[Labs-l] Considering restriction of project membership to sysadmin role
Ryan Lane
rlane32 at gmail.com
Mon Apr 2 20:27:14 UTC 2012
I'm considering a change to project membership and would like to seek opinions:
Currently, any member of a project can add or remove another member.
This enables a more collaborative environment, but also makes things a
little insecure. Eventually, we'd like to open registration of
labsconsole to allow anyone to have an account. By default people will
only have rights to edit the wiki. However, if they were added to a
project then they'd also have shell access inside of labs. We've been
mostly limiting labs access via the bastion project. Right now it's
possible for anyone to add/remove people in that project if they are a
member. We track this via recent changes, and can remove/readd people
at will.
By limiting this access to the sysadmin role, we can limit project
membership to those responsible for the systems inside of the project.
This will introduce a higher burden on sysadmin users, though.
Unless I get fairly negative reaction on this change, I plan on
pushing it out soonish. Thoughts?
- Ryan
More information about the Labs-l
mailing list