#27145: help.tpo accounts is not clear enough -------------------------------------------------+--------------------- Reporter: juga | Owner: tpa Type: defect | Status: new Priority: Medium | Milestone: Component: Internal Services/Tor Sysadmin Team | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+--------------------- Changes (by irl):
* owner: (none) => tpa * component: - Select a component => Internal Services/Tor Sysadmin Team Comment: I am not a sysadmin team person, so some of this may be incorrect, but here's my understanding: Replying to [ticket:27145 juga]: > Quoting https://help.torproject.org/tsa/doc/accounts/: > > > Most of the time when people want access to a specific host, what they really want is getting added to a particular group > > does "people" need to know how ldap works or how the different services/machines are configured to know which "group" they want to be added to? > i suspect no If you already have an ldap account you can probably log in to the machine and run `ls -la /srv/thing` and it will tell you what group owns a service. Many things are documented on the [[https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure|Infrastructure]] wiki page. For most services you would probably have been working with existing people in the group and they would know what group access to ask for. > > If you want to get added to some unix group, you will have to find an existing member of that group. > > awesome explanation, what if a new group is needed? This should probably still be a ticket for the sysadmin component, but the group creation would normally be a side effect of the deployment of a new service, which again would be a ticket for the sysadmin component. > > They should then request on trac – > > ok, the person in the group, not the person that "want" the "access". Yes. The request must be from an existing member of the group. > > ideally in a PGP signed message (as above in the new account creation section) – that you be added to their group. > > it seems this means that the *OpenPGP*-signed messaged should be in the trac ticket, but gives confusion to whether it should be a email, and whether it should be PGP-signed. `gpg --clearsign` will produce a signed message that can be pasted into a trac ticket, and allow for the person processing the ticket to validate the signature. > And i could not find the component where to include this ticket. I have filed it in the sysadmin component, which is where ldap related things go. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27145#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs