= Granting Root Access =

This is a draft policy.

== Policy on adding root users to all servers ==

Some members of the MFPL support team have [wiki:support-team/all-servers-root-access root access on all servers].

Developing a policy on expanding this group is TBD...

== Policy on adding root users to a single machine ==

Any member of the all server root access group can provide another user outside the group with root access on a single machine without receiving initial approval. The person granting root access should evaluate and be prepared to defend the new root user based on these criteria:

 * Technical knowledge - they specifically know their way around a GNU/Debian system
 * Maturity - they know their limitations and how to ask for help
 * Politics - they understand and respect May First/People Link's political vision

The procedure for granting access:

 * Explain that all changes made as root must be documented in a ticket on support.mayfirst.org and ensure the user has reviewed our other [wiki:root-guidelines root guidelines] and our [wiki:ssh_security_policy policy on keeping root enabled ssh keys].
 * Add public-ssh key or [http://monkeysphere.info Monkeysphere] user id in /root and run `monkeysphere-authentication u root`
 * Announce over [https://lists.mayfirst.org/mailman/listinfo/support-team the support-team team list] with (optional) request that their access be made permanent or an indication of how long they should have access.
 * Revoke the user's permission if there is objection from other support team members