Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:  wontfix
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by juga):

 * status:  reopened => closed
 * resolution:   => wontfix


Comment:

 AFAIU, there's no solution to this ticket without restructuring
 permissions/responsabilities.
 So closing again for now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by juga):

 * Attachment "0003-Rephrase-how-to-be-added-to-a-group.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by juga):

 * Attachment "0002-Rephrase-explaining-how-hosts-groups-work.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by juga):

 * Attachment "0001-Replace-PGP-by-OpenPGP.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by juga):

 * status:  closed => reopened
 * resolution:  worksforme =>


Comment:

 Replying to [comment:2 weasel]:
 > It seems irl answered all your questions.

 Not really, maybe because i didn't even made them

 > If you have proposed changes to the text of the wiki, by all means
 propose :)

 Reopening this ticket with the patches i propose.

 Replying to [comment:1 irl]:
 > I am not a sysadmin team person, so some of this may be incorrect, but
 here's my understanding:
 >
 > Replying to [ticket:27145 juga]:
 > > Quoting https://help.torproject.org/tsa/doc/accounts/:
 > >
 > > > Most of the time when people want access to a specific host, what
 they really want is getting added to a particular group
 > >
 > > does "people" need to know how ldap works or how the different
 services/machines are configured to know which "group" they want to be
 added to?
 > > i suspect no
 >
 > If you already have an ldap account you can probably log in to the
 machine and run `ls -la /srv/thing` and it will tell you what group owns a
 service.

 Before writing this ticket,I logged into perdulce as weasel said by IRC
 and run `getent group`. There was not any group called "dist". Weasel said
 it was probably `torwww`, but he had to check to know which group has
 access corresponds to "dist".

 Log in into which machine you mean?. dist.tpo is a different machine as
 perdulce. In perdulce `ls -ls /srv` does not give any interesting
 information.

 As nickm proposed in in
 https://trac.torproject.org/projects/tor/ticket/26849#comment:2, we should
 have write permissions only in a directory called sbws in dist.tpo, not to
 the root of dist.tpo.

 So, questions:
 1. does a new group need to be created to have permissions in dist.tpo
 only in the directory `sbws`?
 2. which is the group that correspond to dist.tpo, `torwww`?

 > Many things are documented on the
 
[[https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure|Infrastructure]]
 wiki page.

 All the information i can get about dist.tpo in that page is:

 `dist.torproject.org (​web) helix   packagesN/A
 N/A`

 I think that page should be updated. Not sure there's alreay a ticket.

 > For most services you would probably have been working with existing
 people in the group and they would know what group access to ask for.

 The group i'm mostly working with, is pastly and teor, which are not in
 the group `torwww`. Other people in network-team and weasel ar inclued in
 that group. It seems i've to ask one by one.

 [...]

 I think the rest of my comments can be understood by the patches.

 Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 |  worksforme
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by weasel):

 * status:  new => closed
 * resolution:   => worksforme


Comment:

 It seems irl answered all your questions.

 If you have proposed changes to the text of the wiki, by all means propose
 :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough

[Tor Bug Tracker & Wiki]

#27145: help.tpo accounts is not clear enough
-+-
 Reporter:  juga |  Owner:  tpa
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by irl):

 * owner:  (none) => tpa
 * component:  - Select a component => Internal Services/Tor Sysadmin Team


Comment:

 I am not a sysadmin team person, so some of this may be incorrect, but
 here's my understanding:

 Replying to [ticket:27145 juga]:
 > Quoting https://help.torproject.org/tsa/doc/accounts/:
 >
 > > Most of the time when people want access to a specific host, what they
 really want is getting added to a particular group
 >
 > does "people" need to know how ldap works or how the different
 services/machines are configured to know which "group" they want to be
 added to?
 > i suspect no

 If you already have an ldap account you can probably log in to the machine
 and run `ls -la /srv/thing` and it will tell you what group owns a
 service.

 Many things are documented on the
 
[[https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure|Infrastructure]]
 wiki page.

 For most services you would probably have been working with existing
 people in the group and they would know what group access to ask for.

 > > If you want to get added to some unix group, you will have to find an
 existing member of that group.
 >
 > awesome explanation, what if a new group is needed?

 This should probably still be a ticket for the sysadmin component, but the
 group creation would normally be a side effect of the deployment of a new
 service, which again would be a ticket for the sysadmin component.

 > > They should then request on trac –
 >
 > ok, the person in the group, not the person that "want" the "access".

 Yes. The request must be from an existing member of the group.

 > > ideally in a PGP signed message (as above in the new account creation
 section) – that you be added to their group.
 >
 > it seems this means that the *OpenPGP*-signed messaged should be in the
 trac ticket, but gives confusion to whether it should be a email, and
 whether it should be PGP-signed.

 `gpg --clearsign` will produce a signed message that can be pasted into a
 trac ticket, and allow for the person processing the ticket to validate
 the signature.

 > And i could not find the component where to include this ticket.

 I have filed it in the sysadmin component, which is where ldap related
 things go.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs