tilde.town administration
This page covers all aspects of tilde.town administration. Its primary goal is to serve as a complete guide to running tilde.town. While morbid, imagine that ~vilmibm shuffled off the mortal coil tomorrow: without this document, the running of the town would be a big mystery.
Its secondary goal is to provide a guide to volunteer admins, users who have some limited scope of administrative privilege. They help take the burden off of ~vilmibm.
Its final goal is to promote transparency. The town is best described as anarcho-monarchist society: users self-govern according to the coc, appealing to an all-powerful admin (~vilmibm) if self-governance hits a wall. Such an arrangement benefits from administrative transparency, for without trust in the admin the limits of self governance can undermine the community (for example, not being able to ban a repeat coc violator).
Getting help
If you need to contact an administrator, you can:
- send a short message to the admins IRC channel with the
!admins
command in the main channel. You can also do this privately like this:/msg adminbot !admins etc etc
. adminbot will reply to you--if it doesn't, it's probably offline - send a message to an admin on IRC directly. anyone who is an operator in the
#tildetown
channel should be able to get you help, even if they can't help you directly. - send an email to one or all of these addresses:
Root
A few select users have access to the town's root
account. They are:
Sometimes other users are deputized with root access to deal with situations as they arise.
root
sees all and can do all. It has access to every single file and can assume
any user at any time. This is a big deal. In general, actions that are not
strictly required to be run as root
should not and are not run as root
. Users
are not monitored in any way and their files are only examined in the course of
fixing a system issue (ie, a runaway script) or conduct violation (ie, improper
use of system resources or harassment).
The admin group
Some resources are owned by the admin
group. This is the group of users with
root access.
The Admin App
About a year ago, ~vilmibm was feeling a tremendous amount of pressure keeping
the town going. Adding users required root
access and there was no easy way to
share the responsibilities; worse, adding users was a heavily manual process.
Thus, ~vilmibm wrote the django admin app. This is a web GUI that:
- Exposes a user sign up page to the public
- that can validate RSA and RSA keys
- that can ensure uniqueness of usernames
- that provides a basic CAPTCHA
- Exposes a private admin interface that:
- can add and update user accounts on disk
- can post to social media
- can triage help tickets
- can moderate the guestbook
It was instrumental in keeping tilde.town alive. Now, it automates most of what
~vilmibm used to shell in and become root
to do manually and has made administration of the town much easier.
It has also opened up an opportunity to have volunteer admins with a very restricted permission set. The admin app accomplishes this with:
- Django Admin's group and permission system
- a dedicated user on the system (
ttadmin
) - A carefully crafted set of scripts and sudoers entries
Volunteer admins
Volunteer admins are people who assist ~vilmibm with tasks regular users are not
permitted to perform but that don't require full root
access. In addition to serving as operators for the #tildetown
IRC channel (the default one), they are allowed
to log into the admin app and take various actions there. They are marked as
"staff" and put in the Volunteer Admins group, which has the following
permissions:
- Update users (rename them or fix their information)
- Add public keys to users
Volunteer admins CANNOT:
- delete users
- delete public keys
Currently they don't receive special privileges on tilde.town itself, though this will hopefully change.
The current volunteer admins:
IRC administration
Our IRC server is bare bones. We don't run NickServ or ChanServ and haven't
really needed to (we still probably should though). The #tildetown
channel
(where you appear when you run chat
) is the only "official" channel; in other
words, the only users with special privileges there are ~vilmibm and the
volunteer admins.
Volunteer Admin Handbook
This section details the various responsibilities of a volunteer admin.
Add a new user
Users sign up via the sign up form. They are created in the admin app's database, but will not exist on the actual server until an admin approves them.
To review and add a user:
- Login to the admin app
- Click on Townies
- For each user account, check their information:
- Does their email already have an account here? (see related issue)
- Do their reasons seem weird?
- Did they bother filling in the application?
- Is there anything suspicious about their email?
- From the townie list, select the users you want to approve with the checkbox on the left.
- In the Action: drop down, select Mark selected townies as reviewed. This:
- creates the user on disk
- announces the new users on mastodon and twitter
- sends each user a personal email
- IMPORTANT our email provider, Zoho, will flag and mute our account if we send too many emails too quickly. It sucks, but be slow in approving users. Never bulk-approve.
Add a public key for a user
- Login to the admin app
- Click on Townies
- Find the user (searching for their username works) and click on them
- Scroll to the PUBKEYS section
- In the first open Pubkey object box:
- Select the pubkey type (probably
ssh-rsa
) - Paste in the pubkey
- Select the pubkey type (probably
- Scroll down and click SAVE
You should probably let the user know this is done.
Rename a user
Should a user request a rename in a help desk ticket, the process is:
- Is the new username taken? Stop and let them know via email if so.
- Login to the admin app
- Click on Townies
- Find the user (searching for their username works) and click on them
- Update their "username" field.
- Click save. This will:
- run
usermod
to rename the user - move their home directory to match their new name
- run
You should probably let the user know this is done.
Set IRC topic
in #tildetown
, run /topic this is my cool new topic
Handle nick unregistration if necessary in IRC
sometimes users need their IRC account reset:
/quote NS unregister a-username
Admin Only Tasks
Install new software
Only root can run apt
. If you want software installed, file a help ticket.
Ban a user
This is extremely rare. The "ban" process is:
rm -rf /home/banned_user
deluser banned_user
- deleting the user from the admin app database.
Create disk backups
This task is performed from the AWS console, which only ~vilmibm has access to.
Audit user activity
This is more common than banning a user but still very rare. This involves
running find
on a user's home directory to find questionable things or
investigate high disk usage or possibly reading a user's command history file.
Manage services
The services that root
is responsible for (and, for example, might need
restarting if the server restarts):
- bbj
- admin app
- irc (oragono)
- mail server
- postgresql
- nginx
last compiled: 2024-10-15 11:00:58.792855