We have many non-human accounts for various services, used by our web applications and certain automated scripts.
Owner: Fedora Infrastructure Team
Purpose: Provide Non-human accounts to our various services
A FAS account should be created when a script or application needs...
- to query FAS information
- filesystem privileges associated with a group in FAS
- bugzilla privileges associated with the "fedorabugs" group.
Be sure to check if Infrastructure already has a general-purpose account that can be used before creating a new one.
To create a FAS account:
- Go through the normal user creation process at https://admin.fedoraproject.org/accounts/
- Set the name to: (naming convention here)
- Set the email to the contact email for the account (this may need to be done manually if the contact email is an @fedoraproject.org address)
- Have a FAS admin set the account status to "bot" and set its UID below 10000. Make sure to check that this does not break any group references or file ownerships first. (TODO: add method for determining the next available UID)
- On db2:
$ sudo -u postgres psql fas2;
=> UPDATE people SET status='bot' WHERE username='username';
=> UPDATE people SET uid='newuid' WHERE username='username';
- On db2:
- Get the account into any necessary groups for permissions that it may need. Common ones include:
- Wiki editing: cla_done
- Access to SSH keys for third party users: thirdparty
- Access to SSH keys and password hashes for _internal_ fasClient runs: fas-systems
- Document this account at (insert location here, maybe have this be autogenerated)
A Bugzilla account should be created when a script or application needs...
- to query or file Fedora bugs automatically
Please make sure to coordinate with the QA and Bug Triaging teams if the script or application involves making mass changes to bugs.
If a bugzilla account needs "fedorabugs" permissions, follow the above steps for a FAS Account first, then follow these instructions with the email address you entered above. If the bugzilla account will not need "fedorabugs" permissions but will still require an @fedoraproject.org email, create an alias for that account first.
- Create a bugzilla account as normal at https://bugzilla.redhat.com/, using proper contact email for the account.
- Document this account at (insert location here)
Tie together FAS account and Bugzilla account info here