expand on User directives authored by
We've just had a situation where a TPA member pushed to pauli as root which could have messed up the repository's permission. This was discovered by the post-receive hook which said it was pushed as root, which is good. Such a configuration should prevent those issues on most services. In particular, I add the jump host there to avoid logging in as root as it's not necessary. The same with the LDAP server, running ldapvi can (and should) be done as a regular user.