response 1 of 128:

Sep 23 14:53 UTC 2006

Continuing the discussion that started in item #362, I have some comments.
As you may or may not know, spooked granted me access to the wheel group for
purposes of installing changes to the way in which grex does password
authentication.  Those changes had been open for discussion in the garage
conference for more than a week with uniformly positive reaction, and it was
in the garage conference that Mic said he'd put me in the wheel group, a
side effect of which is root access via the use of the sudo command).  That
said, I was not prepared to install them as I wanted to hear from more staff
members before going ahead (a question to that affect was posted by me in
garage), but it was nice to have the access to snoop around and see how
hard it would be.

Evidently, however, he didn't alert the rest of staff that he was putting me
in wheel.  I was unaware of that.  I used that access and added myself to
the staff conference ulist so that I could post a notice once I was finished
making the aforementioned changes.

Sometime very shortly thereafter, Steve noticed this change and (a) removed
me from the staff ulist, (b) changed the /etc/group file to remove me from
the wheel group (thus, in effect, revoking root access), and (c) evidently
removed spooked from the staff ulist and from the wheel group, effectively
removing him from staff.

I was happily compiling software while Steve was doing this.  When I noticed
that sudo no longer worked, and I couldn't get into the staff conference, I
did a "w" and saw that Steve was the only staff member logged in and active.
I asked him, via write, if he had removed me from wheel.  He said he had; I
will post the trascript of our conversation later.  I found it personally
offensive and rude.

Remmers posted the official grex policy for root access.  To quote:

Staff Membership - November 16, 1994
------------------------------------
Staff with permanent root access may at its discretion grant specific
resources to qualified individuals for the purpose of performing work that
is beneficial to Grex. Examples of such resources would be write access to
selected directories in order to modify data files or to install software.
In the the event of an emergency, temporary root access may be granted by
any permanent root.
Permanent root access, access to the staff conference, and access to the
"baff" mailing list shall be with the advice and consent of the Board.
-----------------------------------------------------------------------
See http://cyberspace.org/local/grex/policy.html for this and other
policies adopted by the Board.

Remmers then stated:
"This policy allows temporary root access to non-staff in an emergency,
 which this was not.  It requires board approval for access to the staff
 conference, which was not obtained."

To which I have the following comments: The staff conference thing is my
mistake, as I acknowleged in item #362.  All I can say is that I'd forgotten
about the policy, and should have checked.  I'm guilty.  Line up the firing
squad and let's get it over with.

However, I submit that Mic's actions are in keeping with the above quoted
policy.  In particular: Mic did not give me the root password; he put me in
the wheel group.  This is not unrestricted access, it is a specific mode of
access.  The difference is subtle, to be sure, but still there.  Also,
granting access to that group is granting access to specific resources for
the purpose of performing work that is beneficial to Grex.

What's more, that level of access for "write access ... to install software"
is necessary for the changes I have made.  In particular, writing to
newuser, the passwd program, the login_grexpass program, and wnu all require
access to the root account to set permissions appropriately.  What's more,
these all live in directories where it is not reasonable to grant my account
(or any other non-privileged account) write access.  How could *anyone*
reasonably be expected to install such things without such access?  It could
be argued that such access should not have been granted until I was actually
ready to install these programs, I suppose.

Then, there's the matter of Steve's reaction.  Steve has removed spooked
from the staff conference ulist, as well as the wheel group, and I wouldn't
be surprised if he has also changed the root password.  This is a gross
over-reaction and wholly inappropriate.  It is not at all clear that spooked
violated grex policy, as I have outlined above.  He didn't add me to the
staff conference, I did, which was clearly a mistake on my part; he
shouldn't have to pay any sort of consequences for that, nor did he hand out
the root password to anyone.  He gave an appropriate level of access to a
specific resource in accordance with the stated policy.  If he's guilty of
anything, it's of doing so prematurely.

And what gives Steve the right to remove people from staff?  Shouldn't that
be a board decision?  I can see that, in the case where a staff member goes
crazy and damages the system another staffer might have to take emergency
action to prevent major damage, but that was clearly not what was happening
last night; I really doubt that spooked was going to try and add me to
anything again after Steve expressed such clear displeasure with it.  Fine:
me with root access is a contensious issue, let it be discussed by the board
and staff and whomever else; perhaps Mic made a mistake.  Perhaps he
interpreted the policy as I have.  But could Steve have seriously thought
that Mic was going to damage the system?  Surely not.  And why remove
spooked from the staff conference, not even allowing him a forum to defend
his actions to other staff members?

