Page MenuHomePhabricator

Revoke all userrights from local groups on loginwiki, whitelist the needed ones
Closed, DeclinedPublic

Description

https://login.wikimedia.org/wiki/Special:ListGroupRights

Some pretty weird (non-default) user groups and user rights here. Example:

Use the VIPS scaling test interface Special:VipsTest (vipsscaler-test)

For all users? Weird. Account creators user group? Really? Weird.


URL: https://login.wikimedia.org/wiki/Special:ListGroupRights
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=59702

Details

Reference
bz59701

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:21 AM
bzimport set Reference to bz59701.
bzimport added a subscriber: Unknown Object (MLST).

I think we should remove most (all?) non-default user groups and user rights from this wiki.

(In reply to comment #1)

I think we should remove most (all?) non-default user groups and user rights
from this wiki.

Yep, adjusting summary.

Deskana set Security to None.Dec 9 2014, 4:23 PM
Deskana removed a subscriber: Deskana.
hoo lowered the priority of this task from Medium to Lowest.Dec 12 2014, 4:51 PM
hoo added a subscriber: hoo.

Currently there is nothing in group ovverrides for loginwiki hence only the default user groups/rights are there. What is the benefit in removing all these groups?

Glaisher updated the task description. (Show Details)Dec 20 2014, 4:34 PM

Currently there is nothing in group ovverrides for loginwiki hence only the default user groups/rights are there. What is the benefit in removing all these groups?

Loginwiki isn't a standard wiki, so we can't assume defaults make sense there. A whitelist allows not to worry about defaults.

Most groups there are unneeded, but I think it's also unnecessary to remove them.
The checkuser group is atm used by stewards.

Loginwiki isn't a standard wiki, so we can't assume defaults make sense there. A whitelist allows not to worry about defaults.

Why are we worrying about this? :) AFAICS, there is no harm in keeping the defaults there. If we remove all unneeded user rights now, then we'd have to worry about updating loginwiki configuration whenever we update the defaults. So while trying to not worry about the defaults by overriding the defaults, we'd have to worry about it every time we update the default configuration.

Glaisher closed this task as Declined.EditedJan 6 2015, 4:41 PM
Glaisher claimed this task.