sudo -iu not working as expected

I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:

theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/

Wordpress tag: 
Wordpress category: 

semodule - global requirements not met

Trying to fix an issue with snmp, I started by building an snmp module using audit2allow. It kept failing to load, and the error message is a little cryptic...

[root@host thomas]# semodule -i snmp.pp
libsepol.print_missing_requirements: snmp's global requirements were not met: type/attribute snmpd_t (No such file or directory).

Wordpress tag: 
Wordpress category: 

TIL changing security limits on a running process (increasing nofile max open files without restarting process)

Had an sssd process spinning and using 100% cpu. Did an strace on it and saw that it was complaining about too many open files.

pid accept(24, 0xaddress, [110]) = -1 EMFILE (Too many open files)

getting the number of open files for the process.

# lsof -p $(pidof sssd_pam) |wc -l

Wordpress category: 

Building dynamic networks with puppet

Talk I gave at puppetconf2013 on using exported resources to dynamically configure your system. Using augeas and concat the examples build up a working dns implementation that is automatic. The system was simplified a lot for the talk but the principles of using exported resources to configure the system is powerful.

Wordpress category: