Doas authorization for collectd
We put the doas authorization for collectd in the global file and we let it if collectd is not there, because otherwise the authorization would be removed if the base role was run without the collectd role, even if collectd was still running. Collectd would have been broken.
This commit is contained in:
parent
cc80aefac7
commit
ff1f728102
|
@ -2,6 +2,7 @@
|
|||
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_group }}
|
||||
permit nopass root
|
||||
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
||||
permit nopass _collectd as root cmd /bin/cat
|
||||
permit nopass _collectd as root cmd /usr/sbin/bgpctl
|
||||
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_mailq
|
||||
|
|
|
@ -95,12 +95,3 @@
|
|||
when: collectd_plugin_exec_dns_stats
|
||||
tags:
|
||||
- collectd
|
||||
|
||||
- name: Delete doas configuration for dns_stats.sh execution
|
||||
lineinfile:
|
||||
path: /etc/doas.conf
|
||||
line: 'permit nopass _collectd as root cmd /bin/cat'
|
||||
state: absent
|
||||
when: not collectd_plugin_exec_dns_stats
|
||||
tags:
|
||||
- collectd
|
||||
|
|
Loading…
Reference in New Issue