#1560: add jmckenna to sudoers on osgeo6
---------------------------+-------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
I need to change permissions of files in /var/www/mapserver.org/ on the
new osgeo6
Thanks,
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
polite bump
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by wildintellect):
I think we determined what should happen is creating a mapserver group and
setting the default umask to 002 instead of 022. That does leave the
question of where the group membership should inherit from or if we just
one off add people as needed on the machine (Can we use LDAP for this?).
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
I access the machine with my LDAP account yes (jmckenna).
Likely I will be the only person to access the machine in the mapserver
group, that is not already an OSGeo admin (going by past machine
histories).
Whatever you choose, can you enable this today?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
Did you make a decision? Is there anything I can do to help move this
along faster?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
It is now 12 days later. Can I please have an update? I am trying very
hard to wait patiently. 12 days is a little extreme.
Should the OSGeo Board provide funding for admin tasks? Should the OSGeo
Board provide external resources (paid admin staff person) to deal with
these tasks?
Please let me and the OSGeo Board know what can be done to help.
Thanks,
-jeff
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by martin):
As far as I understand it's unclear *how* to proceed. OSGeo used to have
crowds of users with "sudo"-permission on every VM in the past, but I've
understood that's not the desired policy for the future (and I fully agree
with reducing "sudo"-permissions).
I'm not in a position to make a decision on how it should be done, this
should be made by Alex because he's more familiar with the people
involved. Anyhow, creating an LDAP group for every project is my
favourite, then chgrp the respective group directories to the respective
project group and inherit group permissions via ACL's.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by wildintellect):
I thought that you now had permissions to login as the mapserver user
which owns the directory and that would solve the immediate issue. Longer
term we just need to add you to the group and change the default umask to
group write.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
there are several items I would tackle on the old Projects machine, that
required my sudo access. I don't think it is wrong of the president of
the foundation to be asking for this. This is disheartening arguing for
this, I am sorry for being honest here.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:8>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by wildintellect):
You are in the mapserver group, and I made sure to chmod -R g+w
/home/mapserver/mapserver-docs-git-branch-6-4/
The ticket didn't state you wanted to fix anything else. If you want to
join SAC officially that would be reasonable. This is a reaction to the
awkward mess of too many sudoers on the Old projects VM, it was not
specific to you. We also don't have things compartmented yet, so sudo on
osgeo6 is sudo over a lot of other things than just the Projects.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:9>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
Here i am arguing, to make a change so i can get some work done, work that
is for the foundation, on my own time.
I should not have to argue for this.
I am speechless.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:10>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+--------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by jmckenna):
thanks
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:11>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+----------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: wontfix
Keywords: |
---------------------------+----------------------
Changes (by jmckenna):
* status: new => closed
* resolution: => wontfix
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:12>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+----------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: wontfix
Keywords: |
---------------------------+----------------------
Comment (by wildintellect):
I think I missed this /var/www/mapserver now group owned by mapserver
group and chmod group write applied.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:13>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+-----------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: reopened
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Changes (by wildintellect):
* status: closed => reopened
* resolution: wontfix =>
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:14>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+-----------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: reopened
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+-----------------------
Comment (by martin):
Replying to [comment:10 jmckenna]:
> Here i am arguing, to make a change so i can get some work done, work
that is for the foundation, on my own time.
>
> I should not have to argue for this.
>
> I am speechless.
I'm convinced that the strategy of granting system access permissions on
the basis of administrative roles in the organization is a very bad
advisor - and I'm looking back at 20 years of professional Unix system
administration in a wide variety of organizations (and also on a wide
variety of Unix systems).
Our (at least Alex' and mine) concern is to implement a sustainable schema
for access control on OSGeo ressources and this works best when you're
telling us precisely what's missing so we can take appropriate care of it.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:15>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1560: add jmckenna to sudoers on osgeo6
---------------------------+---------------------
Reporter: jmckenna | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by jmckenna):
* status: reopened => closed
* resolution: => fixed
Comment:
I trust both your experience. I agree, I will open new tickets for any
commands I need run. Closing this ticket.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1560#comment:16>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.