[Labs-l] no-root bots project

[Petr Bena]

This e-mail is kind of connected to similar thread started by Ryan about
making the bots project more secure. Because in this moment we aren't able
to set up a non root environment for production bots (that needs some time
before it's all configured and ready) I would like to remind that we have
already for some time so called NR (no root) boxes in bots project.

These aren't really no root since wmf ops and some "trusted" volunteers do
have root there, but it's still likely a bit more secure than what we have
on rest of testing instances, these instances are named like bots-nr1 (more
will be created if people use it).

WARNING: there is shared storage for example /home/* which is mounted to
boxes where people have root. So anything placed there can be deleted by
anyone. You are encouraged to use local /mnt/share storage that is not
accessible to everyone.

Please note that bots project is run by volunteers and doesn't guarantee
anything, if you need totally secure environment, either request a project
for yourself where only wmf people will have access, or... buy a server :P
so that only you will have access.

Thanks :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20121217/49b61515/attachment.html>