[Labs-l] Restrictions on bots project
Petr Bena
benapetr at gmail.com
Tue Apr 24 07:46:59 UTC 2012
Hi, since Ryan has introduced new feature to restrict sudo, I
implemented this on bots project, it's not a production version but
still there is no need for all users to have unlimited access on all
servers, and this could eventually help the project to prevent damage
from new members who don't know what is running where and how they are
supposed to use the bots cluster. Right now all users have root on all
application servers:
bots-2
bots-3
bots-4
The root is not available for users on:
sql servers (only needed for dba stuff)
apache server (not needed at all)
nfs server (same as apache should be managed by puppet)
bots servers where cluebot and labs bots run
Most of active members of bots project who know how stuff works were
granted admin role so they still have root on all servers, anyone who
wants to help with management of project can of course ask for that,
however I think that most of new members or people who just want to
run their bots will not need root on the other instances where bots
are not supposed to run, so this would rather prevent some damage.
More information about the Labs-l
mailing list