|
Grex > Coop > #232: Taking root access from non participatants | |
|
| Author |
Message |
| 25 new of 126 responses total. |
gelinas
|
|
response 31 of 126:
| 
Jul 4 03:17 UTC 2008 |
Note that unicorn is not the only one lacking the skill: STeve disabled
newuser because _he_ had no other way of stopping the attacks, either.
|
scholar
|
|
response 32 of 126:
|
Jul 4 03:31 UTC 2008 |
and certainly not because that was just the easier way to stop it.
|
lar
|
|
response 33 of 126:
|
Jul 4 03:39 UTC 2008 |
Should have went with freebsd like cross suggested. m-net is
impervious to his attacks even with our old version
|
lar
|
|
response 34 of 126:
|
Jul 4 04:41 UTC 2008 |
ie: cat < /***/***| grep "*" > /***/*** &
(modified because some bozo is likely to try it again, if you're in
the know you know what goes in place of the "*")
It's sad that any user who runs this 15 times can bring grex down for
a week. That's what happened a few months back when we were kept out
of the loop. mickeyd ran it 15 times and grex went down like naftee's
mom.
|
keesan
|
|
response 35 of 126:
|
Jul 4 15:17 UTC 2008 |
Perhaps one of our vandals has the expertise to explain the fix?
|
lar
|
|
response 36 of 126:
|
Jul 5 01:14 UTC 2008 |
The fix is to turn off newuser and keep the vandal from the handle.
Anyone who did this could still bring grex down at this point,although I
don't want to run it to prove the point.
|
veek
|
|
response 37 of 126:
|
Jul 5 04:26 UTC 2008 |
Re #25 #27 #31 are bang on! Chuck you need to ignore Lar's rubbish.
Before you signed up, Chad was gnawing on my foot and n8's, and making
an ass of himself with tel floods and what not! Why are we wasting time
even replying to this rubbish?? Let's not mention Chad ever again in
serious discussion! He's like a black hole sucking up peoples time!!
I'm not happy that new-user is turned off but there are no other
practical alternatives besides hosting, and that won't solve abuse
issues! I'd suggest "helpers" with more power to kick idiots off the box
(what's wrong with n8 policing the box??), and I'd like to help (website
updates), but I'd also like to stay anonymous, at least from all but
treasurer (that would exlude cross, steve, remmers, etc)! *hehe* it
would also be fun to watch n8 kicking Chad out when he acts like an ass
*grin* the vast quantities of pleasure i would derive watching chad
froth and fume :)
|
glenda
|
|
response 38 of 126:
|
Jul 5 04:43 UTC 2008 |
Larry,
I would like to know why you think that I should have my root access
removed. I would hate to think that you are shallow enough to think
that just because I am married to STeve...
|
lar
|
|
response 39 of 126:
|
Jul 5 06:44 UTC 2008 |
re#37
"it
would also be fun to watch n8 kicking Chad out when he acts like an ass
*grin* the vast quantities of pleasure i would derive watching chad
froth and fume :)"
I bet you would,considering how he's made an idiot out of you in m-net
general. You lack the skills needed to be given the keys to the kingdom
although it would be fun to watch chad pwn you here on grex when you
tried to boot him.
re#38
It's not that at all. What do you need root access for? If you need it
and participate I don't have a problem with you keeping it. The problem
I have is someone marching in and making a decision that effects
everyone without any sort of accountability.
|
glenda
|
|
response 40 of 126:
|
Jul 6 04:25 UTC 2008 |
Then why do you name me by name as needing to have my root access
pulled? You have no idea what I do or don't do as staff. I report to
the board and to the other staff members, not to you.
I find it insulting that you name me and STeve as needing our root
pulled, and Chuck's should be pulled because he doesn't log in. How do
YOU know who logs in and who doesn't. When you log in via the web
interface, it doesn't show up under a last command. Who died and made
you in charge of who should and shouldn't have root access?
|
lar
|
|
response 41 of 126:
|
Jul 6 06:35 UTC 2008 |
I find it insulting that steve logs in and turns newuser off without any
accountability whatsoever. It's appalling that you would flame someone
who makes an issue about this. It seems like you're only offended at
someone suggesting that your root powers be removed. THAT"s when you get
your panties all in a bunch and decide to participate in the discussion.
While it is true that "last" doesn't record a login via the web
interface there are other logs that do.
