User account names:
- Ojw "ojw"
Of the people running for admin, is there anyone who doesn't have a user account on dev?
Is there anyone who doesn't have an SVN account?
- User:Frederik Ramm has an SVN account, no dev account; asked NickH for dev acct on 28 May; pending.
- User:Rjmunro has no account.
- User:JeroenDekkers has a SVN account, no dev account.
- User:Deelkar has no dev account.
- User:PerroVerd has no dev account.
- Check with NickH whether he's willing to create group (either using distribution-specific utility, or adding a line to /etc/groups manually. Group must explicitly list all t@h admins as members).
- Change group of public_html to the new group (assuming it's "tah", do "chgrp -R tah /some/where/public_html") and make everything group-writable ("chmod g+w")
- Admins must make sure that any files and directories they create are group-writable and have the shared group. This is usually done by setting "umask 007" in your shell startup file (.bashrc or the like), and setting the 2xxx bit (g=s) on public_html and all subdirectories. If the g=s bit is not set, a new file or directory created by an admin will have his or her native group (the one listed in /etc/passwd) which may not be the same for all admins, and if he then forgets to chgrp it to the common group others will not be able to access it.
Location on filesystem
currently on /home/ojw/public_html
Database access and MySQL permissions
currently in the "ojw" database
Owner of map images
currently http_user, with "writeable by everyone" bit set
- Not a big problem since anyone on dev could access them through their own web server scripts anyway but a thing to remember when we think about accountability!
The public_html directory is setup to use SVN read/write, which means it stores ojw's SVN password. Need to tell it to forget this info while retaining repository information, making it read-only from SVN.
- SVN caches auth info in ~/.subversion/auth, no matter where the checked-out files actually reside, so this will not be a problem if admins have their own accounts (of course the public_html needs to be writable by them then). --Frederik Ramm 18:35, 27 May 2007 (BST)
- We can just do the changes on a different machine then checkout-only from the website. Ojw 11:43, 1 June 2007 (BST)
OJW's linux password is same as the database password - one of these will need to be changed, as the entire group will be able to view database password in connect.php
Admins must agree on methods of communication to make sure that two people aren't working on the same thing at the same time, and that noboy breaks something that someone else was working on. Everybody needs to know enough about what the others are doing so that he or she can make informed descisions about the system as a whole in situations where a quick reaction is needed (you cannot always email the other admins and wait until everyone has replied before taking action).
Email, or a wiki page, or the requirement "whenver admin is logged in and working on dev, must also be on IRC for questions", or even a shared text "log file" on dev are possible solutions.