From e873a471eb6f2311dc4aab6362949f453ce917a9 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 6 Jul 2013 14:40:27 +0100 Subject: [PATCH] Make the replication service sudo to www-data to expire tiles --- cookbooks/tile/recipes/default.rb | 7 +++++++ cookbooks/tile/templates/default/replicate.erb | 2 +- cookbooks/tile/templates/default/sudoers.erb | 4 ++++ 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 cookbooks/tile/templates/default/sudoers.erb diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb index bb7459ece..190aed4a1 100644 --- a/cookbooks/tile/recipes/default.rb +++ b/cookbooks/tile/recipes/default.rb @@ -367,6 +367,13 @@ template "/usr/local/bin/expire-tiles" do mode 0755 end +template "/etc/sudoers.d/tile" do + source "sudoers.erb" + owner "root" + group "root" + mode 0440 +end + directory "/var/lib/replicate" do owner "tile" group "tile" diff --git a/cookbooks/tile/templates/default/replicate.erb b/cookbooks/tile/templates/default/replicate.erb index f996afb04..5d940375b 100644 --- a/cookbooks/tile/templates/default/replicate.erb +++ b/cookbooks/tile/templates/default/replicate.erb @@ -59,7 +59,7 @@ do <% end -%> # Expire tiles which are touched by the changes - /usr/local/bin/expire-tiles ${file} > /dev/null 2>&1 & + sudo -u www-data /usr/local/bin/expire-tiles ${file} > /dev/null 2>&1 & fi # Delete old downloads diff --git a/cookbooks/tile/templates/default/sudoers.erb b/cookbooks/tile/templates/default/sudoers.erb new file mode 100644 index 000000000..90db9cd73 --- /dev/null +++ b/cookbooks/tile/templates/default/sudoers.erb @@ -0,0 +1,4 @@ +# DO NOT EDIT - This file is being maintained by Chef + +# Allow the replication service to expire tiles +tile ALL=(www-data) NOPASSWD: /usr/local/bin/expire-tiles -- 2.43.2