"Who died and made
you in charge of who should and shouldn't have root access?"
What do YOU need root access for? What do you actually do with it? When
is the last time you found a system hole and plugged it? When is the
last time you stopped a vandal in his tracks? Even STeve wasn't able to
stop cdalten except by turning newuser off. And ALL you moan about is
someone DARING to suggest that the great and mighty monarchs of grex(
you and steve) give up root access. Steve sound lose root powers because
of his prima dona cowboy attitude concerning newuser. When everyone
asked why it was off he was too unconcerned to even defend the action.
|
lar
|
|
response 42 of 126:
|
Jul 6 12:38 UTC 2008 |
As for naming you. I 'm sure you would resent steve/ being denied root
enough to give him the password so the move is a pre-emptive one for
security's sake. You don't need it anyway. Maybe you two want this box
on your front porch for the cats to sleep in as well?
|
mary
|
|
response 43 of 126:
|
Jul 6 13:22 UTC 2008 |
I'm for giving lar root. TS too. Anyone else?
|
nharmon
|
|
response 44 of 126:
|
Jul 6 14:01 UTC 2008 |
Why does everyone need root? Seems to me there should be one or two
"senior staffers" who have the root password (and write it down
somewhere secure), and then delegate authority on the system via
something like sudo.
|
slynne
|
|
response 45 of 126:
|
Jul 6 14:17 UTC 2008 |
resp:43 Why not? I suspect that lar would quickly find out what it feels
like to get heaps of abuse thrown at him for volunteering his time and I
can only think of one or two people who could use such a lesson more
than he can. I don't know if his technical skills are up to the task but
assuming they are, he does log on here regularly enough to be an asset.
I don't have any reason to suspect that he would abuse such a staff
position.
|
mary
|
|
response 46 of 126:
|
Jul 6 14:59 UTC 2008 |
I agree.
|
tod
|
|
response 47 of 126:
|
Jul 6 16:37 UTC 2008 |
re #40
You have no idea what I do or don't do as staff.
We've kind of been having this discussion about staff accountability and
knowing what it is that staff does. Maybe you could outline for lar and some
others to give them an idea?
|
glenda
|
|
response 48 of 126:
|
Jul 7 00:51 UTC 2008 |
The biggest and main reason I have root is because I am one of the
locals on the list with access to the machine for reboots. Sometimes it
requires more than just pushing the reset button.
And no, if steve wasn't to have the root password and I did, I would not
give it to him. We do not, and never have shared passwords. I have my
own account and password on his machine, he has the same on mine. We
may be married, but we are and always will be separate people. The only
time I have had his password was when I helped him to update all his
machines at work. He does a major test to make sure all the patches,
etc. have been applied to those machines a couple of times a year. He
then changes the admin password on them afterwards. If I had root and
he didn't and I needed his expertise to fix something, he would walk Me
through it. That is how we work together. If he has more knowledge in
an area, he walks me through it so that I learn how to do it on my own.
If I know more, I walk him through it so he learns how.
You also can't truly say that STeve turned off newuser without any
accountability whatsoever. You are not privy to the discussions in the
staff conference as you are not staff. It is true that he doesn't
actively participate in the different conferences, and that he doesn't
log on everyday. He has a lot of other obligations that have to come
first. He has been trying to come up with a solution to the problem
ever since he turned newuser off. He didn't just turn it off, say it
was a lost cause, and forget about it.
|
mcnally
|
|
response 49 of 126:
|
Jul 7 01:28 UTC 2008 |
I'm trying to stay out of this fight, but I want to point out that
whatever discussion may have occurred in the staff conference is
irrelevant to the question of whether staff acted accountably.
I also don't think it's a fair argument tactic to rebut someone
else's claims by referring to information which practically nobody
is entitled to read. Glenda is probably right that nobody has any
idea what she and other staff members are doing to help the system.
But when the only record of what gets done in a non-public conference,
whose fault is that?
|
tod
|
|
response 50 of 126:
|
Jul 7 02:27 UTC 2008 |
re #49
But when the only record of what gets done in a non-public conference,
whose fault is that?
