Access to machines are controlled by the POSIX groups you're present in LDAP. This page acts as a quick reference guide to see what you can do with what permissions.
From any node, you can run 'id' on a user to see what permissions you or anyone else has
mcasadevall@soylent-db:~$ id mcasadevall uid=2500(mcasadevall) gid=2500(firefighters) groups=2501(sysops),2500(firefighters),2502(db)
Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups.
List of Groups
|Group Name||Is What||Can Access|
|firefighters||all staff||firefighters can access the shell box, used to springboard to other nodes|
|db||database administrators||db users can access production databases, and sudo to the db user. They can *not* sudo to root|
|dev_team||slashcode develoeprs||can access dev nodes, can sudo to root on dev nodes|
|ircops||IRC administrators||access to IRC hosting nodes, can sudo to root on irc boxes|
|prod_access||people trusted to pushout on production||can access all production nodes as well as edge nodes, can sudo to the slash account. No root privelleges|
|svcadmin||admins of misc svcs box||shell access to all services nodes (outdated?), can sudo to root on svc nodes.|
|sysops||users with global root||sysops can sudo to root on all nodes, as well as access any node that we run. Users in this group also have access to the Linode master panel|