System administrators - Meta-Wiki

System administrators - Meta-Wiki
Jump to content
From Meta, a Wikimedia project coordination wiki
Translate this page
Other languages:
Bahasa Indonesia
Lëtzebuergesch
Nederlands
Sunda
Tiếng Việt
Türkçe
azərbaycanca
dansk
italiano
lietuvių
polski
português
português do Brasil
română
suomi
čeština
Ελληνικά
македонски
русский
српски / srpski
українська
العربية
سنڌي
فارسی
پښتو
मराठी
हिन्दी
മലയാളം
ไทย
ဖၠုံလိက်
中文
한국어
Shortcut
SA
For legal and security reasons, the
Wikimedia Foundation
requires
two-factor authentication
for this role.
This page covers the people who manage and maintain the Wikimedia Foundation servers. Historically, these people were known as "
developers
", but that is now inaccurate. For information on developers of the MediaWiki software, see
the Developers page on MediaWiki.org
. For the administration access of wiki pages and users known as "administrators", "admins", or "sysops", see
administrator
System administrators
perform
systems administration work
on the Wikimedia servers. Their primary task is to ensure that the Foundation's collection of over 900 wikis continues to function smoothly, so that users can continue to read pages and make changes. Aside from maintaining the hardware and software in the
Wikimedia server clusters
, they are responsible for updating and configuring the version of the
MediaWiki
software that runs on the Wikimedia servers, and can perform administrative tasks requiring direct server or database access, such as creating new wikis, closing wikis, changing configuration settings, etc.
The
Wikimedia Foundation
legally controls the servers; ultimately the
Wikimedia Foundation Board of Trustees
is responsible for determining who has
sysadmin
access, and how that responsibility is exercised. However, this power is delegated to various Wikimedia Foundation
managers
. On a day-to-day basis, various system administrators with root or shell access manage the server clusters.
System administrator actions
Although system administrators are often not active on Wikimedia wikis themselves, they may occasionally need to perform actions for technical reasons, such as blocking users or bots that are consuming unacceptable amounts of system resources, or undoing edits that put heavy strain on the servers. Such actions should not be undone without consulting the system administrator.
To facilitate these changes being made in a transparent fashion, all system administrators who ask can be added to the
'sysadmin'
global group
automatic members lists
). This group allows them to set user rights for any user on any wiki, in the same fashion as
stewards
. So if a system administrator needs to perform an action restricted to administrators (like editing system messages) on a particular wiki, they can simply grant themselves admin status on that wiki to make the action. In addition, the
'sysadmin'
group has access to
Special:GlobalGroupPermissions
, where system administrators can
change
the permissions assigned to their global group. So as an alternative, the system administrator could add
editinterface
to the global group permissions, and would then be able to edit system messages on all wikis.
System administrators are encouraged to use the latter method of granting permissions, to avoid the lists of administrators/bureaucrats on local wikis becoming cluttered with users who are not 'permanent' members of those groups. These self-promotions may be removed at any time by stewards, as they can be easily restored if needed. However, some system administrators have permissions on certain wikis as a result of due process on that wiki, for instance
Tim Starling's
adminship on
English Wikipedia
; such rights should
not
be removed in this fashion.
Requesting on-wiki access
Approving the on-wiki
sysadmin
global group to any account (staff and volunteers) is the responsibility of the Trust and Safety team in consultation with Legal at the Foundation. Not all system administrators have this permission. The on-wiki permission can be given to those who already have relevant permission/access in Wikimedia’s technical spaces (i.e. shell access) and can demonstrate a need of doing related on-wiki changes in order to better support the communities.
The requester needs to submit their request on the
Steward requests/Global permissions
Meta page. After submitting the request on Meta, the requester needs to send a note with a detailed use case (i.e. what do you need the rights for?) to Trust and Safety through ca
wikimedia.org for approval.
