12172eec95
/etc/sudoers.d/ops-agent grants NOPASSWD to ops-agent for the exact systemctl restart invocations whitelisted in commands.yml. setup.sh installs and validates it via visudo -c. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
9 lines
389 B
Text
9 lines
389 B
Text
# /etc/sudoers.d/ops-agent
|
|
# NOPASSWD for explicit systemctl restart invocations by the ops-agent service account.
|
|
# Only the service names whitelisted in commands.yml are listed here.
|
|
# Installed by deploy/ops-agent/setup.sh.
|
|
|
|
ops-agent ALL=(root) NOPASSWD: \
|
|
/usr/bin/systemctl restart scrum4me-web, \
|
|
/usr/bin/systemctl restart ops-agent, \
|
|
/usr/bin/systemctl restart caddy
|