Cmnd_Alias P4_SVC = /usr/bin/systemctl start node_exporter, \ /usr/bin/systemctl stop node_exporter, \ /usr/bin/systemctl restart node_exporter, \ /usr/bin/systemctl status node_exporter, \ /usr/bin/systemctl cat node_exporter, \ /usr/bin/systemctl enable node_exporter, \ /usr/bin/systemctl disable node_exporter, \ /usr/bin/systemctl is-enabled node_exporter, \ /usr/bin/systemctl start p4d_*, \ /usr/bin/systemctl stop p4d_*, \ /usr/bin/systemctl restart p4d_*, \ /usr/bin/systemctl status p4d_*, \ /usr/bin/systemctl cat p4d_*, \ /usr/bin/systemctl enable p4d_*, \ /usr/bin/systemctl disable p4d_*, \ /usr/bin/systemctl is-enabled p4d_*, \ /usr/bin/systemctl start p4dtg_*, \ /usr/bin/systemctl stop p4dtg_*, \ /usr/bin/systemctl restart p4dtg_*, \ /usr/bin/systemctl status p4dtg_*, \ /usr/bin/systemctl cat p4dtg_*, \ /usr/bin/systemctl enable p4dtg_*, \ /usr/bin/systemctl disable p4dtg_*, \ /usr/bin/systemctl is-enabled p4dtg_*, \ /usr/bin/systemctl start p4broker_*, \ /usr/bin/systemctl stop p4broker_*, \ /usr/bin/systemctl restart p4broker_*, \ /usr/bin/systemctl status p4broker_*, \ /usr/bin/systemctl cat p4broker_*, \ /usr/bin/systemctl enable p4broker_*, \ /usr/bin/systemctl disable p4broker_*, \ /usr/bin/systemctl is-enabled p4broker_*, \ /usr/bin/systemctl start p4p_*, \ /usr/bin/systemctl stop p4p_*, \ /usr/bin/systemctl restart p4p_*, \ /usr/bin/systemctl status p4p_*, \ /usr/bin/systemctl cat p4p_*, \ /usr/bin/systemctl enable p4p_*, \ /usr/bin/systemctl disable p4p_*, \ /usr/bin/systemctl is-enabled p4p_*, \ /usr/bin/systemctl start p4prometheus, \ /usr/bin/systemctl stop p4prometheus, \ /usr/bin/systemctl restart p4prometheus, \ /usr/bin/systemctl status p4prometheus, \ /usr/bin/systemctl cat p4prometheus, \ /usr/bin/systemctl enable p4prometheus, \ /usr/bin/systemctl disable p4prometheus, \ /usr/bin/systemctl is-enabled p4prometheus, \ /usr/bin/systemctl start helix-auth, \ /usr/bin/systemctl stop helix-auth, \ /usr/bin/systemctl restart helix-auth, \ /usr/bin/systemctl status helix-auth, \ /usr/bin/systemctl cat helix-auth, \ /usr/bin/systemctl enable helix-auth, \ /usr/bin/systemctl disable helix-auth, \ /usr/bin/systemctl is-enabled helix-auth, \ /usr/bin/lslocks, \ /usr/bin/getcap, \ /usr/bin/setcap, \ /usr/sbin/setcap, \ /usr/sbin/getcap, \ /sbin/getcap, \ /sbin/setcap, \ /bin/getcap, \ /bin/setcap __OSUSER__ __HOSTNAME__ = (root) NOPASSWD: P4_SVC
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#11 | 30274 | C. Thomas Tyler |
Modified through swarm. #review-30275 Added lslocks. |
||
#10 | 30193 | C. Thomas Tyler |
Added management for helix-auth service. Removed '*' from p4prometheus service. |
||
#9 | 29836 | C. Thomas Tyler | Added node_exporter to list of services managed. | ||
#8 | 29752 | C. Thomas Tyler | Accounted for more possible locations of setcap/getcap. | ||
#7 | 29750 | C. Thomas Tyler |
Adjusted limited sudoers to account for varying locations of getcap and setcap utilities. #review-29751 @neal_firth |
||
#6 | 29723 | C. Thomas Tyler |
Added more systemclt commands; the commands supported are now: * start * stop * restart * status * cat * enable * disable * is-enabled |
||
#5 | 29628 | Andy Boutte | Fixing sudoer syntax in perforce_sudoers.t template file #review-29629 | ||
#4 | 29616 | C. Thomas Tyler |
Added setcap and getcap to sudoers template, to allow enabling OOM killer protection for p4d in 2023.1 |
||
#3 | 29075 | C. Thomas Tyler | Added 'systemctl cat' for p4* services to list of limited sudoers commands. | ||
#2 | 28672 | Andy Boutte | Allow restart when in limited sudo mode #review-28673 | ||
#1 | 27374 | C. Thomas Tyler | Added '-ls' (limited sudo) option. |