And then there was the way Steve treated me, which I am quite upset about.
His beef is arguably with Mic, and yet his tone and statements to me were
condescending and rude.  Now personally, I don't think he *should* have a
beef with Mic, but if he does, he certainly shouldn't be taking it out on
someone *else* who was volunteering to improve grex.  He should go discuss
it with Mic like a rational adult.

But maybe I'm just being overly sensitive; I welcome other opinions on the
matter.  Here is the transcript of my online conversation with Steve online
last night, slightly edited for formating and to make clear who was saying
what: you be the judge.

Personally, I think this whole thing is a series of unfortunate
misunderstandings.  It clearly highlights some changes that need to be made
to grex policies: in particular, staff needs to actually read garage and
read coop, and the root access policy should be clarified with what exactly
it means to grant specific resources to non-staff members for specific
things, and under what circumstances a permanent staff members privileges
may be revoked without board approval.

----
: grex 1793; write steve
Writing to steve on ttypl...
DAN:
I take it you just removed me from wheel?

Telegram from steve (root) on ttypl at 22:58 EDT ...
STEVE:
yes?                     
EOF (steve)

Message from steve (root) on ttypl at 22:58 EDT ...

: grex 1794; write steve
Writing to steve on ttypl...
DAN:
May I ask why?                                           
o

STEVE:
Why?
You have to ask?
jesus

DAN:
Uh, yes?
o

STEVE:
I don't know hw you snookered kic into doing that, but underhanded
methods of getting root aren't appreciated here.

DAN:
Pardon me??
o

STEVE:
mic put you in wheel in /etc/group and readded you to the ulist
on staff.
o

DAN:
Mic put me into the wheel group as per the contents of item 27 in garage.
I put myself into the ulist on staff so I could announce when the conetnts
of said item had been carried out.  I'm sorry, I must be missing something
here. What is underhanded about any of that? o

STEVE:
that is tantamount to handing out root dan. you know that.
o

DAN:
And why is that a problem, Steve?
o

STEVE:
Dan if you don't understand that, I don't think I can explain it to you.
o

DAN:
I think you should try.  Have you read item 27 in garage?
Besides, as you know, I have had root access to grex before.  I think I can
be trusted not to damage the system.
o

STEVE:
That is not the issue.
I don't think you'd screw up the system
but for a staff person to give ANYONE the root password without
at LEAST telling everyone on baff, is really a gigantic problem.
and, no I have not read item 27.  I guess I will.  is it a 
major problem?

DAN:
o?

STEVE:
sorrry - staff cf or garage?
o

DAN:
(garage)
o

DAN (again):

No, it is not a major problem.  It is a proposal to move to the system standard
password hashing scheme.  However.
(a) I submit to you that whatever Mic does is really beyond my control.
(b) I object to your characterization of my request for root access as
"snookering" someone into anything, and your labeling it as underhanded.
(c) If Mic does something without telling baff, how precisely am I supposed  
to know that?
o

STEVE:
I don't know.  OK, I'll retract the word underhanded.  Instead I will use
the phrase "POORLY thought out" and will not retract that.

DAN:

Are you referring to Mic or myself?

STEVE:
I need to tend to a machine for a new minutes. still at work
that phrase refers to both of you.

DAN:

(Take your time in replying)
May I ask WHY it refers to me?

STEVE:
Mic, for granting root level access to someone, quite regardless of
your past staff status.  You, for accepting it.

DAN:
o?

STEVE:
o

DAN:
I fail to see how accepting something that had been publically requested is
poorly thought out.
I further fail to see how it's snookering anyone into anything.
o

DAN (again):

(And I use such strong language because I still find your initial
characterization uncalled for and rude in the extreme.  Steve, I respect you,
but I do feel somewhat offended.  You see to view me as the enemy, and I don't
understand why, and it ranckles. o

STEVE:
back for just a sec, getting a manual.  Dan, you are in the armed services,
correct?

DAN:
Yes. I am.  Why do you ask?
o

STEVE:
If you did something that was against protocols, others in your organization
would be pissed, right?  Well, isn't that exactly what jhust happened here?

