[Savannah-cvs] [90] more about shell access, sv people update

[karl]

Revision: 90
          http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=90
Author:   karl
Date:     2014-07-03 21:34:52 +0000 (Thu, 03 Jul 2014)
Log Message:
-----------
more about shell access, sv people update

Modified Paths:
--------------
    trunk/sviki/HowToBecomeASavannahHacker.mdwn
    trunk/sviki/SavaneRewrite.mdwn
    trunk/sviki/SavannahCountryRestrictions.mdwn
    trunk/sviki/SavannahHacker.mdwn
    trunk/sviki/SavannahTeam.mdwn
    trunk/sviki/ShellAccess.mdwn

Modified: trunk/sviki/HowToBecomeASavannahHacker.mdwn
===================================================================
--- trunk/sviki/HowToBecomeASavannahHacker.mdwn 2014-06-30 22:53:47 UTC (rev 89)
+++ trunk/sviki/HowToBecomeASavannahHacker.mdwn 2014-07-03 21:34:52 UTC (rev 90)
@@ -1,3 +1,6 @@
+Contributing to Savannah
+------------------------
+
 We need volunteers and look forward to your participation. This page is
 about becoming a savannah hacker (i.e., a savannah website
 administrator) and help savannah.
@@ -31,21 +34,22 @@
 <mailto:address@hidden>
 and one of the current savannah hackers will answer as quickly as
 possible.  Please also include a bit about your background with free
-software, GNU, Savannah, or whatever else may be relevant.
+software, GNU, Savannah, or whatever else may be relevant.  And your
+savannah account name.
 
-Another solution is to post a pastebin
-(<http://pastebin.com/>) of your answer and the
-number of the task on irc (server: freenode, channel \#savannah) and
-wait for a savannah hacker's answer.
-
 When accepted, you will be made an administrator of the administration
 project, which will enable the "Become Superuser" option in the
-left-hand menu.
+left-hand menu.  Then you can approve projects and do many other things
+through the web interface.  Please explore.
 
-Working on Savannah Internals
+Working on Savannah internals
 -----------------------------
 
 The above is about helping as a Savannah administrator via the web
 interface. If you are willing and able to hack on the Savannah (Savane)
-implementation itself, at the shell/sysadmin level, see the
-[[SavaneRewrite]] page.
+implementation itself, at the shell/sysadmin level, please essentially
+do the same as the above with one of the open [support
+requests](http://savannah.gnu.org/support/?group=administration).
+
+When accepted, some info about getting in at the shell level is at
+[[ShellAccess]].

Modified: trunk/sviki/SavaneRewrite.mdwn
===================================================================
--- trunk/sviki/SavaneRewrite.mdwn      2014-06-30 22:53:47 UTC (rev 89)
+++ trunk/sviki/SavaneRewrite.mdwn      2014-07-03 21:34:52 UTC (rev 90)
@@ -1,8 +1,23 @@
-We're rewriting Savane!  [Well, "we", meaning Sylvain B and colleagues,
-were, years ago.  There is no active rewrite nowadays (written 2013, but
-true for a long time now).  The "administration" project on Savannah is
-the only one with live files.]
+Rewriting Savane
+----------------
 
+Savane is the base software which both savannah and gna.org used, at one
+point, due to Sylvain Beucler's efforts.  Nowadays, Savannah is
+effectively forked; we don't try to incorporate patches from the
+original Savane, which isn't actively being developed, anyway.  The
+"administration" project on Savannah is the only one with live files.
+
+However, Sylvain and others have undertaken various efforts over the
+years to rewrite Savane.  Currently (2014), Sylvain has a project to
+rebase it on fusion forge.  I (Karl) believe that he plans to switch
+gna.org.  Whether savannah will follow suit is yet to be determined.
+
+Past rewrite
+------------
+
+I (Karl) believe this is obsolete, per the above, but retaining for
+whatever historical purpose it may serve.
+
 Video: [talk at LSM](http://videos2010.rmll.info/a-new-savane.html) -
 [mirror](http://vimeo.com/14640040)
 
@@ -40,15 +55,3 @@
 > -   Or, try cd tests/minimal\_configs/ && make install, as mentioned
 >     in the INSTALL file.
 > -   Or, try checking out the new code and read the INSTALL file.
-
-We're looking for help! If you are a:
-
-> -   Python coder
-> -   Web designer
-> -   Translator
-
-We'd like you to join this effort to make Savannah the best Free forge
-:).
-
-Contact: write to <mailto:address@hidden> or
-join \#savannah on irc.oftc.net .

