You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
UID
Revision as of 20:53, 15 October 2015 by imported>BryanDavis (→permission/security hierarchy: change apache to www-data)
reserved UIDs & GIDs
This is most likely not the desired state yet, but just starting out with the current situation on fenari. Should be edited to reflect the desired situation, being equal on all servers.
- (table columns are sortable)
| UID | GID | user name |
|---|---|---|
| 33 | 33 | www-data |
| 48 | 48 | apache |
| 107 | 112 | puppet |
| 110 | 115 | nagios |
| 111 | 116 | mwdeploy |
permission/security hierarchy
the security hierarchy looks as follows as decribed by TimStarling:
- root > wikidev > mwdeploy > www-data
- root can own wikidev but wikidev can't own root
- wikidev can own mwdeploy but mwdeploy can't own wikidev
- scripts owned by mwdeploy can only be run by www-data
- everything has to su to www-data before running maintenance scripts
also see: RT:1406