Task #2458
openReview shell access list
0%
Description
Some shell accounts were created manually, and other using salt. The same for the accounts' supplementary groups, including sudo and ssh-login.
As we don't have a central database for account information, it's not trivial to determine who has access to what, and with which privileges. Moreover contributors come and go — naturally — so the access list needs to be reviewed regularly to reflect the current reality. The same goes for the tdf-admin mailing list (aka hostmaster@tdf).
Updated by Guilhem Moulin almost 7 years ago
For per-machine access we could use LDAP with pam_nss (excluding global admins in case LDAP access would break or something), as Norbert suggested. Having UNIX accounts and ACLs in a central database would simplify this task a lot.
Updated by Florian Effenberger over 6 years ago
Priority-wise, I see this after we have some more services in LDAP, as admin access is managed via Salt
Do you agree, or would you prioritize that higher?
Updated by Guilhem Moulin over 6 years ago
I agree it's not high priority, just a neat way to solve the problem :-)
Updated by Florian Effenberger over 6 years ago
Can we do a first round of "removal proposals" (from tdf-admin as well as SSH logins/root access) within the next two weeks? Send the name to me privately please ;-)
Updated by Florian Effenberger over 6 years ago
- Due date changed from 2018-04-11 to 2018-07-27
Done late May, so let's review late July
Updated by Florian Effenberger about 6 years ago
Done late May, so let's review late July
Can you send me the current list of shell access (do not attach to this ticket, as it's public) - and we'll review together if there's any need for action?
Updated by Florian Effenberger about 6 years ago
Florian Effenberger wrote:
Done late May, so let's review late July
Can you send me the current list of shell access (do not attach to this ticket, as it's public) - and we'll review together if there's any need for action?
Ping?
Updated by Guilhem Moulin about 6 years ago
- Due date changed from 2018-07-27 to 2019-01-01
Updated by Florian Effenberger over 5 years ago
Can you share the current list with me privately, so we can have a look?
Updated by Florian Effenberger over 5 years ago
- Due date changed from 2019-01-01 to 2019-10-01
- Status changed from New to In Progress
Updated by Guilhem Moulin almost 5 years ago
- Due date changed from 2019-10-01 to 2020-05-01
Updated by Guilhem Moulin over 4 years ago
- Due date changed from 2020-05-01 to 2020-11-01
Updated by Guilhem Moulin over 3 years ago
- Due date changed from 2020-11-01 to 2021-11-01
Updated by Guilhem Moulin almost 3 years ago
- Due date changed from 2021-11-01 to 2022-02-18
Updated by Guilhem Moulin over 2 years ago
- Due date changed from 2022-02-18 to 2022-07-01
Updated by Guilhem Moulin about 2 months ago
- Due date changed from 2022-07-01 to 2024-02-15
Updated by Guilhem Moulin about 2 months ago
- Due date changed from 2024-02-15 to 2025-02-17