Folks,
Martin and I (and perhaps Chris?) discussed who should have shell access to
the service VMs on OSU OSL. My contention was that "core services" VMs
do not need to provide shell access to the large number of people currently
in the "telescience" shell group - basically everyone who has asked and might,
for instance, have a reason to upload packages to the download server.
So Martin created a "sac" shell group which we can use for core services. It
can be edited at:
https://www.osgeo.org/cgi-bin/auth/ldap_shell.py?group=sac
The usual rules apply - only a member of this group or of the admin group
can modify the membership. Note that ldap_shell.py is similar to ldap_group.py
but also ensures that the accounts in ldap get extended with shell access
attributes if necessary. I anticipate that anyone on SAC can be a member
of this group as well as anyone else who volunteers to do non-trival work
on the systems, but with a substantially lower barrier to entry than being
a "Primary Administrator".
I anticipate in the future we may want to add additional shell access
groups for particular communities. For instance the QGIS folks might want
their own shell access for the QGIS VM. This should be essentially as easy
as creating a new group with the right details in LDAP using the PHP LDAP Admin
interface (or perhaps commandline tools), and then using the existing web
scripts to manage them, similar to how we create new SVN commit groups.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Programmer for Rent