Saturday, December 24, 2011

Interesting job/work life reading

In addition to the plethora of material out there on how to get a better handle on work environments, I found this article to be very apt for encouraging motivation and participation in any cooperative environment.


Tuesday, December 6, 2011

Funny things with Sudo

Sudo, that ever important, pervasive and pita tool that we use to run root commands on our systems. I learned something new about it yesterday - other than how easy it is to incorrectly configure it. It turns out that sudo has a nice facility for testing and showing you what user classes you match in the sudoers file. This turned out to be the key to figuring out why a neat shortcut wasn't working for me. I was trying to configure sudo with the NOPASSWD option so that I didn't have to type in the password every time I wanted to fire up a root command. Something like the following:
This line allows the ivan user to run any command, as any user, on any system, WITHOUT having to type in ivan's password. The problem is that for some reason the system still asked for ivan's password. After a bit of digging, I discovered that the following can be used to figure out which user lines you match in the sudoers file:
sudo -l
Which provides output like the following:
User ivan may run the following commands on this host:
It turns out, there's a line in /etc/sudoers that allows anyone in the wheel group the ability to run commands, as any user, on any system, PROVIDED they type in their password correctly. And that's exactly what we see above, there are two lines that this user matches, since ivan is in the wheel group. To correct this, either allow the wheel group to run with NOPASSWD (not ideal), remove NOPASSWD from ivan's entry (ideal), or remove ivan from the wheel group. Fun!

Thursday, September 15, 2011

GoOSe Project

After working for a few months on this project, we are ready to begin the flood of public announcements. Over the course of the next few weeks, I'll be posting information on the build process. We are using koji for our build infrastructure, which has actually been fairly beneficial for the professional work I've been doing lately. It turns out that plenty of organizations build and manage their own software in rpm form and need it to integrate with EL or other rpm-based linux distro's. So far, koji is the best system for making these custom packages work well with EL, in my opinion. And now, back to building more pkgs.