[SAC] Projects VM group/user access
christopher.schmidt at nokia.com
christopher.schmidt at nokia.com
Mon Jul 19 10:41:28 EDT 2010
Frank asked me about group setup on the projects VM. I sent an
earlier email about this, but didn't follow up.
This is the approach I would like to follow. Please either give a
+1 or some negative feedback if you feel it won't work.
A basic summary of the approach I was trying to follow for a new
project:
1. sudo createuser $project_name ; this gives a user + group
2. sudo addgroup group_member $project_name
3. Editing /etc/sudoers to give members of the group passwordless
sudo access to the group user
Basically, this would let anyone who is in the gdal group
sudo as the user gdal (but not sudo to root) so that anything
owned by gdal (or needing to be done by gdal, like cronjobs) could
do it without permission problems.
Then, one user from the group (preferably someone already in SAC, but
the project could pick one if they don't have anyone) would get 'real'
sudo access. That user would be the one the group would go to for things
like apache config changes, While anyone in the group would have the
ability to change things like files specific to the project, etc.
Please provide feedback :)
Regards,
--
Christopher Schmidt
Nokia
More information about the Sac
mailing list