SystemAdministration/GroupPermissions
Jump to navigation
Jump to search
Access to machines are controlled by the POSIX groups you're present in LDAP. This page acts as a quick reference guide to see what you can do with what permissions.
Checking Permissions
From any node, you can run 'id' on a user to see what permissions you or anyone else has
mcasadevall@soylent-db:~$ id mcasadevall uid=2500(mcasadevall) gid=2500(firefighters) groups=2501(sysops),2500(firefighters),2502(db)
Here's our breakdown of permissions that can access what. Please note this refers to physical access permissions, *not* roles in teams. We try and practice least amount of access necessary in an attempt to keep things relatively secure. You can be in multiple groups.
List of Groups
| Group Name | Is What | Can Access |
|---|---|---|
| firefighters | all staff | firefighters can access the shell box, used to springboard to other nodes |
| db | database administrators | db users can access production databases, and sudo to the db user. They can *not* sudo to root |
| dev_team | slashcode develoeprs | can access dev nodes, can sudo to root on dev nodes |
| ircops | IRC administrators | access to IRC hosting nodes, can sudo to root on irc boxes |
| prod_access | people trusted to pushout on production | can access all production nodes as well as edge nodes, can sudo to the slash account. No root privelleges |
| svcadmin | admins of misc svcs box | shell access to all services nodes (outdated?), can sudo to root on svc nodes. |
| sysops | users with global root | sysops can sudo to root on all nodes, as well as access any node that we run. Users in this group also have access to the Linode master panel |