From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <overseers-return-7178-listarch-overseers=sources.redhat.com@sources.redhat.com>
Received: (qmail 32014 invoked by alias); 10 Jun 2004 20:46:20 -0000
Mailing-List: contact overseers-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Archive: <http://sources.redhat.com/ml/overseers/>
List-Post: <mailto:overseers@sources.redhat.com>
List-Help: <mailto:overseers-help@sources.redhat.com>,
	<http://sources.redhat.com/ml/#faqs>
Sender: overseers-owner@sources.redhat.com
Received: (qmail 31998 invoked from network); 10 Jun 2004 20:46:19 -0000
Received: from unknown (HELO jifvik.dyndns.org) (81.104.194.28)
  by sourceware.org with SMTP; 10 Jun 2004 20:46:19 -0000
Received: from eCosCentric.com (garibaldi.jifvik.org [172.31.1.2])
	by jifvik.dyndns.org (Postfix) with ESMTP
	id 963994055F; Thu, 10 Jun 2004 21:46:15 +0100 (BST)
Message-ID: <40C8C897.7060703@eCosCentric.com>
Date: Thu, 10 Jun 2004 21:15:00 -0000
From: Jonathan Larmour <jifl@eCosCentric.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.4) Gecko/20030703
MIME-Version: 1.0
To: Christopher Faylor <me@cgf.cx>
Cc: Ian Lance Taylor <ian@airs.com>,
	Gerald Pfeifer <gerald@pfeifer.com>, overseers@sourceware.org
Subject: Re: removing login rights from non-overseers
References: <20040609012706.GA4536@coe.casa.cgf.cx> <40C6809E.50102@eCosCentric.com> <20040609032303.GA12460@coe.casa.cgf.cx> <Pine.BSF.4.58.0406102153010.60912@acrux.dbai.tuwien.ac.at> <m3oenryxn0.fsf@gossamer.airs.com> <20040610203442.GA6939@coe.casa.cgf.cx>
In-Reply-To: <20040610203442.GA6939@coe.casa.cgf.cx>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-SW-Source: 2004-q2/txt/msg00514.txt.bz2

Christopher Faylor wrote:
> On Thu, Jun 10, 2004 at 04:18:59PM -0400, Ian Lance Taylor wrote:
> 
>>Gerald Pfeifer <gerald@pfeifer.com> writes:
>>
>>>We also do have the gccadmin account, but in general I prefer to do
>>>simple checks and in fact everything possible using my personal
>>>account, and only use the role accounts when necessary.
>>
>>I tend to think it is best to do as little as possible using the role
>>account, and in fact I think it might not be such a bad idea to forbid
>>people from logging in as the role account.
> 
> 
> I would agree, in general, with this philosophy but how would people be
> able to make changes to the gccadmin stuff like cron jobs?

<fx: butts in :-)>

Perhaps a cron job that does something like:

8 * * * * sh -c "sleep 15 ; cd cvs ; cvs -q up gccadmin.crontab ; crontab 
gccadmin.crontab" &

where the cvs directory contains a checkout where CVSROOT was set to /cvs/gcc

(I don't know if cron would have recursion problems, but the sleep and 
backgrounding should help avoid that theoretical problem).

If someone screws the crontab up there could be problems that require an 
overseers intervention, but that should be rare.

Jifl
-- 
eCosCentric    http://www.eCosCentric.com/    The eCos and RedBoot experts
--["No sense being pessimistic, it wouldn't work anyway"]-- Opinions==mine