|
Grex > Oldcoop > #12: Mom, Dad? Where do new Grex staffers come from? |  |
|
| Author |
Message |
| 25 new of 56 responses total. |
remmers
|
|
response 25 of 56:
|
May 11 11:32 UTC 2003 |
I think it's mainly for accountability -- knowing which root
did what. And to give each person with root privileges their own
"root" directory.
There are a number of administrative tasks that entail modifying
certain files and directories but don't require full root access.
So far that's been handled via special accounts and groups -- for
example, there's the "cfadm" account for the conference administrator
and the "partyadm" account for the party administrator. "Sudo"
might be a better tool for managing that. I don't think we have it
on the current Grex, but we certainly will when we move to OpenBSD.
I'm really glad to see folks expressing interest in doing staff work.
Some of the folks speaking up are ones that have been in the back of
my mind as potential staff material.
|
remmers
|
|
response 26 of 56:
|
May 11 11:49 UTC 2003 |
Maybe this is a good time to review the procedure for adding new
staff. Basically, current staff discusses candidates and makes
a recommendation. If the position requires access to root, the
staff conference, or the staff mailing list, then the recommenda-
tion must be approved by the board. So far, the board has just
rubber-stamped whatever the staff has recommended. But the
requirement of board approval insures that there's public
discussion and a record of the appointment in the minutes, which
I think is a Good Thing.
So for example, if we wanted Dan Cross to do a project that required
limited privileges but not root or access to the staff conference
or mailing list, then current staff could just give him the resources,
with no board approval required. If we wanted him to be a
permanent staff member with access to any of those three specifc
things, the board would have to vote on it.
|
cross
|
|
response 27 of 56:
|
May 12 03:39 UTC 2003 |
Regarding #22; So far as I can see, all of the *oot accounts are
functionally equivalent to root. Sudo gives you more fine-grained
control over access to priviledged functions, and does logging. I don't
see anything about the *oot accounts that tells you who did what.
Regarding #23; Yeah, I think you're right. We did a lot of that stuff in
req and face to face meetings on a blackboard. It wasn't as formal as in
industry, but served the purpose well enough. It's probably impractical
for grex.
Regarding #24 and #25; The thing about home directories I guess I can
kind of see; sudo would do away with the need for that. But logging or
auditing; it doesn't seem like it would help out much. I guess if each
root account had a history file, it might; but sudo would fix that by
logging to a central place. Otherwise, there's not much of an audit trail
to follow. That is, I don't see how one can tell which root did what.
In general, I like the idea of moving seperate administrative tasks to
other accounts and/or groups. I think it's a good way to partition the
access space.
Regarding #26; So, what happens now? I think four or five people have
either volunteered or been volunteered for staff. What kind of turn
around time are we looking at?
|
spooked
|
|
response 28 of 56:
|
May 12 07:15 UTC 2003 |
There is no turn around time guarantee - but, I assume staff can discuss
this and bring a list of candidates to the next BoD meeting, for approval.
|
gull
|
|
response 29 of 56:
|
May 12 13:01 UTC 2003 |
Dan's suggestion is good. Using 'sudo' for root tasks should be
considered for the next Grex, at very least. It solves a lot of tricky
problems. You can even restrict people to being able to run some
programs as root but not others.
|
scott
|
|
response 30 of 56:
|
May 12 13:46 UTC 2003 |
Actually there's one task anyone could do, which would help with doing stuff
via sudo - writing scripts to do a lot of the dumb stuff we do on a
case-by-case basis. Granted I should do a few myself, but I'm terrible at
starting projects. Stuff like deleting any bots/bouncers from a home
directory, maybe checking in /tmp for same, and leaving a warning-message
file.
One problem I can see with limiting things to scripts is that a lot of vandals
and IRC bot/bouncer people tend to try to bring things in with different file
names, put them in "hidden" ("...") directories, and other things. So
ultimately we're still faced with having to give somebody permission to delet
random files in people's home directories.
|
cross
|
|
response 31 of 56:
|
May 24 23:25 UTC 2003 |
I wanted to restart this item; has any traction happened on this? It seems
like it's important enough not to let slip through the cracks.
|
polytarp
|
|
response 32 of 56:
|
May 24 23:52 UTC 2003 |
I WANT TO BE AN IRC OPERATOR!
|
janc
|
|
response 33 of 56:
|
May 25 02:11 UTC 2003 |
The usual procedure is for staff to discuss staff candidates at a (closed to
the public) staff meeting. We should really have one of those, sometime soon,
to discuss the next steps on the next grex, and other issues. Board approval
is then needed to formally add people to staff. So there is going to be a
bit of a bureaucratic time delay.
In the meantime, candidates may like to make themselves useful. Participate
in the discussions in garage. I'll give people likely to have a contribution
non-root accounts on the new Grex machine (Dan, for instance, has run some
benchmarks there).
People interested in being staff might help us in giving us a clue as to what
kind of role they see for themselves.
|
mary
|
|
response 34 of 56:
|
May 25 16:06 UTC 2003 |
Just curious here - would you think you'd get more staff
involved in selecting new staff if you had this discussion
face-to-face or in email?
|
janc
|
|
response 35 of 56:
|
May 26 00:30 UTC 2003 |
Some staff don't read the conferences, some staff don't read email, some staff
don't attend meetings. Any medium works, if only you can get people there.
|
jp2
|
|
response 36 of 56:
|
Jun 4 15:04 UTC 2003 |
This response has been erased.
|
janc
|
|
response 37 of 56:
|
Jun 5 02:55 UTC 2003 |
One thing that occurs to me is that it might be useful to have a clear list
of who wants to be on staff before the next staff meeting (whenever that is).
