Skip to content

Allow to sudo as the tb-release user on staticiforme for members of the tb-release group

When we release a new Tor Browser update we need to update some files in /srv/aus1-master.torproject.org/htdocs/torbrowser on staticiforme.tpo. As we are multiple people in the team publishing updates (members of the ldap group tb-release), we make the files there group-owned by tb-release and add write permission for group on the files.

However there are some problems with doing things like that:

  • if one of us create files but forget to set write permission for the group, other members of the group cannot modify those files
  • because permission on directories have the sticky bit, we cannot remove files from other users

I think it would be better if all files in /srv/aus1-master.torproject.org/htdocs/torbrowser are owned by the tb-release user, and we use sudo -s -u tb-release when we need to update files in this directory.

Currently running sudo -s -u tb-release tells me:

Sorry, user boklm is not allowed to execute '/bin/bash' as tb-release on staticiforme.torproject.org.

/cc @richard