DAN:
o?

STEVE:
The staff and board consult before givig out root acess.  That you were once
staff does  not matter, I do not think.  THAT is what I am pissed about.
does that at least make some sense to you, the violation of protocol.
o

DAN:
a
Well, who do you think violated protocol?  How am I to know that Mic hadn't
consulted the board and staff?
In the military, if one were to give access to a protected resource without
proper authorization, it would be that person that would be punished, not the
person who was granted access.
Do you understand this?
o

STEVE:
you know dan, I honestly think you could be a laywer.  But I will say that
you should have heard something in coop, or email, or SOMETHING somewhere
about your being on staff.  And you didn't.  Mic did that all on his own
and I think you do know that, way down.   Sigh.  Back to the macnhine; I
will come bback once a raid array is formatting.
o

DAN:
Pardon me, Steve, but I did hear something: in Garage.  Naturally, I thought
Mic *had* talked to others.  However, it's becoming clear that at least you
don't read that conference.
o

DAN (again):
(And for the record, deep down, yes, that's what I believe.)

DAN (again):
: grex 1795; write steve
steve logged on more than once
Writing to ttypl...
(Sorry, clearing the screen.)
o

DAN (again)
Steve, are you there?
o

DAN (again, approximately two hours later):
I'll assume you are too busy to respond currently.  I myself am likely going
to sleep.  I hope you'll get involved with the discussion in garage #27 and 
we can go from there; all of the necessary code has been written and tested,
it's merely a matter of installing it.  If people would like me to do that,
I'm perfectly willing, and will wait for staff and board or whomever to vet
me and make it happen.
oo

response 3 of 128:

Sep 23 15:38 UTC 2006

So, let us say I'm sitting at work and I find out that one of my
co-workers either gave a user the domain administrator password or made
them a member of the domain administrator group (both would effectively
give the user full access to every file and resource on every PC and
server). Doing so would be a gross security issue, sure. But if I
reacted to that by changing the administrator password and removing both
the user's and my co-worker's administrative access, I would consider
that overstepping my authority. Basically it would be a clear case of
insubordination, and I would expect a disciplinary reaction from my
supervisor.

I'm not sure if what Steve did was right or wrong. I wouldn't have done
it. I sure as hell wouldn't have removed spooked's access.

I dunno, BoD really needs to step in here.

response 5 of 128:

Sep 23 16:01 UTC 2006

Actually, it isn't so hypothetical. We have a few former IT admins who
have left to work in different departments. Occasionally they ask for
administrative permissions so they can install software onto their PCs.
 They don't get them from me, because they're not mine to give out. We
have clear policies saying who is allowed to give them, and that is who
they need to talk to.

In my hypothetical situation, I would not have taken away anybody's
access (including the user's) because even then it isn't mine to take
away.........I digress.

Do you know what I'm leading to here? Sometimes system administrators
get this feeling of personal ownership of the systems they manage, and
this results in problems when other administrators do things they don't
like.

response 7 of 128:

Sep 23 16:22 UTC 2006

Regarding #5; Ah, okay, I thought you were talking about true generalities,
not your actual work place.

response 9 of 128:

Sep 23 16:41 UTC 2006

Fair enough.  I'd like to get more opinions about this matter.

response 11 of 128:

Sep 23 17:40 UTC 2006

I was, as I have stipulated in the staff conference, giving cross 
only temporary root access.

I was well awares of the bylaw.  If staff is not regularly reading 
garage, then that's not my problem - I would have thought it should 
alongwith coop and staff be on their list of conferences (they are the 
only three conferences I read, for example).

Getting back to temporary root access only (via sudo), this is why I added 
cross to group wheel only, and not to group staff. 

As an aside, I find it amusing  that Marcus has finally come out of 
the woodwork to participate again.  If nothing else has been achieved, 
I feel pleased in triggering that event.

response 13 of 128:

Sep 23 18:32 UTC 2006

Regarding #10; I respectfully disagree with the bulk of your argument.  If
Steve slights Mic, then Mic has every right to expect an apology from Steve.
But I don't think that's what anybody is looking for here.  You are correct,
in my opinion, that the policy is ambiguous.  I think one can make an
argument on one hand that Mic's actions violated the spirit of the policy,
and one can make an equally strong argument on the other hand that they did
not.

