On Wed, Oct 12, 2011 at 01:02:57PM -0400, Owen Taylor wrote: > So, I've been doing some work on setting up extensions.gnome.org, and > have come to the point of needing to figure out access rights. > > extensions.gnome.org has a bit more security concerns than the average > gnome.org website, because if you have access to modify the extensions > web app or the downloads it serves, you can substitute extensions with > malicious versions. > > Of course, injection of malicious code is also an issue with our git > repositories, but we at least have intermediate steps between commits > to git and final release where things can be caught. > > So, I'd like to take some additional steps to lock down access: > > - Put extensions.gnome.org on a separate VM (already created) > > - Restrict login access and database access to GNOME sysadmins > and people actively involved in site maintenance. > > - Maybe also lock down commits to the repository the same way > > - Use manual push rather than automatically pushing commit.
Latter I don't see the need if you already lock down the commits. > My thought is that it probably makes most sense to create a new group, > called egoadmin which will be used for update-auth, sudo, and also > (if we decide to lock down git commits) for checking in a hook. > > Anybody see any problems with creating such a group and adding it to > Mango? (Like gitadmin, it's possible that at some point, we'll want > to just drop and and say that e.g.o maintenance is just part of what > the sysadmins do, but for now it would be a pain to have to proxy > everything for Jasper St. Pierre who is actually working on the site.) My only worry is Puppet. A lot of the scripts might expect gnomeweb to have access to e.g. /var/log/httpd, /svr/something and so on. -- Regards, Olav _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
