|
Grex > Oldcoop > #363: The Temporary Cross Root Incident Item | |
|
| Author |
Message |
| 25 new of 128 responses total. |
steve
|
|
response 50 of 128:
| 
Sep 25 23:06 UTC 2006 |
When I get home I'll enter stuff here. I'm trying to get stuff done at
work at the moment.
|
cross
|
|
response 51 of 128:
|
Sep 25 23:29 UTC 2006 |
Regarding #50; Very well.
Regarding #49; Against who?
|
cross
|
|
response 52 of 128:
|
Sep 25 23:33 UTC 2006 |
Regarding #48; That seems like a reasonable idea.
|
eprom
|
|
response 53 of 128:
|
Sep 26 00:21 UTC 2006 |
when grex was perpetually down a few months agos, and nobody on staff
would step up to the plate to take responsibilty for the machine, I
suggested that there be a designated sysadmin position, and a few
people started whining about how it was only a volunteer position and
that grex operates on a system where all the staff does their own thing,
essentially.
Funny, now that grex is working fine again, steve wants to act as a
defacto sysadmin and be the judge, jury and executioner of who's on
staff at his discretion.
|
nharmon
|
|
response 54 of 128:
|
Sep 26 00:28 UTC 2006 |
Well, I think there should be a sysadmin. I think the board should adopt
time tested practices on IT organization. But until that happens
formally, anybody who takes it upon themselves to act as the defacto
sysadmin is being insubordinate.
|
cross
|
|
response 55 of 128:
|
Sep 26 00:43 UTC 2006 |
I'm not opposed to the idea (not that my opinion really matters). When you
proposed that, Jeff, I was for it. I think Nate's proposal is a little
different, which is why I've got some questions. In theory, it's a good idea.
In practice given grex's culture, I'm afraid it might have the opposite of
the intended effect.
|
tod
|
|
response 56 of 128:
|
Sep 26 00:52 UTC 2006 |
The other way to do it is to list all the homegrown apps along with owner from
staff and then everybody on staff agrees on who gets what. For now, lets just
say everything in ./ belongs to STeve.
*snicker*
|
cross
|
|
response 57 of 128:
|
Sep 26 00:55 UTC 2006 |
(Or get rid of as many of the home-grown apps as possible....)
|
vivekm1234
|
|
response 58 of 128:
|
Sep 26 03:18 UTC 2006 |
I think the reason Mic's perms haven't been restored is because the board has
to pass judgement first. I sense a difference in thinking; Staff does things
by the book (follows procedure) and i wouldn't be surprised if it was all a
little formal <grin>, hehe, knocking the gavel and all that..nice and stody
is the word that comes to mind <g>. Anyway, where as you guys just want it
done quickly..mick's innocent, that's conclusive since the charter is
ambiguous etc etc..so just heave him back in pronto and get on with things is
what you guys want to do.. I personally feel this is wrong though it gets
work done quickly.
About the root access thing: I don't feel it would be wise to allow one staff
member to grant root without all the other staff members knowing why it was
being given and aprroving it. Instead of abandoning protocol we should try
and make it more efficient.
eg: The trouble as i see it right now is that staff members get held up with
work and don't log into Grex to keep abreast off what's happening.Perhaps we
could do this: After suitable discussion on the conferences one staff member
decides to grant access to cross. Mic then posts on a public conference,
readable by all a draft of what's to be done. Staff gets a copy off it via
email.. So they can't weasel out by saying they had no clue..Would that
suffice?
RE: A sys-admin: Dual control is in-efficient at best. Certainly someone
should be in charge of day to day running while staff handles their respective
jobs. However, the demarcation should be clear and i doubt that's possible.
In the end no system will work if the people involved are crappy or not
dedicated. Ideally Grex should just run itself <g>
|
other
|
|
response 59 of 128:
|
Sep 26 04:39 UTC 2006 |
I've already said that I think the removal of mic's staff privileges is
a violation of protocol, but at this point I want to add that the longer
he remains in this diminished position, the more egregious this
violation becomes.
I respectfully request the immediate restoration of mic's privileges,
and if the board and/or staff decide to take punitive action (a position
I would absolutely and vehemently oppose) they can do it when they have
decided in accordance with policy and protocol. Frankly, I consider the
continuing banishment of a staff member for a harmless violation of an
arguably ambiguous policy to be an inexcusable and damaging overreaction.
|
vivekm1234
|
|
response 60 of 128:
|
Sep 26 07:27 UTC 2006 |
Re #59: How is removal of mic's privileges a violation of protocol? Where does
it say that one staff member CANNOT kick out/deny access/lock out another
staff member? As i see it, mick has/had just as much right to revoke STeve's
permissions, in fact Mick could possibly "break in" to Grex revoke STeve's
perms and i doubt the board can do anything <grin>. Well..they could heave
him out for installing a backdoor, but certainly not for "breaking in"..since
legally he has every right to be "in" and it's just STeve's point of view
against his.
|
spooked
|
|
response 61 of 128:
|
Sep 26 08:30 UTC 2006 |
I am very disillusioned at this point in time with the staff/baff's
position of not restoring my privileges.
In fact, they have not even given me an explanation.
I'll give it another day, and then I'll resign as it's looking more and
more as if that is what they are hoping will eventuate.
