wiki:support-team/granting-root-access

Version 2 (modified by Jamie McClelland, 8 years ago) (diff)

--

Granting Root Access

This is a draft policy.

Policy on adding root users to all servers

Some members of the MFPL support team have [wiki:all-servers-root-access root access on all servers.

Developing a policy on expanding this group is TBD...

Policy on adding root users to a single machine

Any member of the all server root access group can provide another user outside the group with root access on a single machine without receiving initial approval. The person granting root access should evaluate and be prepared to defend the new root user based on these criteria:

  • Technical knowledge - they specifically know their way around a GNU/Debian system
  • Maturity - they know their limitations and how to ask for help
  • Politics - they understand and respect May First/People Link's political vision

The procedure for granting access:

  • Explain that all changes made as root must be documented in a ticket on support.mayfirst.org.
  • Add public-ssh key or Monkeysphere user id in /root and run monkeysphere-authentication u root
  • Announce over the support-team team list with (optional) request that their access be made permanent or an indication of how long they should have access.
  • Revoke the user's permission if there is objection from other support team members