[Debian-rtc-admin] [rt.debian.org #8257] AutoReply CC: Allow debvoip to sudoedit prosody config files on vogler

gustavo panizzo via RT rt at rt.debian.org
Sat Jun 13 13:05:14 BST 2020 

Hello DSA

first, thanks for moving the ticket to the appropiate queue

2 weeks ago part of the RTC team had a discussion on how to improve the
service and how can we make changes faster

there are a few things we need from you guys

- Allow debvoip to sudoedit /etc/prosody/* on vogler
  We need this to make transient changes to the configuration, like
  debugging a connection problem or a report of spam.
  A typical use will be to change the logging level to debug then roll
  it back

- Allow debvoip to su - to prosody
  Sometimes we need to investigate a message coming from an spammer to
  our users, the only way to do that is to check the actual message in
  /var/lib/prosody
  To clarify the how and when we may do this, we started to write a
  privacy policy / Tos so our users know what can they expect from us
  https://salsa.debian.org/rtc-team/terms-of-service


- Create a unix local user to use it from gitlab
  we want to deploy changes to the antispam and other things directly
  from salsa, and for that we need a dedicated user with SSH access and
  belonging to the debvoip team.
  We could also have this user outside the debvoip team but then we'll
  need to add sudo access to this particular user.
  We propose the name debvoip-salsa for this user but we dont care if
  you guys prefer a different name

- Install nginx, configure a vhost and open the firewall ports
  To provide BOSH and HTTP uploads over the port 443 we need to use
  nginx, we'll manage this ourselves, a puppet patch is coming for this
  purpose

maybe @debacle wants to add something, this is all I can remember 

thanks DSA for all your help! :)


On Wed, Apr 22, 2020 at 12:23:14PM +0000, Debian Developer via RT wrote:
>A new trouble ticket, a summary of which appears below the dashed line, regarding
>
>  "Allow debvoip to sudoedit prosody config files on vogler",
>
>has been created and the Requestor set you as a CC, which is why you are receiving this autoreply-on-ticket-creation message.
>
>In case you reply to this mail, please include the following string in the subject line (excluding quotation marks):
>
>  [rt.debian.org #8257]
>
>-------------------------------------------------------------------------
>Hello DSA
>
>I like the puppet approach to manage the service in the long run but it will make it easier to iterate if we debvoip can sudoedit  /etc/prosody/prosody.cfg.lua /etc/prosody/conf.d/debian.org.cfg.lua in order to iterate faster before sending a patch.
>
>Any manual change will be destroy by the next puppet run, which is great because forces to have everything under puppet control.
>
>I can provide a puppet patch myself, but since this is a "privilege escalation" I created a ticket first.
>
>
>cheers
>
>_______________________________________________
>Debian-rtc-team mailing list
>Debian-rtc-team at alioth-lists.debian.net
>https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-rtc-team

-- 
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

More information about the Debian-rtc-team mailing list