Once approved by the Legal department, one of the members from the Trust and Safety team will coordinate with the Stewards and will confirm the approval on the Meta request page.
Once the approval from the Foundation is secured, the Stewards ensure that the 2FA requirement for the user account is met and grant the rights.
The Stewards will remove the rights if the user wishes to resign and/or loses access to the server, Foundation asks for removal, or in case of abuse and in an emergency situation (i.e. account compromised).
List
Do not contact people on this list directly if you need something to be done. Instead, go to the
#wikimedia-tech
connect
IRC channel
or file a ticket on
phabricator.wikimedia.org
There are various levels of shell access (through user groups) and many (whether or not overlapping) groups of servers that access is granted to. The canonical
list of users
with access to the servers is maintained in the
Git
repository that hosts the
Puppet
configuration used to configure the servers.
Users in the
restricted
deployment
, or
ops
groups (and by extension the
release-engineering
group which is included by reference) have sysadmin access to the servers running MediaWiki itself.
History
Initially, it was Jimmy Wales who installed software, ran update programs, etc., on the servers. In March 2002, he proposed to give login accounts to some developers ("
Trusted user access to machine
", Wikitech-l).
System administrators formerly had an important role in the
Wikipedia
power structure
, since they were the only ones able to promote and demote sysops and lock user accounts (before the "block" feature of
MediaWiki
existed).
See also
System administrators:
global permission
global groups (toolforge)
member list
group changelog
Global groups
User groups
Local
groups
On Meta
Without global effects
Account creators
Autopatrollers
Bots
Bureaucrats
CheckUsers
Community Wishlist managers
Confirmed users
Event organizers
Flood flag
Importers
IP block exemptions
Users blocked from the IP Information tool
Oversighters
Patrollers
Transwiki importers
Temporary account IP viewers
Uploaders
With global effects
Administrators
Central notice administrators
Global renamers
Interface administrators
MassMessage senders
OAuth administrators
Push subscription managers
Translation administrators
WMF Office IT
WMF Trust and Safety
On some wikis
Uploaders
Autopatrollers
Patrollers
Reviewers
Rollbackers
Autochecked users
Extended confirmed users
File movers
Interface editors
Abuse filter editors
Template editors
Eliminators
Translation administrators
MassMessage senders
Arbitration committee members
Extended movers
Bots with administrator rights
Flooders
Curators
Election clerks
On one wiki
(except Meta)
Noratelimit accounts
Engineers
Upload Wizard campaign editors
Image reviewers
Test wiki administrators
Property creators
Wikidata staff
Researchers
IP block exemption grantors
Movers
Functioneers
Maintainers
Wikifunctions staff
On all wikis
Blocked users
Unregistered users
Newly-registered users
Registered users
Confirmed users
Autoconfirmed users
Account creators
Bots
Administrators
Interface administrators
Bureaucrats
Oversighters
CheckUsers
IP block exemptions
Importers
Transwiki importers
Temporary account IP viewers
Users blocked from the IP Information tool
Structured Discussions bots
Historical groups
Extended uploaders
Course coordinators, Instructors, Online volunteers and Campus volunteers
ZeroRatedMobileAccess administrators
WMF ops monitoring
GWToolset users
Global
groups
Locked accounts
Unified accounts
Abuse filter helpers
Abuse filter maintainers
API high limit requestors
CAPTCHA exemptions
Founder
Global bots
Global deleters
Global Flow creators
Global interface editors
Global IP block exemptions
Global rollbackers
Global sysops
Global temporary account IP viewers
New wikis importers
Ombuds
Recursive export
Staff
Stewards
System administrators
U4C members
VRT permissions agents
wmf-email-block-override
WMF researchers
Links in
italic
are separate account statuses that are not assigned through user groups.
See also:
Wikimedia user groups
Retrieved from "
Categories
User groups that require two-factor authentication
User groups
Global user groups
Wikimedia servers administration
MediaWiki Development
System administrators
Add topic