Revision: 864
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=864
Author: rwp
Date: 2026-03-20 18:41:27 -0400 (Fri, 20 Mar 2026)
Log Message:
-----------
New doc file NewAdminInternAccount.mdwn
Document new Savannah Administrator Intern account creation and setup.
Added Paths:
-----------
trunk/sviki/NewAdminInternAccount.mdwn
Added: trunk/sviki/NewAdminInternAccount.mdwn
===================================================================
--- trunk/sviki/NewAdminInternAccount.mdwn (rev 0)
+++ trunk/sviki/NewAdminInternAccount.mdwn 2026-03-20 22:41:27 UTC (rev
864)
@@ -0,0 +1,55 @@
+# Savannah New Administrator Intern Account
+
+The Savannah svadm account is the first step in onboarding a new
+Savannah Hacker administrator. Most of the current admins all started
+with an svadm account. This is a read-only account (for the most
+part) and therefore safe for exploring the systems. That's systems
+plural. There are several in the infrastructure. This is a good
+place to start to get an understanding of where things are and how
+things work.
+
+## Setup Instructions For Savannah Hackers
+
+Ensure that the user has created an account on the Savannah web UI to
+hold the cannonical account name, email, ssh key, gpg key, in the
+database. All of these are required at various times.
+
+Create a normal non-root user account for the new user on the mgt
+management node. Create it with a disabled password.
+
+ adduser --disabled-password $NEWUSER
+
+Extract their ssh key from the database and install it into their ssh
+authorized_keys file. (The authorized_keys on mgt should be getting
+created automatically via having a zero sized file template in
+/etc/skel/.ssh/authorized_keys file. This creates the file as the
+user and keeps the permissions correct.)
+
+ ...verify that it looks reasonable...
+ sv_get_authorized_keys $NEWUSER
+ ...add it to their authorized_keys file...
+ sv_get_authorized_keys $NEWUSER >> ~$NEWUSER/.ssh/authorized_keys
+
+Add the user to the adm and svadm groups.
+
+ adduser $NEWUSER adm
+ adduser $NEWUSER svadm
+
+Done. This user can now ssh into the mgt node as their own non-root
+user account. They can then change user to the svadm user account.
+
+## Instructions for the new Savannah Administrator Intern
+
+Log into your account on the mgt management node.
+
+ ssh [email protected] # or [email protected]
+
+Use sudo to switch users to the svadm account.
+
+ sudo -i -u svadm
+
+You are now enabled to browse around. You can list processes. You
+can browse log files. You can look at crontables. You can look at
+configuration. You can look at scripts and source. The account is
+mostly read-only to be a safe account for new people to explore
+without danger of breaking anything.
