SystemAdministration/GroupPermissions
Jump to navigation
Jump to search
Access to machines are controlled by the POSIX groups you're present in LDAP. This page acts as a quick reference guide to see what you can do with what permissions.
Checking Permissions
From any node, you can run 'id' on a user to see what permissions you or anyone else has
mcasadevall@soylent-db:~$ id mcasadevall uid=2500(mcasadevall) gid=2500(firefighters) groups=2501(sysops),2500(firefighters),2502(db)
Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups.
List of Groups
Group Name | Is What | Can Access |
---|---|---|
firefighters | all staff | firefighters can access the shell box, used to springboard to other nodes |
db | database administrators | db users can access production databases, and sudo to the db user. They can *not* sudo to root |
dev_team | slashcode develoeprs | can access dev nodes, can sudo to root on dev nodes |
ircops | IRC administrators | access to IRC hosting nodes, can sudo to root on irc boxes |
prod_access | people trusted to pushout on production | can access all production nodes as well as edge nodes, can sudo to the slash account. No root privelleges |
svcadmin | admins of misc svcs box | shell access to all services nodes (outdated?), can sudo to root on svc nodes. |
sysops | users with global root | sysops can sudo to root on all nodes, as well as access any node that we run. Users in this group also have access to the Linode master panel |