[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough



#27145: help.tpo accounts is not clear enough
-------------------------------------------------+-------------------------
 Reporter:  juga                                 |          Owner:  tpa
     Type:  defect                               |         Status:
                                                 |  reopened
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by juga):

 * status:  closed => reopened
 * resolution:  worksforme =>


Comment:

 Replying to [comment:2 weasel]:
 > It seems irl answered all your questions.

 Not really, maybe because i didn't even made them

 > If you have proposed changes to the text of the wiki, by all means
 propose :)

 Reopening this ticket with the patches i propose.

 Replying to [comment:1 irl]:
 > I am not a sysadmin team person, so some of this may be incorrect, but
 here's my understanding:
 >
 > Replying to [ticket:27145 juga]:
 > > Quoting https://help.torproject.org/tsa/doc/accounts/:
 > >
 > > > Most of the time when people want access to a specific host, what
 they really want is getting added to a particular group
 > >
 > > does "people" need to know how ldap works or how the different
 services/machines are configured to know which "group" they want to be
 added to?
 > > i suspect no
 >
 > If you already have an ldap account you can probably log in to the
 machine and run `ls -la /srv/thing` and it will tell you what group owns a
 service.

 Before writing this ticket,I logged into perdulce as weasel said by IRC
 and run `getent group`. There was not any group called "dist". Weasel said
 it was probably `torwww`, but he had to check to know which group has
 access corresponds to "dist".

 Log in into which machine you mean?. dist.tpo is a different machine as
 perdulce. In perdulce `ls -ls /srv` does not give any interesting
 information.

 As nickm proposed in in
 https://trac.torproject.org/projects/tor/ticket/26849#comment:2, we should
 have write permissions only in a directory called sbws in dist.tpo, not to
 the root of dist.tpo.

 So, questions:
 1. does a new group need to be created to have permissions in dist.tpo
 only in the directory `sbws`?
 2. which is the group that correspond to dist.tpo, `torwww`?

 > Many things are documented on the
 [[https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure|Infrastructure]]
 wiki page.

 All the information i can get about dist.tpo in that page is:

 `dist.torproject.org (​web)     helix   packages                N/A
 N/A`

 I think that page should be updated. Not sure there's alreay a ticket.

 > For most services you would probably have been working with existing
 people in the group and they would know what group access to ask for.

 The group i'm mostly working with, is pastly and teor, which are not in
 the group `torwww`. Other people in network-team and weasel ar inclued in
 that group. It seems i've to ask one by one.

 [...]

 I think the rest of my comments can be understood by the patches.

 Thanks.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27145#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs