Page MenuHomePhabricator
Create Task
Maniphest T147242

define a prebaked way to temporarily disable access for a user or Tool
Open, LowPublic
Actions

Description

This ideally will preserve all other state for the tool itself and is easily seen and surfaced by every on working in the Tool Labs environment.

Outcomes:

block logins of the tool (and flag attempts to syslog)
stop all running jobs and webservices

Questions:

disable all cronjobs?
block outgoing/ingoing mail?
block database credentials (revoke replica creds)?

Related Objects

Event Timeline

chasemp created this task.Oct 4 2016, 12:00 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 4 2016, 12:00 AM
Matthewrbowker subscribed.Oct 4 2016, 12:15 AM
zhuyifei1999 subscribed.Oct 4 2016, 5:01 AM
valhallasw subscribed.Oct 4 2016, 8:39 PM

What should and shouldn't this do?

Clear yes:

  • block logins of the tool, and

Maybe:

  • stop all running jobs?
  • except webservices?
  • disable all cronjobs?

Probably not?:

  • block outgoing/ingoing mail?
  • block database credentials?
chasemp updated the task description. (Show Details)Oct 4 2016, 9:34 PM
tom29739 subscribed.Oct 7 2016, 10:08 PM
scfc triaged this task as Low priority.Feb 16 2017, 10:42 PM
scfc moved this task from Backlog to Ready to be worked on on the Toolforge board.
chasemp renamed this task from define a prebaked way to temporarily disable access to a tool to define a prebaked way to temporarily disable access for a user or Tool.Feb 5 2018, 7:27 PM
chasemp removed a project: Toolforge.

Noticed again in the response to {T186019}

bd808 edited projects, added Toolforge, Cloud-VPS; removed Cloud-Services.Jan 4 2020, 9:41 PM
bd808 subscribed.

Current best blocking technique is is blocking the user's Developer account on Wikitech. This will disable ssh access to all Cloud VPS instances. It will not launch any intelligent agent to kill processes (including ssh sessions) that are already active.

dcaro added subscribers: Andrew, dcaro.Feb 6 2024, 3:23 PM

@Andrew Does your script solve that issue? (or a slightly modified version of it)

Maybe we just need to document it :)

dcaro moved this task from Ready to be worked on to Workspace for triaging whenever needed on the Toolforge board.Feb 6 2024, 3:24 PM
Andrew added a comment.Feb 7 2024, 8:40 PM

The topic of this doesn't quite fit with the initial description. I /think/ that T170355 is the same ask (and it's done, and somewhat documented) but I'm confused by the 'for a user' in the task title.

dcaro added a comment.Feb 8 2024, 11:36 AM
In T147242#9522537, @Andrew wrote:

The topic of this doesn't quite fit with the initial description. I /think/ that T170355 is the same ask (and it's done, and somewhat documented) but I'm confused by the 'for a user' in the task title.

I think this is more focused on quickly blocking a user that's suspected of bad behavior, but not really deleting the tool, just blocking access. Note that this task predates me by many years, so I'm just guessing on the use-case that triggered the creation of the task.

dcaro moved this task from Workspace for triaging whenever needed to Ready to be worked on on the Toolforge board.Feb 21 2024, 4:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL