Page MenuHomePhabricator
Create Task
Maniphest T90937

define in Puppet or remove user account - santhosh
Closed, ResolvedPublic
Actions

Description

@santhosh,

We're in the process of auditing and cleaning up our access lists to servers. During this audit, we found your user in place on a few sysetms, without having admin module entries. We need to review these systems and confirm you still require access to them, and why. Since we don't have this on record or in puppet, we'll have to go through the normal approval process. As such, please simply have your manager approve on this task which systems you confirm you need to continue to access.

oxygen.wikimedia.org:
gadolinium.wikimedia.org:

Please note what you need to do on each system, as we'll need to ensure you maintain the proper access levels when we add you to the admins module.

Please note feedback is required, as we'll be removing the access of anyone we don't account for during this audit.

Thanks in advance,

Related Objects
Search...

Event Timeline

RobH created this task.Feb 26 2015, 9:10 PM
RobH assigned this task to santhosh.
RobH raised the priority of this task from to High.
RobH updated the task description. (Show Details)
RobH added projects: acl*security, acl*sre-team, SRE-Access-Requests.
RobH added a subscriber: santhosh.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2015, 9:10 PM
RobH mentioned this in T90923: Define in Puppet or remove rogue user accounts not currently defined in admin/data.yaml.Feb 27 2015, 6:19 PM
chasemp subscribed.Mar 2 2015, 4:32 PM

@santhosh ping

Dzahn subscribed.Mar 5 2015, 6:19 PM

@santhosh hi

@chasemp after having cleaned a couple other users and seeing the oxygen/gadolinium combination more than once, i think the chance is 99% that santhosh wasn't aware of having this access and it happened due a mistake with some role class or so. i think we can safely remove this and always recreate access where needed

Dzahn claimed this task.Mar 6 2015, 6:56 AM
Dzahn closed this task as Resolved.Mar 6 2015, 11:15 PM

I manually deleted the user and home directory from oxygen and gadolinium. (deluser santhosh, rm -rf /home/santhosh) . Home directories were empty.

@santhosh let us know if you need anything, but calling this resolved for now, it was very very likely just by accident because many other users had the same situation with the same 2 hosts.

Krenair subscribed.Mar 6 2015, 11:25 PM
chasemp added a project: Security.Feb 10 2020, 10:56 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL