[Mageia-sysadm] planning for sysadmin task

Romain d'Alverny rdalverny at gmail.com
Tue Oct 26 15:44:21 CEST 2010 

On Tue, Oct 26, 2010 at 15:23, Michael Scherer <misc at zarb.org> wrote:
> And that's a question that I think I have already asked on irc when we
> devised the team, what is the role of the web team exactly regarding our
> servers and the software and how do we articulate with them.
>
> Ie, who is in charge of the following :
> - setup of web application
>  - apache side
>  - filesystem side
>  - database side

Sysadm. Per request of webteam.

> - setup of infrastructure ( ie apache module)

Sysadm. Per request of webteam.

> - who is in charge of securing
>  - the servers
>  - each applications

Both. Server security is going to be affected by application security
and this is the webteam role to control that part. And to assume/fix
potential issues.

> - who is in charge of backuping
>  - the server

sysadm.

>  - the applications

Webteam. Destroying and restoring a webapp must be a process taken
into account at their level. Doesn't prevent sysadmins to be able to
run it as well.

It's likely going to be a back-and-forth process but ideally, the
webteam would ask, for a given web app, for:
 - a database type and access (with expected usage size),
 - a vhost (provided it's not under an existing vhost),
 - a web repository where to put and update files (so they must have a
write access on this),
 - a specific Apache config,
 - a read access to related Apache logs
 - a list of needed modules (PHP, Ruby, Perl, others)

And should be able to work with this.

However we can think to future provision to some webteam people
(webmasters for instance) extended rights (Apache config write access,
reloading Apache, extended rights on database). Depends on situation
and roles.

> Is everything taken care of the sysadm team, in which case no permission
> should be given to webteam, or some part of this are ( beware, because
> some part are dependent, ie people who setup a application take care of
> the security and of bugfixing it ), and so will the sysadm team act like
> a shared server provider toward various member of the community ?

More like a shared-server provider. However situation may differ from
web app to web app. Don't know for sure yet. But as a start, I would
go per the process described above.

> And if we choose the path of a shared server provider, shall the web
> team alone be able to have a web site, or should we open the possibility
> to others team to do so ? ( ie, if the designers want to setup a custom
> webapp, who shall take care of that ? )

They should see that with the webteam or be part of it. That's the
place where all Web-related stuff (be it technical or not) should be
gathered and discussed.

Romain

More information about the Mageia-sysadm mailing list