Granting Root Access

This is a draft policy.

Policy on adding root users to all servers

Some members of the MFPL support team have [wiki:all-servers-root-access root access on all servers.

Developing a policy on expanding this group is TBD...

Policy on adding root users to a single machine

Any member of the all server root access group can provide another user outside the group with root access on a single machine without receiving initial approval. The person granting root access should evaluate and be prepared to defend the new root user based on these criteria:

• Technical knowledge - they specifically know their way around a GNU/Debian system
• Maturity - they know their limitations and how to ask for help
• Politics - they understand and respect May First/People Link's political vision

The procedure for granting access:

• Explain that all changes made as root must be documented in a ticket on support.mayfirst.org.
• Add public-ssh key or ​Monkeysphere user id in /root and run monkeysphere-authentication u root
• Announce over ​the support-team team list with (optional) request that their access be made permanent or an indication of how long they should have access.
• Revoke the user's permission if there is objection from other support team members