From 668fb5a0549bf2f03fecf734a01165566e1f4f40 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sun, 31 Mar 2019 21:28:39 -0400 Subject: [PATCH] Add privsep-helper to neutron sudoers file With the new oslo-privsep library, there is now a privsep-helper command that is used to escalate privledges. This command needs to be runnable by the neutron user via sudo without a password. The old rootwrap command is still used as well, so for now we need to have both. Change-Id: I8e9743da3e51e71a113d958c22007cf54aa17fc4 --- templates/sudoers.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 index 10cc6ea9..1b134eac 100644 --- a/templates/sudoers.j2 +++ b/templates/sudoers.j2 @@ -5,3 +5,4 @@ Defaults:{{ neutron_system_user_name }} secure_path="{{ neutron_bin }}:/usr/loca {{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap {{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap-daemon +{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/privsep-helper