| 1 | = Granting Root Access = |
| 2 | |
| 3 | This is a draft policy. |
| 4 | |
| 5 | == Policy on adding root users to all servers == |
| 6 | |
| 7 | Some members of the MFPL support team have root access on all servers (see the [wiki:support-team support team wiki for a list]. |
| 8 | |
| 9 | Developing a policy on expanding this group is TBD... |
| 10 | |
| 11 | == Policy on adding root users to a single machine == |
| 12 | |
| 13 | Any member of the all server root access group can provide another user outside the group with root access on a single machine without receiving initial approval. The person granting root access should evaluate and be prepared to defend the new root user based on these criteria: |
| 14 | |
| 15 | * Technical knowledge - they specifically know their way around a GNU/Debian system |
| 16 | * Maturity - they know their limitations and how to ask for help |
| 17 | * Politics - they understand and respect May First/People Link's political vision |
| 18 | |
| 19 | The procedure for granting access: |
| 20 | |
| 21 | * Explain that all changes made as root must be documented in a ticket on support.mayfirst.org. |
| 22 | * Add public-ssh key or [http://monkeysphere.info Monkeysphere] user id in /root and run `monkeysphere-authentication u root` |
| 23 | * Announce over [https://lists.mayfirst.org/mailman/listinfo/support-team the support-team team list] with (optional) request that their access be made permanent or an indication of how long they should have access. |
| 24 | * Revoke the user's permission if there is objection from other support team members |