Modified: trunk/sviki/SavannahCountryRestrictions.mdwn
===================================================================
--- trunk/sviki/SavannahCountryRestrictions.mdwn        2014-06-30 22:53:47 UTC 
(rev 89)
+++ trunk/sviki/SavannahCountryRestrictions.mdwn        2014-07-03 21:34:52 UTC 
(rev 90)
@@ -1,4 +1,4 @@
-Question
+Question about restricting access per country
 --------
 
 I noticed that SourceForge and Google code both are blocking access to

Modified: trunk/sviki/SavannahHacker.mdwn
===================================================================
--- trunk/sviki/SavannahHacker.mdwn     2014-06-30 22:53:47 UTC (rev 89)
+++ trunk/sviki/SavannahHacker.mdwn     2014-07-03 21:34:52 UTC (rev 90)
@@ -1,8 +1,7 @@
-A hacker hacking Savannah :)
+A hacker hacking Savannah :).  Aka Savannah worker.
 
-That is, somebody contributing regularly on Savannah and with a good
-understanding of its architecture.
+That is, somebody contributing regularly on Savannah and (ideally) with
+a good understanding of its architecture.
 
-Savannah Hackers can be volunteers or FSF employees (sysadmins).
-
-See also SavannahApprentice.
+Savannah Hackers are mostly volunteers, with FSF employees (sysadmins)
+chipping in where and when they have time and interest.

Modified: trunk/sviki/SavannahTeam.mdwn
===================================================================
--- trunk/sviki/SavannahTeam.mdwn       2014-06-30 22:53:47 UTC (rev 89)
+++ trunk/sviki/SavannahTeam.mdwn       2014-07-03 21:34:52 UTC (rev 90)
@@ -1,43 +1,51 @@
-Savannah Hackers - volunteer administrators
--------------------------------------------
+Savannah hackers - active volunteer administrators
+--------------------------------------------------
 
--   [karl] - Karl Berry
--   [meyering] - Jim Meyering
--   [mjflick] - Michael J. Flickinger
--   [rwp] - Bob Proulx
+- [eliz] - Eli Zaretskii (emergencies)
+- [erk] - Eric Noulard (general)
+- [gray] - Sergey Poznyakoff (emergencies)
+- [jlledo] - Joan Lledo (project submissions)
+- [karl] - Karl Berry (general, not git)
+- [meyering] - Jim Meyering (emergencies)
+- [mjflick] - Michael J. Flickinger (emergencies)
+- [rgm] - Glenn Morris (bzr)
+- [rwp] - Bob Proulx (general, including git)
 
-FSF System Administrators
+FSF system administrators
 -------------------------
 
--   [nico]: FSF sysadmin
--   [ward]: FSF part-time sysadmin
+- [lisam] - FSF sysadmin
 
-www.gnu.org translation coordinator - deals with translation teams project 
submissions
---------------------------------------------------------------------------------------
+www.gnu.org translation coordinator - deals with translation teams
+------------------------------------------------------------------
 
--   [yavor] - Yavor Doganov
+- [ineiev] - Ineiev
 
-Inactive Savannah Hackers - contributed a lot in the past but are inactive 
right now
-------------------------------------------------------------------------------------
+Inactive savannah hackers - contributed a lot in the past but are now inactive
+------------------------------------------------------------------------------
 
--   [alexshulgin] - Alexander Shulgin
--   [snoogie] - Jean-Michel Frouin
--   [beuc] - Sylvain Beucler
--   [bernie] - FSF sysadmin
--   [baughj] - FSF sysadmin
--   [jag] - Joshua Ginsberg: FSF sysadmin
--   [zeus] - Jonathan Gonzalez V.
--   [jbailey] - Jeff Bailey
--   [kickino]
--   [loic] - Loic Dachary
--   [rudy]
--   [StevenR]
--   [sp]
--   [tizzef]
--   [zerodeux] - Vincent Caron
+- [alexshulgin] - Alexander Shulgin
+- [baughj] - FSF sysadmin
+- [bernie] - FSF sysadmin
+- [beuc] - Sylvain Beucler
+- [jag] - Joshua Ginsberg: FSF sysadmin
+- [jbailey] - Jeff Bailey
+- [kickino]
+- [loic] - Loic Dachary
+- [nico] - FSF sysadmin
+- [rudy]
+- [snoogie] - Jean-Michel Frouin
+- [sp]
+- [stevenr]
+- [tizzef]
+- [ward] - FSF part-time sysadmin
+- [zerodeux] - Vincent Caron
+- [zeus] - Jonathan Gonzalez V.
+(et al.)
 
-#### subtopics:
+Related
+-------
 
--   [[RecruitingVolunteers]]
--   [[SavannahHacker]]
--   [[SavannahHackersCommunication]]
+- [[RecruitingVolunteers]]
+- [[SavannahHacker]]
+- [[SavannahHackersCommunication]]

Modified: trunk/sviki/ShellAccess.mdwn
===================================================================
--- trunk/sviki/ShellAccess.mdwn        2014-06-30 22:53:47 UTC (rev 89)
+++ trunk/sviki/ShellAccess.mdwn        2014-07-03 21:34:52 UTC (rev 90)
@@ -1,13 +1,16 @@
-Savannah does not provide general shell accounts, since running
+Shell access in general
+-----------------------
+
+Savannah does not provide shell accounts for users, since running
 arbitrary commands is far too large an attack vector.  We do use the
 Unix login mechanism and [[SshAccess]] but only certain commands can be
-run to do, e.g., vc operations.  Validation is done against the
-databases on internal.
+run to do, e.g., vc operations.  (Validation is done against databases
+on internal.)
 
 Savane distributes `sv_membersh`, a simple Perl script, that loads
 another Perl script in /etc for configuration. Using a Perl script as a
-login shell may yeld some efficiency concerns.  (But I think that is
-what we do on Savannah? --karl)
+login shell may yeld some efficiency concerns.  However, this is what we
+currently do on Savannah; efficiency here has not been a problem.
 
 Another tool is `rssh`
 (<http://packages.debian.org/stable/net/rssh>).
@@ -20,23 +23,50 @@
 it is not a good idea to use it (plus we'd have to patch the CVS
 validation).
 
-I (Sylvain) think a good move is to use `sv_membersh` and to translate it
-to C if we think that can reduce the load.  This has not been necessary.
 
+Shell access (as root) for Savannah workers
+-------------------------------------------
 
-Shell access for Savannah workers
----------------------------------
-Now, for those working on savannah, of course shell and root access is
-needed.  Generally, the idea to date has been to log in directly as
-root, with your ssh keys installed in the necessary places.  For most
-hosts, ssh has to go through fencepost or another known location, it's
-not open to the whole Internet.
+For those working on savannah itself (support requests, development,
+etc.), of course shell and root access is needed.  Generally, the idea
+to date has been to log in directly as root, with your ssh keys
+installed in the necessary places.  For most hosts, ssh has to go
+through fencepost.gnu.org or another known location, it's not open to
+the whole Internet.
 
-However, a few sv hackers like to have personal accounts on the servers.
-The best approach for this is to have it be completely separate from
-normal user-level savannah access.  Here was the process for `luca` in
-April 2014:
+So, the best first step is to get ssh access to fencepost.  If you don't
+have that already, see
+<http://www.gnu.org/software/README.accounts.html>.  After that, an
+existing savannah worker can enable your access to savannah.  (By adding
+the key to `mgt:/root/.ssh/authorized_keys` and running
+`mgt:/root/bin/push-root-authkeys`.)
 
+You may find it convenient to automatically proxy ssh through fencepost,
+along these lines:
+
+    Host mgt.savannah.gnu.org
+      User root
+      ProxyCommand ssh -qq fencepost.gnu.org /usr/bin/connect %h %p
+    Host dl.savannah.gnu.org
+      User root
+      ProxyCommand ssh -qq fencepost.gnu.org /usr/bin/connect %h %p
+    ...
+
+Beware of unintentionally trying to do normal vc checkouts as root.
+Understand what you're doing.  [[SavannahArchitecture]] lists the
+various hosts.
+
+FYI, you can also log in to lists.gnu.org (as user list) from
+mgt.savannah.gnu.org; see [[ListServer]] for tasks that this is needed for.
+
+Shell access (as separate user) for Savannah workers
+----------------------------------------------------
+
+Some sv workers like to have personal accounts on the servers.  The best
+approach for this is to have it be completely separate from normal
+user-level savannah access.  Here was the process for `luca` in April
+2014:
+
 0. Set up a normal account in the web interface to avoid someone later
 claiming the name.  But this should not be used for other purposes.