Allow dev users to sudo cat their apache logs

diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index b5b864ffc633d255e8613fa58f16c75c7a23b811..849830bc24a9876146c4315ec44b44feaf870023 100644 (file)
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -134,6 +134,14 @@ search(:accounts, "*:*").each do |account|
     directory "#{user_home}/public_html"
     variables :user => name, :port => port
   end
+
+  template "/etc/sudoers.d/#{name}" do
+    source "sudoers.user.erb"
+    owner "root"
+    group "root"
+    mode 0440
+    variables :user => name
+  end
 end
 
 if node[:postgresql][:clusters][:"9.3/main"]

diff --git a/cookbooks/dev/templates/default/sudoers.user.erb b/cookbooks/dev/templates/default/sudoers.user.erb
new file mode 100644 (file)
index 0000000..bc432ee
--- /dev/null
+++ b/cookbooks/dev/templates/default/sudoers.user.erb
@@ -0,0 +1,5 @@
+# DO NOT EDIT - This file is being maintained by Chef
+<%= @user %> ALL=(ALL) NOPASSWD: /bin/cat /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log
+<%= @user %> ALL=(ALL) NOPASSWD: /bin/cat /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log.1
+<%= @user %> ALL=(ALL) NOPASSWD: /bin/cat /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
+<%= @user %> ALL=(ALL) NOPASSWD: /bin/cat /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log.1