[committee] Dispense as root (was Re: Restrictions on group applications for freshers)
Luke Williams
shmookey at shmookey.net
Fri May 20 03:29:28 AWST 2011
On Fri, May 20, 2011 at 1:25 AM, Daniel Axtens <danielax at gmail.com> wrote:
> Who would we chase if the safe _didn't_ balance? I realise full well that having a username attached to an operation is no guarantee of truthfulness, and that wheel are by definition highly trusted.
Good point. Years ago the note field in a deposit record was used to
store a unique number written on a little zip-lock pouch for each
deposit. If the safe didn't balance, each deposit could be verified.
It was a lot of work for the treasurer.
Does the safe get rigorously checked at the moment? Does it usually
match the expected amount perfectly?
Luke
>
> So, lest I be accused of ceaseless complaining, I have written and attached patches to prevent it.
>
> Also, leafing through the code reinforced my moderate disappointment with the cabal nature of the admin group created by the new system (USER_FLAG_ADMIN) but that's a discussion for another time.
>
> [DJA]
>
> Footnotes:
> [1] grep "by root" ~coke/cokelog|grep "money in safe"|grep -v BOB|awk 'BEGIN {sum=0}; {sum += $7}; END {print sum}'
> This is included to demonstrate the power of awk. Come to whatever l2linux it is that [BOB] is arranging for me to speak at to learn this sort of stuff.</shameless plug>
>
> [2] Although, interestingly, not to the point of having a safe key in the MR.
>
> Technical Notes for the patches:
> - I'm slightly hamstrung by the fact that CokeBank doesn't have a USER_FLAG_ROOT: I've added a direct test against the username instead. I notice this is already done in server/dispense.c (although it is labeled an evil hack).
> - I noticed USER/PASS authentication sets Client->Username, but AUTOAUTH doesn't. I fixed this.
> - I haven't updated the client to understand the error returned: it will tell root that [s]he isn't in coke. This is, aiui, a one line fix if done hackily, and ~5 lines to do better.
> - The patched code compiles cleanly, but is untested. This is left as an exercise for the maintainer. :P
>
>
>
More information about the committee
mailing list