#2009: Give robe access to secrets file on secure server
---------------------------+-------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
Alex just sent me the credentials for our
https://www.cloudvps.com
I would like to store this in the secrets file we have in place but don't
believe I have access.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
I don't even know what's this secure file we have in place,
where did you read about it ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by neteler):
Replying to [comment:1 strk]:
> I don't even know what's this secure file we have in place,
> where did you read about it ?
I have sent the file location to you (strk) via PM.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
I think we should review management of that file.
Maybe an argument for next meeting
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
strk I can log into the secure server so that's all set, but I actually
don't know which file on this server I'm supposed to put the new
information in.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by martin):
access.txt
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
I've created an "access" group and a directory /root/access
which is read-writeable by members of such group and not
accessible by others. Then I added user "robe" to this group.
Regina: please create a new file in that directory, make
sure it's not world readable, then add the info in there.
Name the file after the service.
I'm hoping to get more fine-grained access control in this way.
And move closer to a standard password store layout, similar
to what https://www.passwordstore.org/ uses.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
strk I tried to create a new file using VIM in that folder, and when I
went to write, I get this error
{{{
E138: Can't write viminfo file /home/robe/.viminfo!
}}}
Can I not even write to my own home directory?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by robe):
It seemed to be able to add the file though so it's in there and I changed
permissions to be group readable/writable and not public readable
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:8>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Comment (by strk):
I've now created you an home (it's not automatic on first login,
unfortunately).
For the future, please change permissions *before* writing content
(safer).
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:9>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2009: Give robe access to secrets file on secure server
---------------------------+---------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by strk):
* status: new => closed
* resolution: => fixed
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2009#comment:10>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.