Access to machines are controlled by the POSIX groups you're present in LDAP. This page acts as a quick reference guide to see what you can do with what permissions.
From any node, you can run 'id' on a user to see what permissions you or anyone else has
mcasadevall@soylent-db:~$ id mcasadevall uid=2500(mcasadevall) gid=2500(firefighters) groups=2501(sysops),2500(firefighters),2502(db)
Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups.
List of Groups
|firefighters can access the shell box, used to springboard to other nodes
|db users can access production databases, and sudo to the db user. They can *not* sudo to root
|can access dev nodes, can sudo to root on dev nodes
|access to IRC hosting nodes, can sudo to root on irc boxes
|people trusted to pushout on production
|can access all production nodes as well as edge nodes, can sudo to the slash account. No root privelleges
|admins of misc svcs box
|shell access to all services nodes (outdated?), can sudo to root on svc nodes.
|users with global root
|sysops can sudo to root on all nodes, as well as access any node that we run. Users in this group also have access to the Linode master panel