Account Deletion SOP

From FedoraProject

Revision as of 17:04, 8 June 2011 by Toshio (Talk | contribs)

Jump to: navigation, search
Infrastructure InfrastructureTeamN1.png
Shortcut:
ISOP:ACCOUNT_DELETION

For the most part we do not delete accounts. In the case that a deletion is paramount, it will need to be coordinated with appropriate entities.

Disabling accounts is another story but is limited to those with the appropriate privileges. Reasons for accounts to be disabled can be one of the following:

  • Person has placed SPAM on the wiki or other sites.
  • It is seen that the account has been compromised by a third party.
  • A person wishes to leave the Fedora Project and wants the account disabled.

Contents

Disable

Disabling accounts is the easiest to accomplish as it just blocks people from using their account. It does not remove the account name and associated UID so we don't have to worry about future, unintentional collisions.

Disable Accounts

To begin with, accounts should not be disabled until there is a ticket in the Infrastructure ticketing system. After that the contents inside the ticket need to be verified (to make sure people aren't playing pranks or someone is in a crappy mood). This needs to be logged in the ticket (who looked, what they saw, etc). Then the account can be disabled.

ssh db02
sudo -u postgres pqsql fas2

fas2=# begin;
fas2=# select * from people where username = 'FOOO';

Here you need to verify that the account looks right, that there is only one match, or other issues. If there are multiple matches you need to contact one of the main sysadmin-db's on how to proceed.

fas2=# update people set status = 'admin_disabled' where username = 'FOOO';
fas2=# commit; 
fas2=# /q

Disable Groups

There is no explicit way to disable groups in FAS2. Instead, we close the group for adding new members and optionally remove existing members from it. This can be done from the web UI if you are an administrator of the group or you are in the accounts group. First, go to the group info page (ex: [[1]]). Then click the (edit) link next to Group Details. Make sure that the Invite Only box is checked. This will prevent other users from requesting the group on their own.

If you want to remove the existing users, View the Group info, then click on the View Member List link. Click on All under the Results heading. Then go through and click on Remove for each member.

Doing this in the database instead can be quicker if you have a lot of people to remove. Once again, this requires someone in sysadmin-db to do the work:

ssh db02
sudo -u postgres pqsql fas2

fas2=# begin;
fas2=# update group, set invite_only = true where name = 'FOOO';
fas2=# commit;
fas2=# begin;
fas2=# select p.name, g.name, r.role_status from people as p, person_roles as r, groups as g
where p.id = r.person_id and g.id = r.group_id
and g.name = 'FOOO'; 
fas2=# -- Make sure that the list of users in the groups looks correct
fas2=# delete from person_roles where person_roles.group_id = (select id from groups where g.name = 'FOOO');
fas2=# -- number of rows in both of the above should match
fas2=# commit;
fas2=# /q

Deletion

Delete Accounts

Delete Groups

Renames

Rename Accounts

Rename Groups