Last modified: 2013-03-07 19:25:06 UTC
It's a bother for everyone if granting shell access is limited to admin users. We should allow another group the ability to grant/revoke shell access.
Maybe make it self-granting, so shell users can add new shell users?
That will allow sockpuppets to give themselves shell, which is what we are trying to avoid. I can allow a group to manage specific groups, though.
By that same reasoning, do you want to make it so only admins can add users to this grant/revoke shell access group too?
No. We can give access to a limited set of trusted volunteers to the group that can manage shell access. For instance: $wgAddGroups['shellmanagers'] = array( 'shell' );
Sorry for my lack of clarity, I meant who would add volunteers to this shellmanagers group - I'm presuming that will be admins.
Oh. Yes. That would indeed be the case.
In fact, I've just added this config to wikitech. I'm going to mark this as fixed :)