- Wikitech username: Zsoo
- Preferred shell username: zxane
- Email address: zsoo at wikimedia.org
SSH Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3kiZBoCZU9sQS0ehfB47WOPPA5+3Tak+XnqFNxK4caYDE/BzyzVXu77AzhD20ouEE8ZN2NITJyDVOkWXh3CK4krZ6Nl7mvex7eYkR1Omi0EwIsbh/sQ26eZsjSi7AyUjvbpqv7E+Aok1wE5+8CqqX/EB3JNseHihPRB7f8XGBq/X7hj/EtKVgv/ZZfXF7pAUVOyzHejPmc6ki/vTZ1zxLBg9HruFD9K17mbFkcxc2n1k/x3MHKAS46ZJ4H1BHtKdhkqQkKcD2nwFG37Q7zwP3uayyaU3A1VU/lJsmNQ7JwBcjqGiVgF7sflLHAnxRTAFp60OA6eryr75OdsPEutUzG1OK1JuIPIPBCHttEVlkbcwIZLbAl/r+Z/eOTvzp4GaGdTwcQw7YgqdSUDjQ1wETDKNMAZxK1XGBPbLo+acyBU11+Th55zUdV38/M6RTv0lbDCZsDqy2UgT1ke/clLuMBoMv/XDExOALv3ILjQfARDh8LO19kxQD7UdaknT2gu3c7ymR6PFhQbYJnmTom2EH0gFHXfRVAgJf0rUyxW7BY5MER+F0M26bUdUV2nM4e0nUxKocx4HiDosRXXc9tTgNSTXqTnb4Z4IxH6ZAzOgsqT1D6sE4mGDboh+H/XST40I/WbMfCUPErNGZPbHeYR//Ki36zlQcsXrETUxf9NXM2w== zxane@Zxanes-MBP
Specifically some of the workflows he needs to be able to do (and I believe requires this access):
- To remove 2FA for users who have lost their backup codes (after identity verification)
- To add or reset user email addresses when locked out of their account (again after identity verification)
- To permanently remove illegal images from the servers
- Lookup private information such as user email addresses for legal or T&S investigations (such as urgent threats of harm or court orders).
- Query webserver logs for private information such as IPs which have viewed certain pages (usually court orders)
Zxane has already signed L3. @JanWMF is our people manager and I'll have him comment here in support. As always please let me know if any issues or questions.
SRE Clinic Duty Confirmation Checklist for Access Requests
This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.
This section is to be confirmed and completed by a member of the SRE team.
- - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document. - signed on Thu, Nov 5, 10:47
- - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.) - user is staff
- - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) - this was provided on task by Samuel Guebo, but we need the pubkey confirmed by ZS.
- - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
- - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
- - sudo access request requires signoff of the manager in charge of that group: restricted is a sudo group of deployment; (analytics-privatedata-users) - approved on comment T267312#6607624
- - Patchset for access request
For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access