wiki:support-team/granting-root-access

Granting Root Access

This is a draft policy.

Policy on adding root users to all servers

Some members of the MFPL support team have root access on all servers.

Developing a policy on expanding this group is TBD...

Policy on adding root users to a single machine

Any member of the all server root access group can provide another user outside the group with root access on a single machine without receiving initial approval. The person granting root access should evaluate and be prepared to defend the new root user based on these criteria:

  • Technical knowledge - they specifically know their way around a GNU/Debian system
  • Maturity - they know their limitations and how to ask for help
  • Politics - they understand and respect May First/People Link's political vision

The procedure for granting access:

  • Explain that all changes made as root must be documented in a ticket on support.mayfirst.org and ensure the user has reviewed our other root guidelines and our policy on keeping root enabled ssh keys.
  • Add public-ssh key or Monkeysphere user id in /root and run monkeysphere-authentication u root
  • Announce over the support-team team list with (optional) request that their access be made permanent or an indication of how long they should have access.
  • Revoke the user's permission if there is objection from other support team members
Last modified 8 years ago Last modified on Oct 23, 2011, 1:48:03 PM