*shrugs*
|
cross
|
|
response 62 of 128:
|
Sep 26 13:38 UTC 2006 |
Yeah, the fact that no one has even explained what happened to Mic's access
is really not just bad, but straight rude.
|
vivekm1234
|
|
response 63 of 128:
|
Sep 26 13:56 UTC 2006 |
If the two of you will postpone the suicide till after the board meets we will
all be very grateful! And please don't mind read! It's not rude - the matter
is subjudice - staff can't/should not comment on the matter! In any case since
neither of you have done any wrong whatsoever and since every other Harry on
Grex is rooting for you guys..Sheesh! Whats with the gloomy faces! Plus, it's
prolly only STeve who MAY crib a bit..frankly speaking i doubt he would.
Neither of you may match up to his high ideals (expecting cross to play the
martyrd saint and divine things etc etc) but barring that he should not have
any objections..I'll bet they apologise for causing so much confusion and
verbiage! And i'll bet they say that they appreciate your work, but beyond
that..well don't expect them to crawl..after all the ambiguity wasn't
deliberate..
|
vivekm1234
|
|
response 64 of 128:
|
Sep 26 14:04 UTC 2006 |
Re #61 And don't expect them (staff) to fly to your rescue and bail you out!
They can't because that would be compounding STeve's whatever...in the sense
that..STeve's taken a decision against you..they can't just over-ride him and
heave you back in pronto without first listening to the guy..give it
time..i'll bet they reinstate you with nary a blemish on your charecter.
|
janc
|
|
response 65 of 128:
|
Sep 26 15:56 UTC 2006 |
I can't get into a big fury about this, because, as it happens, I am
pretty confortable with Dan having root access. So no harm done.
However, I agree that this is a pretty huge deviation from accepted
policy. The talk in the policy about granting limited access to
specific users, refered to things like the "cfadm" account and treasurer
account, that allow people to do very specific things in very specific
parts of the system. In some cases, we've given people temporary access
to root, but it was done with a person with official access to root
logging them in and sitting next to them the whole time they were on (I
remember watching Mike McNalley do some work on Grex and having keats
watch me while I did work on M-Net).
To just hand someone root, access and let them use it without oversight
is a declaration of total trust in that person. While I may trust Dan
that far, and Mic may, and we may even be well justified in that, it
isn't really our perogative to make that decision for Grex. That has
always been the board's perogative. And that's as it should be. If the
board doesn't decide who is root, then the board really isn't in any
substantive control of Grex.
So I do feel that this was an improper action.
Please don't do it again.
Thanks.
|
tod
|
|
response 66 of 128:
|
Sep 26 17:33 UTC 2006 |
Can someone post a list of current holders of root and what their role is?
|
nharmon
|
|
response 67 of 128:
|
Sep 26 17:37 UTC 2006 |
http://cyberspace.org/staffnote/ *snort*
|
cross
|
|
response 68 of 128:
|
Sep 26 17:44 UTC 2006 |
Regarding #65; Given the outcome, I have no intention of repeating it again.
However, you bring up a good point: the board should have control over
access to root. Mic's access is still shut off, even though he has board
approval to have that access. :-/
Regarding #66; Grepping the wheel account out of /etc/group shows you who
has root access. I'm not sure how one would figure out what their primary
responsibilities are. The current contents of wheel are:
wheel:*:0:root,bhoward,gelinas,glenda,i,janc,kip,mcnally,mdw,remmers,srw,steve
root is in there only for redundancy. bhoward hasn't been particularly
active since January, I'm afraid. i handles most conference related stuff.
srw answers the bulk of user emails. gelinas and remmers do general system
stuff. mdw hasn't been particularly active in two years (before this past
weekend, he'd only logged in about twice in the last two years or so).
steve does a lot of the day-to-day grunt work, as we know. janc does stuff
from time to time as he can fit it into his schedule. I'm not sure what
glenda, kip, and mcnally have been up to recently, but I haven't followed
staff on a day-to-day basis for a while now.
|
nharmon
|
|
response 69 of 128:
|
Sep 26 17:46 UTC 2006 |
Wouldn't the principle of least privilege suggest that non-active staff
be removed from the wheel group until such a time when they're willing
to be more active?
|
cross
|
|
response 70 of 128:
|
Sep 26 17:55 UTC 2006 |
Regarding #67; Hey! I'm listed in there!
|
cross
|
|
response 71 of 128:
|
Sep 26 17:56 UTC 2006 |
Yes. But I think that's opening up a whole other can of worms.
|
tod
|
|
response 72 of 128:
|
Sep 26 18:15 UTC 2006 |
re #69
Eleven roots does seem pretty extravagant.
re #68
I don't know squat about staff but as a user I would've guessed the root list
would be: gelinas, janc, mcnally, remmers, steve, and spooked
My assumption is based on visible participation of those folks on Grex.
Even so, six roots almost seems excessive.
|
cross
|
|
response 73 of 128:
|
Sep 26 19:23 UTC 2006 |
Don't discount srw in that list. He does a lot of down-and-dirty work
supporting users who write asking for helps, and often needs root access to
do that (fixing mangled dot files, and things like that).
|
tod
|
|
response 74 of 128:
|
Sep 26 23:42 UTC 2006 |
re #73
I don't doubt there are other active roots. I was just relaying my impression
based on the staff folks I see in bbs.
|