Opened 3 months ago

Closed 6 weeks ago

#31237 closed task (fixed)

Remove any invalid usernames from gitolite configuration

Reported by: irl Owned by: irl
Priority: Medium Milestone:
Component: Internal Services/Service - git Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We have not audited the whole thing in a while for accounts that may not be valid anymore. We would want to avoid permissions hanging around in case the account is reactivated later. It's easy enough to just ask someone for the permission again.

anarcat has given me magic LDAP incantations to check accounts with.

Child Tickets

Change History (3)

comment:1 Changed 3 months ago by irl

Owner: changed from tor-gitadm to irl
Status: newaccepted

comment:2 Changed 3 months ago by irl

Status: acceptednew

This is more difficult than I would like. All the non-user repositories have been checked.

The user repositories need more work. We should probably set R = @all and put them in the user attic.

It's not super urgent because there is no way to authenticate as these users, but in case the name is reused/reactivated we should have the permissions removed so they don't automatically come back.

comment:3 Changed 6 weeks ago by irl

Resolution: fixed
Status: newclosed

This was a long manual process but it is now complete. No users that do not have LDAP accounts are referenced in the config, nor are groups that are not defined.

Note: See TracTickets for help on using tickets.