Page MenuHomePhabricator

define in Puppet or remove user account - tnegrin
Closed, ResolvedPublic



We're in the process of auditing and cleaning up our access lists to servers. During this audit, we found that your account is enabled on a one system, but not accounted for in our admins module.


The statistics users have a few different levels of access in admins. If you could provide feedback on what exactly you are using this access for, and what permissions you need to maintain, we would appreciate it.

Please note feedback is required, as we'll be removing the access of anyone we don't account for during this audit.

Thanks in advance,


Related Gerrit Patches:
operations/puppet : productionadmin: remove access for tnegrin pt2
operations/puppet : productionadmin: remove access for tnegrin pt1

Event Timeline

RobH created this task.Feb 26 2015, 9:00 PM
RobH assigned this task to Tnegrin.
RobH raised the priority of this task from to High.
RobH updated the task description. (Show Details)
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2015, 9:00 PM
Tnegrin added a subscriber: Tnegrin.Mar 2 2015, 4:46 PM

I need access to this system to run various queries against hadoop and
other databases. I do not need admin access.



chasemp added a subscriber: mark.Mar 5 2015, 5:42 PM

@mark could you approve this? Unsure who else to ask.

Dzahn reassigned this task from Tnegrin to mark.Mar 5 2015, 6:16 PM
Dzahn added a subscriber: Dzahn.
RobH added a subscriber: RobH.Mar 9 2015, 8:08 PM

As discussed during the operations meeting, @mark will need to comment on this task to approve getting toby's access set in puppet for these hosts.

When done, please set to assigned to nobody for triage to pick it up.

mark removed mark as the assignee of this task.Mar 10 2015, 11:36 AM

Toby's access to stat1001 is approved.

RobH claimed this task.Mar 10 2015, 3:39 PM
RobH closed this task as Resolved.Mar 10 2015, 4:09 PM

I've merged live toby's corrected access to stat1001; resolving ticket.

Restricted Application added a subscriber: Malyacko. · View Herald TranscriptApr 28 2016, 3:22 AM

Sorry Chase -- I don't actually need this now since I don't manage the
analytics team anymore. Probably best to remove the access.



Dzahn reopened this task as Open.Apr 28 2016, 4:51 AM

@Tnegrin thanks for the update, reopened the ticket, we'll take care of it

Dzahn lowered the priority of this task from High to Medium.Apr 28 2016, 4:53 AM
Dzahn added a subscriber: 20after4.Apr 28 2016, 4:59 AM

@20after4 @chasemp @Tnegrin I think this notification about an old thing only happened right now because the releng team is importing git commits from gerrit into phabricator and it gets a timestamp from when phab imports it. nevertheless.. it's good to deactivate accounts that are not used and if we got notified this way, why not :p

Dzahn added a comment.Apr 28 2016, 5:03 AM

it says "Still Importing...
This commit is still importing. Changes will be visible once the import finishes." on

it was actually authored on March 2nd

Change 285898 had a related patch set uploaded (by Dzahn):
admin: remove access for tnegrin pt1

Change 285899 had a related patch set uploaded (by Dzahn):
admin: remove access for tnegrin pt2

Dzahn added a comment.EditedApr 28 2016, 5:11 AM

@fgiunchedi ^ could you take a look? reverse access request

@Tnegrin Just to make sure before i merge this, did you mean you don't need any shell access on WMF servers anymore or just not the access on the host stat1001 while still needing access to other servers?

I haven't logged into anything except my MacBook in months so I think
you're good to go!

Change 285898 merged by Dzahn:
admin: remove access for tnegrin pt1

Dzahn added a comment.Apr 29 2016, 2:52 PM

Gotcha! .. and done

stat1001 - Notice: /Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/tnegrin]/ensure: removed
bast1001 - Notice: /Stage[main]/Ssh::Server/File[/etc/ssh/userkeys/tnegrin]/ensure: removed


Change 285899 merged by Dzahn:
admin: remove access for tnegrin pt2

Dzahn closed this task as Resolved.Apr 29 2016, 2:57 PM