SystemAdministration/GroupPermissions

From SoylentNews
Jump to: navigation, search

Access to machines are controlled by the POSIX groups you're present in LDAP. This page acts as a quick reference guide to see what you can do with what permissions.

Checking Permissions

From any node, you can run 'id' on a user to see what permissions you or anyone else has

mcasadevall@soylent-db:~$ id mcasadevall
uid=2500(mcasadevall) gid=2500(firefighters) groups=2501(sysops),2500(firefighters),2502(db)

Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups.

List of Groups

Group Name Is What Can Access
firefighters all staff firefighters can access the shell box, used to springboard to other nodes
db database administrators db users can access production databases, and sudo to the db user. They can *not* sudo to root
dev_team slashcode develoeprs can access dev nodes, can sudo to root on dev nodes
ircops IRC administrators access to IRC hosting nodes, can sudo to root on irc boxes
prod_access people trusted to pushout on production can access all production nodes as well as edge nodes, can sudo to the slash account. No root privelleges
svcadmin admins of misc svcs box shell access to all services nodes (outdated?), can sudo to root on svc nodes.
sysops users with global root sysops can sudo to root on all nodes, as well as access any node that we run. Users in this group also have access to the Linode master panel