Re: Access rights for extensions.gnome.org

[Olav Vitters <olav vitters nl>]

On Wed, Oct 12, 2011 at 01:02:57PM -0400, Owen Taylor wrote:
> So, I've been doing some work on setting up extensions.gnome.org, and
> have come to the point of needing to figure out access rights.
> 
> extensions.gnome.org has a bit more security concerns than the average
> gnome.org website, because if you have access to modify the extensions
> web app or the downloads it serves, you can substitute extensions with
> malicious versions.
> 
> Of course, injection of malicious code is also an issue with our git
> repositories, but we at least have intermediate steps between commits
> to git and final release where things can be caught.
> 
> So, I'd like to take some additional steps to lock down access:
> 
>  - Put extensions.gnome.org on a separate VM (already created)
> 
>  - Restrict login access and database access to GNOME sysadmins
>    and people actively involved in site maintenance.
> 
>  - Maybe also lock down commits to the repository the same way
> 
>  - Use manual push rather than automatically pushing commit.

Latter I don't see the need if you already lock down the commits.

> My thought is that it probably makes most sense to create a new group,
> called egoadmin which will be used for update-auth, sudo, and also
> (if we decide to lock down git commits) for checking in a hook.
> 
> Anybody see any problems with creating such a group and adding it to
> Mango? (Like gitadmin, it's possible that at some point, we'll want
> to just drop and and say that e.g.o maintenance is just part of what
> the sysadmins do, but for now it would be a pain to have to proxy
> everything for Jasper St. Pierre who is actually working on the site.)

My only worry is Puppet. A lot of the scripts might expect gnomeweb to
have access to e.g. /var/log/httpd, /svr/something and so on.

-- 
Regards,
Olav