From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Sun, 14 Apr 2013 13:46:12 +0000
Subject: Add zarb MLs html archives

---
 zarb-ml/mageia-sysadm/2010-November/000386.html | 117 ++++++++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100644 zarb-ml/mageia-sysadm/2010-November/000386.html

(limited to 'zarb-ml/mageia-sysadm/2010-November/000386.html')

diff --git a/zarb-ml/mageia-sysadm/2010-November/000386.html b/zarb-ml/mageia-sysadm/2010-November/000386.html
new file mode 100644
index 000000000..ef8c404f1
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2010-November/000386.html
@@ -0,0 +1,117 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-sysadm] Usernames, uids, and groups
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Usernames%2C%20uids%2C%20and%20groups&In-Reply-To=%3CAANLkTimYsTneksDDpg0COhiGOzxG2TN65cXVV10NbKVO%40mail.gmail.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="000385.html">
+   <LINK REL="Next"  HREF="000408.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-sysadm] Usernames, uids, and groups</H1>
+    <B>Romain d'Alverny</B> 
+    <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Usernames%2C%20uids%2C%20and%20groups&In-Reply-To=%3CAANLkTimYsTneksDDpg0COhiGOzxG2TN65cXVV10NbKVO%40mail.gmail.com%3E"
+       TITLE="[Mageia-sysadm] Usernames, uids, and groups">rdalverny at gmail.com
+       </A><BR>
+    <I>Mon Nov  8 17:40:24 CET 2010</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="000385.html">[Mageia-sysadm] Usernames, uids, and groups
+</A></li>
+        <LI>Next message: <A HREF="000408.html">[Mageia-sysadm] Usernames, uids, and groups
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#386">[ date ]</a>
+              <a href="thread.html#386">[ thread ]</a>
+              <a href="subject.html#386">[ subject ]</a>
+              <a href="author.html#386">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On Mon, Nov 8, 2010 at 17:29, nicolas vigier &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A>&gt; wrote:
+&gt;<i> On some machines like the svn server, we need to use pam_ldap to allow
+</I>&gt;<i> users access with their ldap accounts. But on others servers like
+</I>&gt;<i> alamut (web services), or the build nodes, normal users have no reason
+</I>&gt;<i> to login. On those servers, do you think we should restrict access with
+</I>&gt;<i> ssh configuration and a group, or disable pam_ldap completly on those
+</I>&gt;<i> servers and only use local accounts ?
+</I>
+What would be the risk(s) to use specific ldap groups for that
+purpose? (managing all access in a similar way may be better, no?)
+
+&gt;<i> And groups. I think we could use the following groups :
+</I>&gt;<i> &#160;* posix : promotes the user as posixAccount+sshPublicKey (in ldap), and
+</I>&gt;<i> &#160; allows access to the svn and git using svn+<A HREF="ssh://">ssh://</A> and git+<A HREF="ssh://">ssh://</A>
+</I>&gt;<i> &#160;* packager : allows commits in packages repository, package submit using
+</I>&gt;<i> &#160; mdvsys, additional permissions on bugzilla, access to the packages
+</I>&gt;<i> &#160; maintainers database, etc ...
+</I>&gt;<i> &#160;* web : for members of web team, allows commits in web repository
+</I>&gt;<i> &#160;* documentation, translator, qa, marketing, etc ... :
+</I>&gt;<i> &#160;* packagerapprentice, webapprentice, etc ... : for apprentices, with
+</I>&gt;<i> &#160; more restricted access
+</I>&gt;<i> &#160;* sysadm : gives admin permissions on all applications
+</I>
+LDAP groups should as well map team membership. So marketing team guys
+would belong to such a marketingTeam group then.
+
+&gt;<i> What do you think ?
+</I>
+We probably won't nail this one in one shot :-)
+
+As for web, we would need three roles:
+ - web-apprentice
+ - web (commits to web repos and pushes to tests servers)
+ - webmaster (pushes to prod servers)
+
+We need groups as well for (not exclusive):
+ - being a team representative (that is, in the Council)
+ - being an association member (eligible and elector)
+ - being a board member
+ - being the chair(wo)man
+
+Are group belonging/ownership a &quot;one-time&quot; record or does it get
+archived? (to access a history of past membership). Or should such a
+history be built separately?
+
+Romain
+</PRE>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="000385.html">[Mageia-sysadm] Usernames, uids, and groups
+</A></li>
+	<LI>Next message: <A HREF="000408.html">[Mageia-sysadm] Usernames, uids, and groups
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#386">[ date ]</a>
+              <a href="thread.html#386">[ thread ]</a>
+              <a href="subject.html#386">[ subject ]</a>
+              <a href="author.html#386">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>
-- 
cgit v1.2.1