbin/slay jenkins + +# keep these environment variables +Defaults env_keep += "http_proxy", env_reset diff --git a/hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins-adm b/hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins-adm new file mode 100644 index 00000000..3c357be2 --- /dev/null +++ b/hosts/profitbricks-build2-i386/etc/sudoers.d/jenkins-adm @@ -0,0 +1,7 @@ +# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner +# of jenkins script) and the jenkins user itself +%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL +%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL +# allow jenkins-adm to run everything as root +%jenkins-adm ALL= NOPASSWD: ALL + |