Custom Query (894 matches)


Show under each result:

Results (91 - 93 of 894)

Ticket Owner Reporter Resolution Summary
#604 desai [email protected] wontfix Extend the functionality of the Account Plugin

The Account Plugin is a great theory but currently only supports a very specific setup. I believe if it can be extended in the following ways it could become a powerful tool for most environments

I will leave the specific files alone here and just outline what I think should be available to the end user as configurable options.

1) Most environments can not allowed direct ssh as root for security compliance reasons

  • A "superuser" should useradd to all boxes if not there
  • should have ssh key installed in /home/user/.ssh/authorized keys if a key for that user exists
  • should be added to the wheel group

2) normal user should

  • be useradd'ed to a list of defined boxes
  • have ssh key installed in /home/user/.ssh/authorized_keys

3) Sudo

  • Some shops don't like su'ing to root thus they don't need to be in the wheel group They might implement root level acess via sudo.
  • some users (dev guys for example) may need sudo access to start/stop apache for example it would be nice if you could config the sudoers file on a per user, per hosts basis to give access to limited sets of defined commands to users on the boxes they need that access on.

Pipe Dream (not sure how to do this but it would be cool)

Many shops use SSH's AllowUser? config directive in the /etc/ssh/sshd_config to limit who can even auth from an SSH level. Depending on how many different systems different groups of people might need access to you may have to maintain many files in our Cfg/ dir. Not sure if this plugin could add to that config on box based on what boxes users have access to and then be tied into a ssh service reload to make the changes take effect.

#612 desai dclark wontfix bcfg2-repo-validate -v complains if a bundle is in SGenshi instead of Bundler
[email protected]:/var/lib/bcfg2# bcfg2-repo-validate -v
/var/lib/bcfg2/Metadata/clients.xml checks out
/var/lib/bcfg2/Metadata/groups.xml checks out

*** Warning: Bundle /var/lib/bcfg2/Bundler/bundle-bcfg2-server.xml referenced, but does not exist.

[email protected]:/var/lib/bcfg2# cat SGenshi/bundle-bcfg2-server.xml
<Bundle name='bundle-bcfg2-server'>
    <ConfigFile name='/var/lib/bcfg2/Metadata/clients.xml'/>
#629 desai tousigna wontfix Environment variable need to be carried to the package manager

The old behavior of bcfg2 did permit us to do an Action to set en environment variable in the execution of bcfg2. But since every execution turned to be done in a child process the Action do not work anymore.

Then for an <Action timing='pre' name='sudo_force_remove' when='modified' status='check' command="export SUDO_FORCE_REMOVE=yes" /> to be executed as expected i suggest to put a sub-tag to the package/Action/* named <Environment name="..." />

so the action here would be replaced to

<Package name='sudo-ldap'>
    <Environment name='sudo_force_remove' />

and the rules would need also a counter-part as of

<Environment name='sudo_force_remove' pair='SUDO_FORCE_REMOVE=yes' />
Note: See TracQuery for help on using queries.