Page MenuHomePhabricator

Revoke @pirroh's shell access
Closed, ResolvedPublic


Given that he's not longer working with Research as formal collaborator, please revoke @Pirroh's access to shell.

Michele Catasta
phab: @Pirroh
shell username: pirroh

Access Group

No longer working on project

Event Timeline

Miriam created this task.Apr 29 2019, 4:45 PM
Dzahn claimed this task.Apr 29 2019, 5:01 PM

Change 507071 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: revoke access for user pirroh

Change 507071 merged by Dzahn:
[operations/puppet@production] admins: revoke access for user pirroh

Dzahn added a comment.Apr 29 2019, 5:24 PM

Thanks @Miriam for making the ticket. Done. puppet is removing the user. for example on bast1002:

Apr 29 17:22:17 bast1002 puppet-agent[1667]: (/Stage[main]/Admin/Admin::Hashuser[pirroh]/Admin::User[pirroh]/User[pirroh]/ensure) removed
Dzahn closed this task as Resolved.Apr 29 2019, 5:41 PM

Thank you so much @Dzahn!

Mentioned in SAL (#wikimedia-operations) [2019-04-30T04:26:25Z] <mutante> LDAP - remove user pirroh from group nda (T222085 and cross-validate-accounts demands consistency)

@RStallman-legalteam : The access for Michele Cataste has been removed, can you please also update the NDA tracking meta data?

@Dzahn Best to use ; it will prepare an LDIF to drop all privileged groups (there might be more than just cn=nda in some cases (but here it was limited to cn=nda, I doublechecked) and it will also flag if a user had access to Hadoop, as that data is triaged by the analytics team to ensure that PII data is properly cleaned out. I created for that.