[tor-bugs] #27145 [Internal Services/Tor Sysadmin Team]: help.tpo accounts is not clear enough
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 14 22:59:08 UTC 2018
#27145: help.tpo accounts is not clear enough
-------------------------------------------------+---------------------
Reporter: juga | Owner: tpa
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+---------------------
Changes (by irl):
* owner: (none) => tpa
* component: - Select a component => Internal Services/Tor Sysadmin Team
Comment:
I am not a sysadmin team person, so some of this may be incorrect, but
here's my understanding:
Replying to [ticket:27145 juga]:
> Quoting https://help.torproject.org/tsa/doc/accounts/:
>
> > Most of the time when people want access to a specific host, what they
really want is getting added to a particular group
>
> does "people" need to know how ldap works or how the different
services/machines are configured to know which "group" they want to be
added to?
> i suspect no
If you already have an ldap account you can probably log in to the machine
and run `ls -la /srv/thing` and it will tell you what group owns a
service.
Many things are documented on the
[[https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure|Infrastructure]]
wiki page.
For most services you would probably have been working with existing
people in the group and they would know what group access to ask for.
> > If you want to get added to some unix group, you will have to find an
existing member of that group.
>
> awesome explanation, what if a new group is needed?
This should probably still be a ticket for the sysadmin component, but the
group creation would normally be a side effect of the deployment of a new
service, which again would be a ticket for the sysadmin component.
> > They should then request on trac –
>
> ok, the person in the group, not the person that "want" the "access".
Yes. The request must be from an existing member of the group.
> > ideally in a PGP signed message (as above in the new account creation
section) – that you be added to their group.
>
> it seems this means that the *OpenPGP*-signed messaged should be in the
trac ticket, but gives confusion to whether it should be a email, and
whether it should be PGP-signed.
`gpg --clearsign` will produce a signed message that can be pasted into a
trac ticket, and allow for the person processing the ticket to validate
the signature.
> And i could not find the component where to include this ticket.
I have filed it in the sysadmin component, which is where ldap related
things go.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27145#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list