[tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 31 18:12:29 UTC 2018
#27145: help.tpo accounts is not clear enough
-------------------------------------------------+-------------------------
Reporter: juga | Owner: tpa
Type: defect | Status:
| reopened
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by juga):
* status: closed => reopened
* resolution: worksforme =>
Comment:
Replying to [comment:2 weasel]:
> It seems irl answered all your questions.
Not really, maybe because i didn't even made them
> If you have proposed changes to the text of the wiki, by all means
propose :)
Reopening this ticket with the patches i propose.
Replying to [comment:1 irl]:
> I am not a sysadmin team person, so some of this may be incorrect, but
here's my understanding:
>
> Replying to [ticket:27145 juga]:
> > Quoting https://help.torproject.org/tsa/doc/accounts/:
> >
> > > Most of the time when people want access to a specific host, what
they really want is getting added to a particular group
> >
> > does "people" need to know how ldap works or how the different
services/machines are configured to know which "group" they want to be
added to?
> > i suspect no
>
> If you already have an ldap account you can probably log in to the
machine and run `ls -la /srv/thing` and it will tell you what group owns a
service.
Before writing this ticket,I logged into perdulce as weasel said by IRC
and run `getent group`. There was not any group called "dist". Weasel said
it was probably `torwww`, but he had to check to know which group has
access corresponds to "dist".
Log in into which machine you mean?. dist.tpo is a different machine as
perdulce. In perdulce `ls -ls /srv` does not give any interesting
information.
As nickm proposed in in
https://trac.torproject.org/projects/tor/ticket/26849#comment:2, we should
have write permissions only in a directory called sbws in dist.tpo, not to
the root of dist.tpo.
So, questions:
1. does a new group need to be created to have permissions in dist.tpo
only in the directory `sbws`?
2. which is the group that correspond to dist.tpo, `torwww`?
> Many things are documented on the
[[https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure|Infrastructure]]
wiki page.
All the information i can get about dist.tpo in that page is:
`dist.torproject.org (web) helix packages N/A
N/A`
I think that page should be updated. Not sure there's alreay a ticket.
> For most services you would probably have been working with existing
people in the group and they would know what group access to ask for.
The group i'm mostly working with, is pastly and teor, which are not in
the group `torwww`. Other people in network-team and weasel ar inclued in
that group. It seems i've to ask one by one.
[...]
I think the rest of my comments can be understood by the patches.
Thanks.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27145#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list