diff options
Diffstat (limited to 'hosts/profitbricks-build9-amd64/etc/sudoers.d')
-rw-r--r-- | hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins | 12 | ||||
-rw-r--r-- | hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins-adm | 7 |
2 files changed, 19 insertions, 0 deletions
diff --git a/hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins b/hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins new file mode 100644 index 00000000..a2d8890b --- /dev/null +++ b/hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins @@ -0,0 +1,12 @@ +jenkins ALL= \ + NOPASSWD: /usr/sbin/debootstrap *, \ + /usr/sbin/chroot /chroots/*, \ + /bin/rm -rf --one-file-system /chroots/*, \ + /bin/umount -l /chroots/*, \ + /usr/bin/killall timeout, \ + /usr/sbin/slay 1111, \ + /usr/sbin/slay 2222, \ + /usr/sbin/slay jenkins + +# keep these environment variables +Defaults env_keep += "http_proxy", env_reset diff --git a/hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins-adm b/hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins-adm new file mode 100644 index 00000000..3c357be2 --- /dev/null +++ b/hosts/profitbricks-build9-amd64/etc/sudoers.d/jenkins-adm @@ -0,0 +1,7 @@ +# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner +# of jenkins script) and the jenkins user itself +%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL +%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL +# allow jenkins-adm to run everything as root +%jenkins-adm ALL= NOPASSWD: ALL + |