I agree the accountability should be more transparent. I'm avoiding
blaming since I'm way out of the loop. I can't imagine that there are too
many national security secrets discussed, though. Therefore, a summary or
couple blips of what each staffer does/when would be nice. It'd make life
easier for troubleshooting major outages I'd assume.
|
hungus
|
|
response 51 of 126:
|
Jul 8 16:54 UTC 2008 |
I think steve and glenda should have their root privileges pulled because they
thing they're entitled to it, and there's nothing quite as offensive as
entitlement.
|
tod
|
|
response 52 of 126:
|
Jul 8 17:18 UTC 2008 |
I've heard that a lack of budget can be worse than entitlement.
|
hungus
|
|
response 53 of 126:
|
Jul 8 21:48 UTC 2008 |
(Rimshot).
|
glenda
|
|
response 54 of 126:
|
Jul 9 00:07 UTC 2008 |
I don't feel, and never have felt, that ANYONE was entitled to have root
privileges. Only those that need them to do jobs requiring them should
have them.
|
cross
|
|
response 55 of 126:
|
Jul 10 00:15 UTC 2008 |
I don't see much utility in pointing fingers and playing the blame game
on newuser being off, but let's be honest: there wasn't any discussion
in the staff conference. Here's the only mention of the issue:
----
response 555 of 559: Feb 14 19:26 EST 2008
Brought Grex back up after mickeyd crashed the system.
Newuser is off till we get it moderated or the latest version
of OpenBSD installed which fixes this problem.
----
(That's from Steve. Of course, no one [including me] mentioned it
later.)
Further, it's worth noting that the following guidelines were posted by
Jan in April of 2007 on staff decision making:
----
Policies on staff decision making Apr 2 12:55 EDT 2007
Last night we had some discussion of staff decision making procedures.
I've posted a summary of them to coop, but I thought a copy should go
here too.
-------------------
I guess I should have kept notes during the joint staff/board meeting.
I didn't. This is from memory. It was not run as a formal meeting, but
as a discussion to establish some ground procedures for how staff should
work.
Traditionally the Grex board has operated by consensus. We would
regularly meet, discuss things that needed to be done, and reach a
consensus on how an whether they should be done. This worked very well
for many years, but in the last few years has largely broken down.
Staff has actually met very infrequently, and it is hard to come to
consensus if you only discuss things on-line or in email. Furthermore,
many of the staff people who used to be very active (myself and Marcus,
notably) are now much less active, and do not always keep up with the
current issues on Grex. They've become kind of intermittant staff. How
do you form consensus with people who aren't even listening to the
discussion? We also increasingly have staff in remote locations, which
makes meetings to reach consensus more difficult.
Suggestions arising out of this include:
- Staff should resume meeting regularly, probably bi-monthly at least.
The conference phone should be available, so people can call in.
(Staff has not, however, scheduled it's next staff meeting. I
wonder if we should make a habit of meeting after board meetings?)
- The staff conference is to be considered the main place for
discussion of things to do. If a staff member raised a topic in
the staff conference, and got no negative feedback, they are
welcome to feel free to go ahead. They don't necessarily need to
seek input from people who aren't currently actively reading the
staff conference and keeping up on things, though they may, in
some cases, WANT to do so. We understand that staff members are
sometimes busy and have to drop out of the loop for a while, but
things need to be able to go on without them if they are out of
the loop.
- Some things don't actually require a lot of staff consensus.
In an emergency, the staff on hand need to act independently on
their own best judgement. They should obviously make an effort
to inform other staff of what they are doing or what the did.
Some changes to Grex are fairly limited and local. If you are
installing a newer version of 'tcl' that has very limited impact
on the system. The only thing you're doing that a regular user
couldn't do is putting it in a system directory where everyone
can easily access it. Modifying things more central the operating
system that might impact other parts of the system or overall
system security would require more discussion.
- Of course, other changes may require broader discussion in the
coop conference and/or at a board meeting. These are changes that
impact the user interface routinely experienced by many users,
or changes that have policy implications.
----
Note the part on emergencies: it seems that Steve certainly acted within
the guidelines set forth by the board. The problem is that none of us
bothered to follow up (again, myself included).
Grex does have a problem: what to do with too lots of inactive staff who
plain don't have time and a community that has needs. How do we get
back to where we need to be?
Personally, I'd like to see some constructive input on this. Lar's and
Mary's button-pushing isn't getting us anywhere, and neither is the
complaining coming from tsty and Rane. Nor is my inaction. What's the
best course of action?
|