SystemAdministration/GroupPermissions: Difference between revisions
Jump to navigation
Jump to search
NCommander (talk | contribs) No edit summary |
NCommander (talk | contribs) No edit summary |
||
| Line 2: | Line 2: | ||
== Checking Permissions == | == Checking Permissions == | ||
From any node, you can run 'id' on | From any node, you can run 'id' on a user to see what permissions you or anyone else has | ||
<pre> | <pre> | ||
| Line 11: | Line 11: | ||
Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups | Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups | ||
== List of Groups == | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Revision as of 17:29, 22 March 2014
Access to machines are controlled by the POSIX groups you're present in LDAP. This page acts as a quick reference guide to see what you can do with what permissions.
Checking Permissions
From any node, you can run 'id' on a user to see what permissions you or anyone else has
mcasadevall@soylent-db:~$ id mcasadevall uid=2500(mcasadevall) gid=2500(firefighters) groups=2501(sysops),2500(firefighters),2502(db)
Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups
List of Groups
| Group Name | Is What | Can Access |
|---|---|---|
| firefighters | all staff | firefighters can access the shell box, used to springboard to other nodes |
| db | database administrators | db users can access production databases, and sudo to the db user. They can *not* sudo to root |
| dev_team | slashcode develoeprs | can access dev nodes, can sudo to root on dev nodes |
| ircops | IRC administrators | access to IRC hosting nodes, can sudo to root on irc boxes |
| prod_access | people trusted to pushout on production | can access all production nodes as well as edge nodes, can sudo to the slash account. No root privelleges |
| svcadmin | admins of misc svcs box | shell access to all services nodes (outdated?), can sudo to root on svc nodes. |
| sysops | users with global root | sysops can sudo to root on all nodes, as well as access any node that we run. Users in this group also have access to the Linode master panel |