From 2652b9cd6bc1637707905f26efc4f75c40cccbb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Mon, 23 Nov 2020 16:28:37 -0500
Subject: [PATCH] add more requirements for root

Mostly to be granted only as last resort. Demand that problems be
documented in the service page.

Also includes some clarification in the wording.
---
 policy/tpa-rfc-7-root.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/policy/tpa-rfc-7-root.md b/policy/tpa-rfc-7-root.md
index 0e88013b..d0c7ccd1 100644
--- a/policy/tpa-rfc-7-root.md
+++ b/policy/tpa-rfc-7-root.md
@@ -78,15 +78,19 @@ concerns only membership to the TPA team and access to servers.
 
 Members of TPA SHOULD have all access levels defined above.
 
-Service admins MAY have access to some accesses. In general, they MUST
-have `sudo` access to some role account to manage their own service,
-but they MAY be granted LIMITED `root` access (through `sudo`) only on
-the server(s) which host the service they are admin for.
+Service admins MAY have some access to some servers. In general, they
+MUST have `sudo` access to a role account to manage their own
+service. They MAY be granted LIMITED `root` access (through `sudo`)
+only on the server(s) which host their service, but this should be
+granted only if there are no other technical way to implement the
+service.
 
 In general, service admins SHOULD use their `root` access in
 "read-only" mode for debugging, as much as possible. Any "write"
 changes MUST be documented, either in a ticket or in an email to the
-TPA team (if the ticket system is down). 
+TPA team (if the ticket system is down). Common problems and their
+resolutions SHOULD be documented in the [service documentation
+page](service).
 
 Service admins are responsible for any breakage they cause to systems
 while they use elevated privileges.
-- 
GitLab