Portal:Toolforge/Admin/Toolforge roots and Toolforge admins
The terms Toolforge root and Toolforge admin are used somewhat interchangeably to describe users who do administrative work in Toolforge.
These users usually have all the set of elevated permissions listed in this page, but they must be all granted individually so it's possible for someone to only have a subset of these.
Ideally, we should find a way to add these permissions automatically by adding people to a single group in LDAP or elsewhere.
"tools" project in Cloud VPS
Adding a user with "member" privileges to the tools project in Cloud VPS.
This allows a user to add and delete other users from the Toolforge project.
There is also a separate toolsbeta project which is used by the Toolforge staging environment.
sudo policy "roots"
This allows a user to use sudo to become root on Toolforge instances.
Members of the admin tool in Toolforge can log into infrastructure instances and perform tasks as the admin tool.
An equivalent toolsbeta.admin tool exists on the "toolsbeta" staging deployment. Note that for toolsbeta you will need to add it through the command line using modify-ldap-group toolsbeta.admin from mwmaint1002.
Gerrit group "toollabs-trusted"
Users that are part of this group in Gerrit can +2 changes in Gerrit repositories related to Toolforge.
GitLab group repos/cloud/toolforge
Users that are part of this group in Gitlab can push changes to Gitlab repositories related to Toolforge.