Briefly summarizing the wiki to-do list:
http://wiki.hcoop.net/wiki/NewServersSetup
because mentioning things in e-mail sometimes makes them happen faster:
Should the Exim filters item be moved off the to-do list?
=== Apache ===
The ten bazillion pound gorilla remaining is getting Apache dynamic
content working with AFS. Out of the options megacz has suggested on
that page, I'm in favor of a choice that might be in the list, but I'm
not sure. That is:
1) We don't allow mod_perl-style execution of scripts, because that
approach is incompatible with our privilege model.
2) Apache's mod_suexec already has a tiny, separately frob-able program
called suexec. I modified it quite easily to add some security stuff on
fyodor, and I believe we could do the same on mire.
3) mod_php has a similar suexec-style wrapper, similarly tiny and easy
to add code to. (And I've done this on fyodor, too.)
So, I'm suggesting something like the "hack up a kstart wrapper" option,
but I think the su* programs that need to run anyway are a natural way
to put the kstart code.
Any alternative opinions?
=== Mailman ===
Then there's the configuration of Mailman. ntk is signed up as the
primary person in charge, but I still think it's a mistake to assign any
of these tasks primarily to non-admins. (ntk is our point person for
going to the colocation facility in person, so he has root access, but
he hasn't signed up as an admin.)
I think we want Mailman data stored on user AFS volumes, too, for quota
purposes. However, the privileges should be easier, as we can grant a
system Mailman user access to the volumes, while giving users read
access. Thoughts on this?
=== Other stuff ===
We still need to apportion primary responsibility for some daemons! See
the rows with question marks in their second columns.
http://wiki.hcoop.net/wiki/TaskDistribution
BIND is the most critical one, with Webalizer a distant second. The
Dell monitoring and RAID stuff seem important, but I, at least, am
clueless as to what the assigned admins will do with them. Nonetheless,
we should either remove them from the list or assign people.
We also have the set-up of Courier on deleuze and of exim on mire, which
I think are assigned to mwolson.
Whoever signs up for BIND should set our BINDs up for local DNS resolutions.
I think these are the big things to do.
_______________________________________________
HCoop-SysAdmin mailing list
[email protected]
http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
