[SAC] Projects Administration Question

Frank Warmerdam warmerdam at pobox.com
Mon Jun 21 09:59:13 EDT 2010 

christopher.schmidt at nokia.com wrote:
> Hi,
> 
> We've decided to (at least attempt) to go with a single piece of 
> shared infrastructure for project hosting at the moment on our new
> VM setup.
> 
> Access to this VM should be relatively open, compared to other VMs.
> However, this raises the question of admin access.
> 
> What I would like to do is to have each project use a setup that 
> minimizes the need for actual 'admin' access. 
> 
> What I've done so far:
> 
>  * Created a globally writable /osgeo/, as a home for projects.
>  * Created an openlayers user and group.
>  * Added members of the OpenLayers LDAP group to the openlayers
>    group
>  * Made it so that all users of the OpenLayers group can
>    sudo without a password to the OpenLayers user. (This would
>    be good for things like running backups, setting up a crontab,
>    etc.)

Chris,

In the past I thought the best way to handle "groups" might be to have
a group for each project, and then anyone with sudo access could add
people to the /etc/group file manually.  The problem I ran into is
that I don't know the best way to work with groups.  For instance, it
seems that a userid has an active group on login and if they are in
several groups it may not be the one they want to work on.  Also, it may
be difficult to keep the group and group permissions set on group files.

Anyways, I was never very success on the blades with use of groups, but
it *seems* like it would be a better approach than having additional
"project" accounts, and groups that are administered via LDAP (I don't
want to have to create and manage too many ldap groups).

Perhaps someone more savvy than me will have ideas on how use of
groups could be made to work well?

Best regards,
-- 
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Programmer for Rent

More information about the Sac mailing list