On Thu, 4 Aug 2011 10:02:21 -0600 Stephen John Smoogen <smooge@xxxxxxxxx> wrote: > On Thu, Aug 4, 2011 at 09:07, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > Greetings. > > > > Two items I'd like some feedback on... > > > > 1. Would there be any downsides to switching sysadmin-qa over to > > requiring just 'cla_done' instead of sysadmin? The QA admins get > > seperate nagios emails to sysadmin-qa on their machines, and don't > > use our puppet so they don't care about commit emails. Is there > > some other reason sysadmin needs to be a requirement for > > sysadmin-$foo groups? > > I think we will need to get Toshio and Mike to go in on this. I don't > know if there is particular fas logic that happens also. Agreed. :) > To me the > bigger question is.. do we need to have the root emails going to > sysadmin or to a subgroup. If those emails go down to say > sysadmin-noc,fi-apprentice,sysadmin-main,sysadmin-hosted it would do > the same thing. No, root emails only go to sysadmin-main. I'd really prefer that to stay that way. We do get emails with passwords or the like... (bounces from fas accounts that have invalid emails, etc) > > 2. I'd like to allow apprentice folks to look at logs on log02. > > Currently this is just sysadmin-main and -noc. Can anyone think of > > anything we log that might be too sensitive for this? We shouldn't > > be logging any passwords (although I can look). I'd also like to > > make sure all the logs on log02 are ro to everyone (but main). > > Currently many of the directories there are writable for sysadmin > > group, which seems wrong to me. > > Passwords creep into the logs every now and then. The usual is that > someone tries to login with their password. Sorry about the write on > group, I thought i fixed that a while ago. Yeah, I'll go look thru logs and see if there's anything there that looks problematic. We might be able to just have the system log ones readable, but leave the httpd ones closed up (those would be the only ones that might have passwords I would think). kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
