On 6/13/24 09:48, Francesco Di Nucci wrote: > Hello, > > I was reviewing the sudoers entries I'm using for rootwrap > (https://wiki.openstack.org/wiki/Rootwrap) and I was wondering - > would it be possible to sudoers config in the packages? > > Maybe as files to be placed in /etc/sudoers.d, especially as apart > from Nova the usage is not well documented, and I had to use kolla's > files as examples > > Best regards > > Francesco Di Nucci Hi Francesco, I'm not sure for what distribution you're talking about, but at least in Debian, each package that needs it has a /etc/sudoers.d file. For example, in a compute node, you'll get: - ceph-smartctl - cinder-common - neutron_sudoers - nova-common For example, the Neutron one contains: # cat neutron_sudoers Defaults:neutron !requiretty neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf I hope this helps, Cheers, Thomas Goirand (zigo)