diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000407.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-November/000407.html | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000407.html b/zarb-ml/mageia-sysadm/2010-November/000407.html new file mode 100644 index 000000000..164402e98 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000407.html @@ -0,0 +1,124 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] Usernames, uids, and groups + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Usernames%2C%20uids%2C%20and%20groups&In-Reply-To=%3C201011091414.42052.bgmilne%40multilinks.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000409.html"> + <LINK REL="Next" HREF="000425.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] Usernames, uids, and groups</H1> + <B>Buchan Milne</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Usernames%2C%20uids%2C%20and%20groups&In-Reply-To=%3C201011091414.42052.bgmilne%40multilinks.com%3E" + TITLE="[Mageia-sysadm] Usernames, uids, and groups">bgmilne at multilinks.com + </A><BR> + <I>Tue Nov 9 14:14:41 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000409.html">[Mageia-sysadm] Usernames, uids, and groups +</A></li> + <LI>Next message: <A HREF="000425.html">[Mageia-sysadm] Usernames, uids, and groups +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#407">[ date ]</a> + <a href="thread.html#407">[ thread ]</a> + <a href="subject.html#407">[ subject ]</a> + <a href="author.html#407">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Monday, 8 November 2010 17:29:24 nicolas vigier wrote: +><i> Hello, +</I> +Why a new thread? + +><i> On some machines like the svn server, we need to use pam_ldap to allow +</I>><i> users access with their ldap accounts. But on others servers like +</I>><i> alamut (web services), or the build nodes, normal users have no reason +</I>><i> to login. +</I> +But, sysadm members have a reason, and I see no reason to increase their +overhead with local accounts. + +><i> On those servers, do you think we should restrict access with +</I>><i> ssh configuration and a group, or disable pam_ldap completly on those +</I>><i> servers and only use local accounts ? +</I> +I was planning for pam_ldap's pam_groupdn option. E.g. a 'sysadm' group. + +><i> We also need to decide what UID ranges we use for local accounts, and for +</I>><i> ldap accounts. +</I>><i> +</I>><i> And groups. I think we could use the following groups : +</I>><i> * posix : promotes the user as posixAccount+sshPublicKey (in ldap), and +</I>><i> allows access to the svn and git using svn+<A HREF="ssh://">ssh://</A> and git+<A HREF="ssh://">ssh://</A> +</I> +I think it would be better to try and provide VCS commit access without shell +access. This is easy enough for subversion with mod_dav_svn. + +><i> * packager : allows commits in packages repository, package submit using +</I>><i> mdvsys, +</I> +How are we submitting to mdvsys? Command-line? API? + +><i> additional permissions on bugzilla, +</I> +What permissions do packagers need that non-packager committer don't? + +><i> access to the packages +</I>><i> maintainers database, etc ... +</I> + +><i> * web : for members of web team, allows commits in web repository +</I>><i> * documentation, translator, qa, marketing, etc ... : +</I>><i> * packagerapprentice, webapprentice, etc ... : for apprentices, with +</I>><i> more restricted access +</I> +This is svn commit but no mdvsys access? + +><i> * sysadm : gives admin permissions on all applications +</I> +There is 'Account Admin' "system" group in LDAP, which allows any modification +to any users. But, should system administration necessarily mean all access in +all applications? + +Regards, +Buchan +</PRE> + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000409.html">[Mageia-sysadm] Usernames, uids, and groups +</A></li> + <LI>Next message: <A HREF="000425.html">[Mageia-sysadm] Usernames, uids, and groups +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#407">[ date ]</a> + <a href="thread.html#407">[ thread ]</a> + <a href="subject.html#407">[ subject ]</a> + <a href="author.html#407">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |