#27282 closed task (fixed)

Remove trac admin permissions from inactive users

Reported by: teor Owned by: teor
Priority: Medium Milestone:
Component: Internal Services/Service - trac Version:
Severity: Normal Keywords:
Cc: hiro Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by teor)

I'd like to suggest a new trac permissions policy:

If someone hasn't logged in for 6 months, we remove all their permissions.

Let's start by removing admin from people who haven't logged in for 6 months, made any modifications for 30 days (because that's all I can see).

Child Tickets

Change History (11)

comment:1 Changed 16 months ago by gk

+1

comment:2 Changed 16 months ago by cypherpunks3

But then qbi will lose admin status :O

comment:3 Changed 16 months ago by teor

Description: modified (diff)

comment:4 in reply to:  2 Changed 16 months ago by teor

comment:6 Changed 16 months ago by teor

Owner: changed from qbi to teor
Status: newassigned

We've limited Trac's timeline to 30 days. I've emailed the admin users who haven't changed anything in the last 30 days.

comment:7 Changed 16 months ago by cypherpunks3

Was just joking :)

made any modifications for 30 days (because that's all I can see).

This will remove isis from the admins and other people listed in the Tor core people page.

comment:8 in reply to:  7 Changed 16 months ago by teor

Replying to cypherpunks3:

Was just joking :)

made any modifications for 30 days (because that's all I can see).

This will remove isis from the admins and other people listed in the Tor core people page.

Being listed on the core people page does not guarantee TRAC_ADMIN access.

comment:9 in reply to:  description ; Changed 16 months ago by qbi

Replying to teor:

If someone hasn't logged in for 6 months, we remove all their permissions.

https://trac.torproject.org/projects/tor/wiki/org/operations/services/trac says that TRAC_ADMIN permissions will be removed. If this should be the policy, I suggest also remove them from groups which contain TRAC_ADMIN as a permission.

However the above sentence could also be understood in a way that those users are downgraded to anonymous or authenticated users. It might also be a good policy to downgrade them to authenticated users. So all other special permissions which were collected over time get removed.

comment:10 in reply to:  9 Changed 16 months ago by teor

Replying to qbi:

Replying to teor:

If someone hasn't logged in for 6 months, we remove all their permissions.

https://trac.torproject.org/projects/tor/wiki/org/operations/services/trac says that TRAC_ADMIN permissions will be removed. If this should be the policy, I suggest also remove them from groups which contain TRAC_ADMIN as a permission.

However the above sentence could also be understood in a way that those users are downgraded to anonymous or authenticated users. It might also be a good policy to downgrade them to authenticated users. So all other special permissions which were collected over time get removed.

Thanks for the feedback. I have changed the draft policy so that we remove all special permissions,

comment:11 Changed 15 months ago by teor

Resolution: fixed
Status: assignedclosed

This has been done.

Note: See TracTickets for help on using tickets.