Bug 1304385
| Summary: | [RFE] sosreport should provide a sudoers.d file example for user that do not what to use root. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Yaniv Lavi <ylavi> |
| Component: | sos | Assignee: | Pavel Moravec <pmoravec> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | agk, alonbl, bmr, bugs, didi, gavin, iheim, lveyde, plambri, pstehlik, rbalakri, Rhev-m-bugs, rmartins, sbonazzo, sbradley, stirabos, yeylon, ylavi |
| Target Milestone: | rc | Keywords: | FutureFeature, Improvement, Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-03 15:15:52 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 995735 | ||
|
Description
Yaniv Lavi
2016-02-03 13:11:44 UTC
If this is for RHEV's use it would need to be dropped in by one of the RHEV-specific configuration packages - sudoers.d is for the site administrator's use: we cannot make this sort of change in RHEL packages as we cannot force this kind of policy decision onto end users. (In reply to Bryn M. Reeves from comment #2) > If this is for RHEV's use it would need to be dropped in by one of the > RHEV-specific configuration packages - sudoers.d is for the site > administrator's use: we cannot make this sort of change in RHEL packages as > we cannot force this kind of policy decision onto end users. Can you provide a example of what is needed in the sudoers file to not fail without needing to reverse engineer this? It's not a RHEV requirement to not use root for sosreport, this is coming from many customers. I'll rephrase the RFE. > Can you provide a example of what is needed in the sudoers file to not fail
> without needing to reverse engineer this?
Not really: you nuked the entire bug template so I don't actually know what problem you are having. If you can explain what is failing for you and what changes you have made we might be able to help - as far as I know sudoers.d uses the syntax described in sudoers(5).
The sosreport command "supports" sudo in the same way as any other program requiring root privileges - you just prefix it with 'sudo' - I am not aware of any need or requirement for applications to configure themselves for sudo use via sudoers.d. I use sos via sudo all the time without modifying this directory.
(In reply to Bryn M. Reeves from comment #5) > > Can you provide a example of what is needed in the sudoers file to not fail > > without needing to reverse engineer this? > > Not really: you nuked the entire bug template so I don't actually know what > problem you are having. If you can explain what is failing for you and what > changes you have made we might be able to help - as far as I know sudoers.d > uses the syntax described in sudoers(5). > > The sosreport command "supports" sudo in the same way as any other program > requiring root privileges - you just prefix it with 'sudo' - I am not aware > of any need or requirement for applications to configure themselves for sudo > use via sudoers.d. I use sos via sudo all the time without modifying this > directory. The goal is to allow using the tool without root and only specifying some commands in root context. See bug #995735 and #1085907. Just configure and use sudo as required for RHEV's needs. This is a confiuration problem - it does not need any changes in sos. (In reply to Bryn M. Reeves from comment #7) > Just configure and use sudo as required for RHEV's needs. This is a > confiuration problem - it does not need any changes in sos. It does need changes if you don't want to give unlimited root access to the user. Can you provide this for the default plugins based on tools those plugin require? Please provide some actual examples of what you are requesting, or the missing template sections. Configuring sudo is the responsibility of the system administrator. If you want to provide a pre-configured set up in certain products that is fine but sos will not be including this. We have a long term plan to add authenticated access via Dbus and polkit - if you want to help you are more than welcome to contribute to that upstream so that we can see the results sooner in Red Hat products. Otherwise I am going to close this bug again as it seems it's just a request to move your team's problem to another group. |