wiki:org/operations/services/trac

Trac Policies

Admin Accounts

In #27282, we created a draft admin account policy:

Accounts that haven't been active for 6 months will have all extra permissions removed, including GRP_admin and TRAC_ADMIN.

Pager playbook

Deleting a spammer

/home/tracadm/bin/delete-user USERNAME

Purging anonymous sessions

Trac doesn't automatically purge "anonymous sessions", which can clutter the database. This will clear all sessions up to May 11th 2020:

trac-admin /srv/trac.torproject.org/trac/tor/ session purge  "2020-05-11T14:22:00+00:00"

There's now a cronjob (crontab -e -u tracweb) that will purge sessions older than 7 days, but it hasn't been verified:

trac-admin /srv/trac.torproject.org/trac/tor/ session purge "7 days"

Before, in May 2020, the number of sessions was around 1 million entries. After purging, it returned to a more reasonable 50,000 entries.

Disabling the cypherpunk account

If the cypherpunk accounts misbehaves, it might be worth disabling it for a while. There are many cypherpunks accounts in the database: to block all their passwords, try:

sed '/cypherpunk/{s/:.*/:$5$*/}' -i.orig /srv/trac.torproject.org/trac-var/trac.users

Then delete their session:

trac-admin /srv/trac.torproject.org/trac/tor/ session delete cypherpunks

Note that it's unclear if this actually works: in tor#34175 the cypherpunk account still seemed to be capable of adding stuff in Trac.

Also, the password is regularly reset with a cronjob, so you will need to disable that in:

crontab -e -u tracweb
Last modified 4 weeks ago Last modified on May 12, 2020, 2:26:44 PM