From 9ccd3bc1202498c6c940409aa65124b68ecda735 Mon Sep 17 00:00:00 2001 From: Mattia Rizzolo Date: Thu, 9 Apr 2015 01:34:42 +0200 Subject: new jenkins-adm user+group and new permissions for its members * new user jenkins-adm and new group jenkins-adm * create users and groupp in update_jdn.sh * files under /srv/jenkins/bin are now jenkins-adm:jenkins-adm, instead of root * jenkins-specific apache config is now jenkins-adm:jenkins-adm, instead of root * users in the jenkins-adm group can sudo to the jenkins-adm and jenkins users, so its members can actually admin jenkins without passing/being root --- etc/sudoers.d/jenkins-adm | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 etc/sudoers.d/jenkins-adm (limited to 'etc/sudoers.d/jenkins-adm') diff --git a/etc/sudoers.d/jenkins-adm b/etc/sudoers.d/jenkins-adm new file mode 100644 index 00000000..5cee89f0 --- /dev/null +++ b/etc/sudoers.d/jenkins-adm @@ -0,0 +1,4 @@ +# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner +# of jenkins script) and the jenkins user itself +%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL +%jenkins-adm ALL=(jenkins-amd:jenkins-adm) NOPASSWD: ALL -- cgit v1.2.3-70-g09d2