welcome: please sign in

The following 291 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
access   account   accounts   Add   address   admin   Administration   admins   after   ahead   ahold   all   allow   almost   alone   also   and   any   anything   are   as   at   attempts   authentication   Auto   balances   be   been   before   being   belong   between   block   boot   broken   bug   Bugzilla   bugzilla   by   can   Category   caution   certainly   cgi   chance   charged   Check   close   comes   command   communication   complain   configure   consequence   Coop   corresponding   could   cron   crontab   Crucially   currently   daemons   database   databases   delinquent   Disable   do   documentation   does   domains   domtool   Domtool   done   down   dues   easily   email   etc   every   everything   Exim   facilitating   Figure   file   first   For   for   forgotten   found   freeze   freezing   from   front   frozen   full   generic   get   getting   Give   give   giving   great   has   have   hcoop   help   Hide   his   honor   host   how   https   id   idempotently   if   implemented   important   in   In   information   into   is   it   just   Kerberos   Kill   last   least   leave   left   less   level   like   lingering   list   lists   log   low   mail   Mailman   mainly   manage   many   may   maybe   member   members   mentioned   mess   message   month   most   mounted   must   My   need   Needs   net   Not   not   notably   notice   of   old   on   once   One   online   only   or   other   Our   our   out   package   page   paid   password   passwords   pay   pays   permissions   perms   place   point   portal   post   poster   Postgres   preference   prerequisite   present   priority   process   processes   reason   refers   remove   Remove   reply   requests   reset   resort   restored   restores   result   results   reversed   revoke   Revoke   rmuser   Run   run   Save   saying   script   See   seems   send   server   servers   services   serving   shell   should   show   since   slay   some   Somehow   something   somewhat   somewhere   stop   success   suggesting   System   take   taking   tell   tells   temporarily   than   that   The   the   their   them   there   they   Things   things   This   this   Though   though   to   Two   unfreeze   unfreezing   unless   unmounting   up   updated   us   use   used   user   username   users   ve   version   volume   volumes   want   was   way   We   we   when   where   whether   which   whose   wiki   will   with   won   Work   would   yet  

Clear message


The freezing process is currently somewhat broken. See https://bugzilla.hcoop.net/show_bug.cgi?id=791. This documentation is from before freezing was implemented, and must be updated.

Our last resort for getting ahold of delinquent members is taking down as many of their services as we can manage to do in a generic "member freeze" script. A corresponding "unfreeze" script restores everything idempotently* once a member pays up. We freeze accounts whose balances are close to the point where the member will have paid less than they've been charged. We freeze accounts at least a month ahead of this point, giving members a chance to notice that their services are down and pay up before we need to boot them.

Crucially, we want to leave alone anything that they host with us that could be important for facilitating online communication between them and us. This refers mainly to e-mail and access to the HCoop portal and Bugzilla. One consequence is that we can't reset a member's password, since passwords from our Kerberos database are used for authentication to HCoop IMAP/POP, the portal, and Bugzilla.

* In a way that won't mess up the services after unfreezing.

1. Things the freeze script does

1.1. Disable log-in

1.2. Remove Domtool access

1.3. Remove crontab access

For every server where we allow members cron access:

1.4. Kill lingering processes

For every server where members may run processes:

1.5. Hide Mailman lists

Figure out which lists belong to this member and temporarily block them at the Exim level? Auto-reply to post attempts suggesting that the poster complain to the delinquent member would be great!

Not yet implemented

1.6. Revoke database access

Somehow revoke permissions on MySQL and Postgres databases, in a way that can be reversed in unfreezing. This seems like low priority and can almost certainly be left out of the first version. (Though maybe it could be done easily by unmounting the member's database volume, though we want to leave his other volumes mounted.)

Not yet implemented

1.7. Disable services on PAM level

Add username to /etc/frozen.users or something, and have not being mentioned in that file as a prerequisite for PAM success. Two things to take into account:

Not yet implemented

CategorySystemAdministration CategoryNeedsWork

MemberFreezing (last edited 2014-03-09 18:46:35 by cpe-071-070-253-241)