[Imc-aotearoa-tech] moving to individual accounts..

finn c. finn at animal-liberation.org.nz
Tue, 8 Oct 2002 21:56:10 +1300

Previous message: [Imc-aotearoa-tech] moving to individual accounts..
Next message: [Imc-aotearoa-tech] Re: pdf, ssh
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

Before I say anything else, Leith emailed and said not to worry about ssh access until we had sorted stuff out. I asked what he wanted to do with it, and right now he just wants to upload the chch publication [which isn't a good enuf reason to get access imo] - however he is keen to build on the print page later.

> Regarding giving out of passwords and changing of passwords, we really 
> need to move to a situation with individual accounts and seperate 
> passwords, rather than one password.

Yup

> Does the current  user also have access to create users?

I tried adduser and we don't have rights to use it. Know any other tricks?

> If we do this, then we might also need to have a process for giving 
> people access to sudo.

Sudo would be grand - the structure of the site lends itself well to it:

~/www: for the nerdy types
~/www/local: for updating [more or less] static content
~/www/local/aimcprint: [or whatever] for individual sections.

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.

So instead of giving access to the entire site, we could grant access to a folder[s].

> I'm not sure that Cat will be Ok to give sudo to whomever our process 
> recommends, but if so I think we should come up with some sort of process.

Hmm, I will talk to catgeek. The main issue I think would be time.

> I suggest the followiing ...
> 
> :: Proposed process for gettting Sudo Access :
> 
> >- Someone asks and receives 'normal' access (on the main collective list) to ssh etc.

What do you mean by 'normal' - access to a sandbox folder for playing?

> I'd welcome your comments on the above.

Yup sounds sane - the final say in anything should come down to active tech people [right now Miles and Me] when anything mildly technical pops up [like anything beyond basic ssh access] - it's not that collectivistic I know, but we [prob me] are the ones who are gonna have to fix anything that breaks. Slowly building up trust is the way to go I reckon, rather that creating endless obfuscating rules. And having to explain nerdy stuff over email is a nightmare. :-)

It would be good to have an account on pink [cat's testing server] so people can learn the difference between 'rm -rf /' and 'rm somebadfile.html' - I'm sure they would be into it. Or maybe rovin's acc? Do you have plans for that beyond play duncan?

finn

______________________________________________

Don't hate the media become the media!
Aotearoa Indymedia / Te Komako Motuhake

http://www.indymedia.org.nz
______________________________________________

New yesyes:alpha units available now! 

http://www.yesyes.net.nz

Previous message: [Imc-aotearoa-tech] moving to individual accounts..
Next message: [Imc-aotearoa-tech] Re: pdf, ssh
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]