[tor-project] changes to using sudo on torproject.org systems

Peter Palfrader weasel at torproject.org
Tue Mar 22 21:39:36 UTC 2016 

[If you do not use sudo on torproject.org systems, you need not read this.]

Comrades,

some of you maintain services on torproject.org hosts.  Generally, these
services run under their dedicated role user, and you use sudo to switch to
these roles.

Up until now, you have used the LDAP password to authenticate to sudo.  We want
to change this.

The LDAP password is the one you got sent in encrypted mail when your account
was first created on db.torproject.org.  You might have (should have) changed
that on the web-interface [db].  This password is the one that also allows you
to log into the management interface [db-login] there and change for instance
your mail forwarding configuration or your jabber password
[jabber-announce-mail].

The plan is to have a password dedicated to just sudo.

To set it, please go to the user management website [db-login] (pick "Update my
info"), and set a new (strong) sudo password for yourself.  If you want, you
can set a password that works for all the hosts that are managed by
torproject-admin (*).  Alternatively, or additionally, you can have per-host
sudo passwords -- just select the appropriate host in the pull-down box.

Once set on the web interface, you will have to confirm the new settings by
sending a signed challenge to the mail interface.  Please ensure you don't
introduce any additional line breaks.

Note that setting a sudo password will only enable you to use sudo to
configured accounts on configured hosts.  Consult the output of "sudo -l" if
you don't know what you may do.  (If you don't know, chances are you don't need
to nor can use sudo.)

For now, both the LDAP password and the new sudo password will work to
authenticate to sudo.  Starting in the second week of April, the LDAP password
will no longer be accepted for this purpose.

If you have any questions, please ask.

Thanks,
weasel

[db] https://db.torproject.org/
[db-login] https://db.torproject.org/login.html
[jabber-announce-mail]
  https://lists.torproject.org/pipermail/tor-project/2016-February/000064.html
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

More information about the tor-project mailing list