I do not feel that Steve's actions with revoking Mic's access were in any
way justified.  If he felt that there was some threat to the system at the
time, then perhaps, but I find it utterly perplexing that Steve could think
such a thing.  Surely he didn't think anything malicious was going on; by
his own admission he was not worried about me messing up the system.

Further, with respect to the proposed changes to the system, if one reads
the garage group, one will notice that I requested concensus *after* Mic put
me in wheel and *before* making any permanent changes to the system.

Regarding #12; It had more to do with tone and demeanor and some specific
comments than the main theme of Steve's lecture to me.

But let's not get sidetracked by definitions of what it means to be rude.  I
do not think it will be profitible to engage in arguments over what the
meaning of "is" is.  Suffice it to say that I found Steve's behavior toward
me rude and condescending, and yes, I am upset about that.

But more important than that, this incident has clearly highlighted the need
for a revised policy that spells out *exactly* when root access can be
granted to non-permanent-staff (be they former permanent-staff or not, what
*exactly* does it mean to give them permissions to write to some directory
and install something *if* that demands that they be root to do so?), as
well as when staff members can revoke the privileges of other staff members.
Currently, no policy addressing the former exists at all, even though one
should have been created *immediately* in the aftermath of the Valerie
incident.

And for the record, I'm not sure that I would say that people don't get
along.  I'm sure, if Steve and I met face to face and had a talk, we'd get
along just fine, and I know I'd like access to some of his wife's recipes.
That I feel he was rude to me in this situation doesn't change my opinion of
him as a fine parent, technically savvy individual, and generous human being
who gives freely of his time and expertise.  But here, I'm more concerned
with issues of policy.

response 15 of 128:

Sep 23 19:49 UTC 2006

(I think it's medically impossible for me to have anybody's babies... :-))

I do think that grex staff's present atmosphere (at least, the way it was when
I left staff) discourages new participation and ideas.  As it stands, there
are, implicitly, certain staff members who you have to get approval from in
order to make changes to the system.  I'm talking about concensus and
discussion, but actually approval.

response 17 of 128:

Sep 24 03:36 UTC 2006

Haha!  With respect to your last sentence, probably never.

However, garage is the "grex configuration and what not" conference.  Coop
is for policy decisions, not technical decisions.  At least, that's how I've
always understood things.

Glenda, I'd be interested in your input in item 27 in garage.

response 19 of 128:

Sep 24 04:57 UTC 2006

I guess I'm a sucker.  I'm the kind of guy that adopts stray cats.  Yes, I
was offended, but I just can't help trying to do something if I think it's
the right thing to do.

response 21 of 128:

Sep 24 05:10 UTC 2006

This really is a case of steVE's knee-jerk reactions.  The fact that he
admitted to not keeping up with garage and yet was pretty snappy with removing
cross' and spooked's staff priviledges shows that steVE doesn't care nearly
as much about the technical aspects of how GreX is run as to how he wants it
to be run.  Here, we had cross and spooked taking their own initiative
(something which should be considered a virtue among staff members) to improve
GreX, and what do they get ? A summary eviction from someone who has half
their technical competence.

The fact that cross and spooked took the time to explain themselves very
clearly in this item, instead of telling steVE to go screw himself, further
puts forward their merits as good hard-working staff members who are valuable
to the system.

The sad thing is that steVE would probably had done nothing had he seen
valerie with root privileges last night.  It's really a matter of his personal
ego, which has been more and more apparent since scholar came out with a bunch
of new member proposals.

response 23 of 128:

Sep 24 05:23 UTC 2006

Regarding #20; But root access, granted within set parameters to a known
trustable individual, can be considered a specific resource.  That is my
argument.  In this case, chown and chgrp were not sufficient, since every
program under consideration needed to be installed setuid to root.  What's
more, changes would need to be made to grexdoc (at least temporarily. 
Actually, in the long term, as well, since the customizations to the password
code in grexdoc would need to be undone).

My earlier proposal for NOT changing the hash was to afford MDW the
opportunity to play with Kerberos and his hash algorithm.  However, he has
been largely inactive.  This morning at around 0600 was the first time he'd
logged in in nearly a year.  It does not make sense to continue expending
staff resources for a project that Marcus may or may nor pursue, particularly
when there are other options for implementing that project.