Date: Wed, 29 Jan 2014 17:05:58 -0500 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: =?ISO-8859-2?Q?=A3ukasz_W=B1sikowski?= <lukasz@wasikowski.net> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: best way to add www to wheel Message-ID: <CAGBxaXnhh4uTbEUYFwCDdsoqdBBHc%2B6w8-dC9Emfbk_D%2BwHJHw@mail.gmail.com> In-Reply-To: <52E9757F.4050506@wasikowski.net> References: <CAGBxaX=ks3kAfDT6rvzgJcDj8Bs7DPvSRcjJWMoa%2BF9U1qx7tw@mail.gmail.com> <52E9713F.9040508@callfortesting.org> <CAGBxaX=-bh22QfT5ww-Z%2BQ7rkisjiG60H%2BBu64Oh50uQ1DqNTQ@mail.gmail.com> <52E9757F.4050506@wasikowski.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Only issue with that is when I asked a few months ago how to -ports@ how to make the port edit sudoers the idea was universally shot down (then it was to add it to do it for the default %WHEEL NOPASSWD entry and it was before petitecloud was password protected [it is this criticism that lead to the password protection in the first place) On Wed, Jan 29, 2014 at 4:41 PM, =A3ukasz W=B1sikowski <lukasz@wasikowski.n= et>wrote: > W dniu 2014-01-29 22:26, Aryeh Friedman pisze: > > > Cross post on purpose because people on -virtualization@ are likely mor= e > > familur with bhyve and it's requirements as well knowing what petiteclo= ud > > is and what it needs to do (the whole issue is without adding www to > wheel > > start/stop do not work from the webui) > > Use security/sudo, maybe with config similar to this this: > > Cmnd_Alias PETITECLOUD =3D /usr/sbin/service petitecloud stop, > /usr/sbin/service petitecloud start, /usr/sbin/service petitecloud restar= t > www ALL=3D(ALL) NOPASSWD: PETITECLOUD > > This way user www can run sudo /usr/sbin/service petitecloud > (stop|start|restart) as root (and only those exact commands with those > exact parameters). It's a "little" bit safer than your approach which is > huge security hole. > > -- > best regards, > Lukasz Wasikowski > --=20 Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaXnhh4uTbEUYFwCDdsoqdBBHc%2B6w8-dC9Emfbk_D%2BwHJHw>