feat(deploy): add sudoers config + setup.sh integration for systemctl_restart
/etc/sudoers.d/ops-agent grants NOPASSWD to ops-agent for the exact systemctl restart invocations whitelisted in commands.yml. setup.sh installs and validates it via visudo -c. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scrum4Me Agent
parent
234b2d1a58
commit
12172eec95
2 changed files with 13 additions and 0 deletions
9
deploy/ops-agent/sudoers
Normal file
9
deploy/ops-agent/sudoers
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
# /etc/sudoers.d/ops-agent
|
||||
# NOPASSWD for explicit systemctl restart invocations by the ops-agent service account.
|
||||
# Only the service names whitelisted in commands.yml are listed here.
|
||||
# Installed by deploy/ops-agent/setup.sh.
|
||||
|
||||
ops-agent ALL=(root) NOPASSWD: \
|
||||
/usr/bin/systemctl restart scrum4me-web, \
|
||||
/usr/bin/systemctl restart ops-agent, \
|
||||
/usr/bin/systemctl restart caddy
|
||||
Loading…
Add table
Add a link
Reference in a new issue