Page MenuHomePhabricator

Add Daimona to #mediawiki_security
Closed, ResolvedPublic

Description

Thanks to @Urbanecm, I've just discovered that I don't have access to this channel. I have access to Security (T213151), WMF-NDA (T211042), and I've signed a volunteer NDA for logstash (T211962).

Being able to join this channel could come up handy sometimes, e.g. if I want to ask about potentially suspicious activity; or also to provide clarifications about "my actions", like it happened in the last hour.

Thanks!

Event Timeline

Daimona created this task.Nov 25 2019, 12:15 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 25 2019, 12:15 PM
jbond added a subscriber: jbond.Nov 26 2019, 11:50 AM

@Urbanecm looks like you are i the channel now so resolving this ticket but please reopen if there is still an issue

jbond closed this task as Resolved.Nov 26 2019, 11:50 AM
jbond triaged this task as Medium priority.
Daimona reopened this task as Open.Nov 26 2019, 12:29 PM

@jbond I'm sorry, this request is not for Urbanecm but for me (Daimona).

RobH added a subscriber: RobH.EditedNov 27 2019, 5:12 PM

So, the channel in question is pretty much a legacy channel, left over before the standardization of #wikimedia-subteam/project standard of naming.

I'm not sure who should be allowed in, as the access list currently has both NDA and non-NDA users. We may need to ask about this in weekly meeting, or someone can just add.

Enforcement must be set for Diamona's nickname on irc or a cloak must be known before we can add the user.

So, if this is approved, I'm going to list off all the commands to add this person so its not blocked due to lack of implementation knowledge:

  • We need to know the user's IRC cloak, if they have one. Cloak based auth is better than nick for this channel (as cloaks are applied AFTER identifying to nickserv.)
  • If user doesn't have a cloak, they need to enable enforcement on their nick (so if someone joins with their nickname and then joins the channel, but then fails to ID as the user, they will be booted due to enfocement.
    • @diamona turns this on with: /msg nickserv set enforce on

The enforcement can be checked if enabled by anyone running: /msg nickserv info diamona

09:06 < NickServ>  :  Information on Daimona (account Daimona):
09:06 < NickServ>  :  Registered : Oct 26 15:20:37 2017 (2y 4w 4d ago)
09:06 < NickServ>  :  Last addr  : ~Daimona@wikipedia/Daimona-Eaytoy
09:06 < NickServ>  :  Last seen  : Nov 27 14:44:03 2019 (2h 22m 30s ago)
09:06 < NickServ>  :  Flags      : HideMail

Example of enforcement entry:

09:09 <nickserv> < robh>  :  info robh
09:09 < NickServ>  :  Information on RobH (account RobH):
09:09 < NickServ>  :  Registered : Mar 11 16:19:08 2009 (10y 37w 4d ago)
09:09 < NickServ>  :  Last addr  : ~robh@wikimedia/RobH
09:09 < NickServ>  :  Last seen  : now
09:09 < NickServ>  :  Flags      : HideMail, Private
09:09 < NickServ>  :  RobH has enabled nick protection
09:09 < NickServ>  :  *** End of Info ***

Once enforcement is on, you can add diamona to the channel with the following commands:

  • Op yourself with /msg chanserv op #mediawiki_security <your nick if in SRE ops list>
  • if nick based: add user to invite exemption with /mode #mediawiki_security +I diamona!*@*
  • if cloak based (preferred): /mode #mediawiki_security +I *!*@cloakproject/cloaknick
  • have user attempt to join channel and ensure it works

Hope that helps!

jbond added a comment.Nov 27 2019, 5:14 PM

@Daimona sorry for the lag on this ticket it is still on my radar im just trying to work out the correct procedure to get you authorised as the #mediawiki_security channel is a bit strange due to legacy issues. In the mean time can you provide your irc name and ensure its has either a cloak or is configured with nick enforcement

Thanks!

  • We need to know the user's IRC cloak, if they have one.

I do have a cloak, wikipedia/Daimona-Eaytoy, as shown in the info you posted.

  • @diamona turns this on with: /msg nickserv set enforce on

Done!

@Daimona sorry for the lag on this ticket it is still on my radar im just trying to work out the correct procedure to get you authorised as the #mediawiki_security channel is a bit strange due to legacy issues. In the mean time can you provide your irc name and ensure its has either a cloak or is configured with nick enforcement

Sure, thank you. I now have both cloak & nick enforcement, and as pointed out above, my IRC nick is Daimona.

jbond assigned this task to RobH.Dec 2 2019, 5:21 PM
Dzahn added a subscriber: Dzahn.Dec 2 2019, 5:41 PM

Approved in SRE meeting.

RobH closed this task as Resolved.EditedWed, Jan 15, 1:12 AM
RobH removed RobH as the assignee of this task.

so anyone with op in #mediawiki_security can do this, not just me.

These do not need to come to me every time, this should be handled by clinic duty in the future.

The command has been run: /mode #mediawiki_security +I *!*@wikipedia/Daimona-Eaytoy

Belatedly, I confirm that I can join the channel. Thanks!