* Front Page * Table of Contents * Return to Town

tilde.town administration

This page covers all aspects of tilde.town administration. Its primary goal is to serve as a complete guide to running tilde.town. While morbid, imagine that ~vilmibm shuffled off the mortal coil tomorrow: without this document, the running of the town would be a big mystery.

Its secondary goal is to provide a guide to volunteer admins, users who have some limited scope of administrative privilege. They help take the burden off of ~vilmibm.

Its final goal is to promote transparency. The town is best described as anarcho-monarchist society: users self-govern according to the coc, appealing to an all-powerful admin (~vilmibm) if self-governance hits a wall. Such an arrangement benefits from administrative transparency, for without trust in the admin the limits of self governance can undermine the community (for example, not being able to ban a repeat coc violator).

Getting help

If you need to contact an administrator, you can:

Root

A few select users have access to the town's root account. They are:

Sometimes other users are deputized with root access to deal with situations as they arise.

root sees all and can do all. It has access to every single file and can assume any user at any time. This is a big deal. In general, actions that are not strictly required to be run as root should not and are not run as root. Users are not monitored in any way and their files are only examined in the course of fixing a system issue (ie, a runaway script) or conduct violation (ie, improper use of system resources or harassment).

The admin group

Some resources are owned by the admin group. This is the group of users with root access.

The Admin App

About a year ago, ~vilmibm was feeling a tremendous amount of pressure keeping the town going. Adding users required root access and there was no easy way to share the responsibilities; worse, adding users was a heavily manual process.

Thus, ~vilmibm wrote the django admin app. This is a web GUI that:

It was instrumental in keeping tilde.town alive. Now, it automates most of what ~vilmibm used to shell in and become root to do manually and has made administration of the town much easier.

It has also opened up an opportunity to have volunteer admins with a very restricted permission set. The admin app accomplishes this with:

Volunteer admins

Volunteer admins are people who assist ~vilmibm with tasks regular users are not permitted to perform but that don't require full root access. In addition to serving as operators for the #tildetown IRC channel (the default one), they are allowed to log into the admin app and take various actions there. They are marked as "staff" and put in the Volunteer Admins group, which has the following permissions:

Volunteer admins CANNOT:

Currently they don't receive special privileges on tilde.town itself, though this will hopefully change.

The current volunteer admins:

IRC administration

Our IRC server is bare bones. We don't run NickServ or ChanServ and haven't really needed to (we still probably should though). The #tildetown channel (where you appear when you run chat) is the only "official" channel; in other words, the only users with special privileges there are ~vilmibm and the volunteer admins.

Volunteer Admin Handbook

This section details the various responsibilities of a volunteer admin.

Add a new user

Users sign up via the sign up form. They are created in the admin app's database, but will not exist on the actual server until an admin approves them.

To review and add a user:

Add a public key for a user

You should probably let the user know this is done.

Rename a user

Should a user request a rename in a help desk ticket, the process is:

You should probably let the user know this is done.

Set IRC topic

in #tildetown, run /topic this is my cool new topic

Handle nick unregistration if necessary in IRC

sometimes users need their IRC account reset:

/quote NS unregister a-username

Admin Only Tasks

Install new software

Only root can run apt. If you want software installed, file a help ticket.

Ban a user

This is extremely rare. The "ban" process is:

Create disk backups

This task is performed from the AWS console, which only ~vilmibm has access to.

Audit user activity

This is more common than banning a user but still very rare. This involves running find on a user's home directory to find questionable things or investigate high disk usage or possibly reading a user's command history file.

Manage services

The services that root is responsible for (and, for example, might need restarting if the server restarts):


last compiled: 2024-10-15 11:00:58.792855