Page MenuHomePhabricator
Create Task
Maniphest T222085

Revoke @pirroh's shell access
Closed, ResolvedPublic
Actions

Description

Given that he's not longer working with Research as formal collaborator, please revoke @Pirroh's access to shell.

Who
Michele Catasta
phab: @Pirroh
shell username: pirroh

Access Group
analytics-privatedata-users
bastiononly

Why
No longer working on project https://meta.wikimedia.org/wiki/Research:Characterizing_Wikipedia_Citation_Usage

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+4 -8admins: revoke access for user pirroh
Customize query in gerrit

Related Objects
Search...

Event Timeline

Miriam created this task.Apr 29 2019, 4:45 PM
Dzahn claimed this task.Apr 29 2019, 5:01 PM
gerritbot added a comment.Apr 29 2019, 5:17 PM

Change 507071 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: revoke access for user pirroh

https://gerrit.wikimedia.org/r/507071

gerritbot added a project: Patch-For-Review.Apr 29 2019, 5:17 PM
gerritbot added a comment.Apr 29 2019, 5:21 PM

Change 507071 merged by Dzahn:
[operations/puppet@production] admins: revoke access for user pirroh

https://gerrit.wikimedia.org/r/507071

Dzahn added a comment.Apr 29 2019, 5:24 PM

Thanks @Miriam for making the ticket. Done. puppet is removing the user. for example on bast1002:

Apr 29 17:22:17 bast1002 puppet-agent[1667]: (/Stage[main]/Admin/Admin::Hashuser[pirroh]/Admin::User[pirroh]/User[pirroh]/ensure) removed
Dzahn closed this task as Resolved.Apr 29 2019, 5:41 PM
Miriam added a comment.Apr 29 2019, 5:42 PM

Thank you so much @Dzahn!

Stashbot added a comment.Apr 30 2019, 4:26 AM

Mentioned in SAL (#wikimedia-operations) [2019-04-30T04:26:25Z] <mutante> LDAP - remove user pirroh from group nda (T222085 and cross-validate-accounts demands consistency)

MoritzMuehlenhoff added subscribers: RStallman-legalteam, MoritzMuehlenhoff.Apr 30 2019, 7:39 AM

@RStallman-legalteam : The access for Michele Cataste has been removed, can you please also update the NDA tracking meta data?

MoritzMuehlenhoff added a comment.Apr 30 2019, 7:45 AM

@Dzahn Best to use https://wikitech.wikimedia.org/wiki/Ops_Offboarding#Remove_user_from_privileged_groups ; it will prepare an LDIF to drop all privileged groups (there might be more than just cn=nda in some cases (but here it was limited to cn=nda, I doublechecked) and it will also flag if a user had access to Hadoop, as that data is triaged by the analytics team to ensure that PII data is properly cleaned out. I created https://phabricator.wikimedia.org/T222140 for that.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL