| | 1 | = Granting Root Access = |
| | 2 | |
| | 3 | This is a draft policy. |
| | 4 | |
| | 5 | == Policy on adding root users to all servers == |
| | 6 | |
| | 7 | Some members of the MFPL support team have root access on all servers (see the [wiki:support-team support team wiki for a list]. |
| | 8 | |
| | 9 | Developing a policy on expanding this group is TBD... |
| | 10 | |
| | 11 | == Policy on adding root users to a single machine == |
| | 12 | |
| | 13 | Any member of the all server root access group can provide another user outside the group with root access on a single machine without receiving initial approval. The person granting root access should evaluate and be prepared to defend the new root user based on these criteria: |
| | 14 | |
| | 15 | * Technical knowledge - they specifically know their way around a GNU/Debian system |
| | 16 | * Maturity - they know their limitations and how to ask for help |
| | 17 | * Politics - they understand and respect May First/People Link's political vision |
| | 18 | |
| | 19 | The procedure for granting access: |
| | 20 | |
| | 21 | * Explain that all changes made as root must be documented in a ticket on support.mayfirst.org. |
| | 22 | * Add public-ssh key or [http://monkeysphere.info Monkeysphere] user id in /root and run `monkeysphere-authentication u root` |
| | 23 | * Announce over [https://lists.mayfirst.org/mailman/listinfo/support-team the support-team team list] with (optional) request that their access be made permanent or an indication of how long they should have access. |
| | 24 | * Revoke the user's permission if there is objection from other support team members |
