diff options
author | Holger Levsen <holger@layer-acht.org> | 2016-04-28 21:28:15 +0200 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2016-04-28 21:28:15 +0200 |
commit | 1e096b9b0ffbab56787af481e92a163c0b17cb42 (patch) | |
tree | bed0e877d71f91750079d771565d028ef247e707 /hosts/profitbricks-build4-amd64/etc/sudoers.d | |
parent | e0c5a2da13ba9c6291c3ad48b73b8bf00af29556 (diff) | |
download | jenkins.debian.net-1e096b9b0ffbab56787af481e92a163c0b17cb42.tar.xz |
reproducible openwrt/coreboot/archlinux/fedora/netbsd/freebsd: add new pb-build4-amd64 node
Diffstat (limited to 'hosts/profitbricks-build4-amd64/etc/sudoers.d')
-rw-r--r-- | hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins | 19 | ||||
-rw-r--r-- | hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm | 7 |
2 files changed, 26 insertions, 0 deletions
diff --git a/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins new file mode 100644 index 00000000..fa4778f6 --- /dev/null +++ b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins @@ -0,0 +1,19 @@ +jenkins ALL= \ + NOPASSWD: /usr/sbin/debootstrap *, \ + /usr/bin/tee /schroots/*, \ + /usr/bin/tee -a /schroots/*, \ + /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \ + /bin/chmod +x /schroots/*, \ + /usr/sbin/chroot /schroots/*, \ + /bin/rm -rf --one-file-system /schroots/*, \ + /bin/rm -rf --one-file-system /srv/live-build/*, \ + /bin/mv /schroots/* /schroots/*, \ + /bin/umount -l /schroots/*, \ + /bin/mount --bind *, \ + /usr/bin/killall timeout, \ + /usr/sbin/slay 1111, \ + /usr/sbin/slay 2222, \ + /usr/sbin/slay jenkins + +# keep these environment variables +Defaults env_keep += "http_proxy", env_reset diff --git a/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm new file mode 100644 index 00000000..3c357be2 --- /dev/null +++ b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm @@ -0,0 +1,7 @@ +# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner +# of jenkins script) and the jenkins user itself +%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL +%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL +# allow jenkins-adm to run everything as root +%jenkins-adm ALL= NOPASSWD: ALL + |