It would certainly make the discussion a bit easier if we were clear on who
we were talking about and what capacity they were interested in serving on
staff.
If people post here, or send email to someone (not staff@grex.org - that's
really only read once a week by srw) if you prefer not to make a big public
noise.
I think the following people have made noises about being interested in
being on staff.
kip - root staff
cross - root staff
other - non-root staff
carson - dunno
gelinas - dunno
I've had time to talk to kip about this. I've talked to many of the others
about many other things, but not about this.
If Dan is actually interested in working on staff, I'd be interested in
hearing how he sees this working. Neither strong opinions on how things
should be done, nor living too far away to be able to attend meetings are
disqualifications for being on staff. We have staff members in each catagory.
But we've never had one in both categories. Face-to-face meetings are
usually the best way to resolve divergent opinions. We did manage to converge
pretty well on the discussion of RAID in the garage conference, so perhaps
the problem isn't hopeless, but it does worry me.
|
carson
|
|
response 38 of 56:
|
Jun 5 03:02 UTC 2003 |
(I'd be interested in being a partyadm [and cfadm, although less so]. that
said, Grex could certainly use more than one new partyadm at the moment.)
|
gelinas
|
|
response 39 of 56:
|
Jun 5 03:04 UTC 2003 |
I want to serve in any capacity needed, up to and including root staff.
|
cross
|
|
response 40 of 56:
|
Jun 5 03:33 UTC 2003 |
Oh, don't worry about that. My opinions are just that, opinions. I do
have a tendency to argue for them strongly---too strongly at times---but I
wouldn't force anyone to do anything they didn't really feel comfortable
with, and when I'm in a position of responsibility, I tend to mellow out
much more. That is to say, it's easy to be an advocate from the outside,
it's much harder to do so from the inside because all of a sudden you're
much more aware of all the constraints you're facing, and it's better
to just be pragmatic, which often means compromise.
Back in the day when I was a sysadmin, many of my collegues would laugh at
overzealous graduate students who wanted to replace existing large scale
systems with things taken out of research. I prided myself on taking
a middle ground, where I would recognize that yes, perhaps that was the
*right* way to do it, but unworkable given the real world complexities
of the system in question. I often advocated for thinking along the
researcher's lines and looking for a way to incorporate their work,
even if it wasn't practical to do a complete reimplementation.
Also, bear in mind, I'm a New Yorker and was born in raised in the
Northeast. Being confrontational is in my nature. However, if you met me
in person, I think you'd come to find I was actually a pretty easy going
and friendly guy that doesn't like conflict except in the good-natured
sort of way you find amongst people hanging out on a stoop in Brookyln.
|
spooked
|
|
response 41 of 56:
|
Jun 5 08:04 UTC 2003 |
I hereby wish to appoint gelinas, carson, and other as partyadm's.
Can I have another staffer second my recommendation, please?
|
janc
|
|
response 42 of 56:
|
Jun 5 13:19 UTC 2003 |
Seconded.
|
twenex
|
|
response 43 of 56:
|
Jul 5 15:56 UTC 2003 |
This is a two-parter.
1. I'd like to see cross giv en a position, if he still wants one. He seems
to be a responsible, respectable guy, and to have self-confidence, rahter than
arrogance.
2. I'd like to volunteer to be a staffer. I'm new here, but not new to
UNIX/Linux. I have been running Linux for a total of about 4 years now, tho
my present system is currently a WinXP (a situation i hope to change in the
near future). Aside from anything else, i'd like the following points to be
considered:
When it is available, UNIX/Linux is my primary system. This means i don't just
tinker with it from time to time. I've been known to sit and unalias MDK's
rm and cp, etc. from "rm -i", to avoid making mistakes on other systems and
get too comfortable with rm etc.
I'd like to state upfront that I am in the UK (as many of you will know
already), with zero chance of being able to come to the US for the
foreseeable future. On the plus side, I presently have a lot of time i can
devote to GREX, tho i hope this will decrease in future by virtue of getting
a job. However, I don't plan to disappear once in gainful employment.
If there are any jobs that need doing that can be done without root
privileges, i'd be happy to do that. GREX needs people. I'd be honoured to
be one of the people GREX needs.
2a. I'm glad UNIX command spellings don't change depending on what side of
the Atlantic you're on :P
|
twenex
|
|
response 44 of 56:
|
Jul 5 15:59 UTC 2003 |
Addendum
Did i mention i'm somewhat familiar with FreeBSD (and therefore *BSD)? And
if you're loking for someone with fw experience, maybe i could try in a few
years ago, but right now a UK conf would be a great idea.
|
cross
|
|
response 45 of 56:
|
Jul 5 18:48 UTC 2003 |
Thanks for the vote of confidence, I appreciate it. However, I would
be remiss if I didn't admit that I *can* be arrogant at times. :-)
|
twenex
|
|
response 46 of 56:
|
Jul 5 20:09 UTC 2003 |
No problem, and duly noted :P. And of course, that "years ago" in #44 should
be "years' time".
My 2 pence :P
|
jmsaul
|
|
response 47 of 56:
|
Jul 6 05:59 UTC 2003 |
Re #45: Wow, that would be unusual on the Grex staff.
|
cross
|
|
response 48 of 56:
|
Jul 6 15:32 UTC 2003 |
Heh. :-)
|
mynxcat
|
|
response 49 of 56:
|
Jul 11 15:53 UTC 2003 |
I would volunteer to be on staff, cept that I know very little about
unix :P
|