Make the push tool be able to be run without sudo

fedora-infra / bodhi

Bodhi is a web-system that facilitates the process of publishing updates for a Fedora-based software distribution.

https://bodhi.fedoraproject.org

GNU General Public License v2.0

152 stars 195 forks source link

Make the push tool be able to be run without sudo #463

Open ralphbean opened 9 years ago

ralphbean commented 9 years ago

Right now, we have to sudo as the masher to run the push-tool. It would be cool if we didn't have to.

What are the things standing in the way right now? What things does the push-tool need access to?

lmacken commented 9 years ago

The tools needs access to the fedmsg certs, and the bodhi.notifications module needs access to bodhi.config (/etc/bodhi/production.ini) in order to see if fedmsg support should be enabled or not.

ralphbean commented 9 years ago

Cool. How about we:

Make /etc/bodhi/production.ini owned by masher:releng.
Make /etc/pki/fedmsg/whateverthekeyiscalled owned by masher:releng

It also needs read access to the MASHING-* files.. but it looks like those are world readable.

lmacken commented 9 years ago

Sounds good to me.