rawhide, /mnt/koji and /pub/fedora

Jeroen van Meeuwen kanarip at kanarip.com
Thu Aug 28 09:57:50 UTC 2008

Nigel Jones wrote:
> On Wed, 2008-08-27 at 21:52 -0700, Jesse Keating wrote:
>> On Wed, 2008-08-27 at 21:44 -0700, Jesse Keating wrote:
>>> Comments?
>> One comment just made on IRC by G:
>> <G> f13: can't be allow masher to sudo to ftpsync and run a sync
>> command?
> G = $me :)
>> We would have to allow masher to sudo with no password in order to run
>> the rsync command.  I'm not sure how far we can narrow it down since the
>> rsync source changes each day, only the dest (and other options) remain
>> the same.
> Why not something like:
> sudo /usr/local/bin/rawhideftpsync.sh <random bit>
> that runs: rsync ...<normal path>.<random bit> ...
> Just a thought.

You could configure sudoers to allow the masher user to only be able to 
execute whatever it sudo's as the ftpsync user:

masher hostname.domain.tld=(ftpsync) NOPASSWD: rsync $rsync_opts 
foo.<wildcardmatch-source> bar

Does that narrow it down sufficiently?

Kind regards,

Jeroen van Meeuwen

More information about the Fedora-infrastructure-list mailing list