Problem statement: existing shell user 'foks' (@jrbs) can't access labweb* hosts
Purpose: run changePassword.php for things like T211700#5108206 which can only be done on labweb hosts, not mwmaint
He already has an existing shell user and is member in the group "restricted".
The groups that have access to labweb include: ops, deployment, wmcs-roots, deploy-service but not 'restricted'.
- promote foks from restricted to deployment (drawback: that group is made for deploying mw and gives way more unrelated access)
- add 'restricted' group to labweb hosts in addition to just deployers (drawback: all restricted users who never requested this also get the access)
- create a new admin group specifically for this purpose and add that to labweb hosts (drawback: yet another group, but actually none?)
- somehow make it possible to use changePasword.php from mwmaint hosts?
- re-use the existing admin group ldap-admins, add the group on labweb, add foks to the group