rawhide, /mnt/koji and /pub/fedora

Mike McGrath mmcgrath at redhat.com
Thu Aug 28 15:13:33 UTC 2008


On Thu, 28 Aug 2008, Seth Vidal wrote:

> On Thu, 2008-08-28 at 08:42 -0500, Mike McGrath wrote:
> > On Wed, 27 Aug 2008, Jesse Keating wrote:
> >
> > > So I realized something last night.  We created a user "masher" to have
> > > the ability to write to /mnt/koji/mash/ but not any of the other koji
> > > space.  This is useful to prevent too much damage from a horribly wrong
> > > rawhide compose.  To make things easier in the rawhide compose configs,
> > > we decided to run the cron/scripts as the masher user.  This is also
> > > good because it means things run unprivileged.  However I ran into a
> > > snag.  We have another user, 'ftpsync' that has write access
> > > to /pub/fedora/.  Previously the rawhide script was ran as root, and
> > > thus it was no problem to su ftpsync for the rsync calls.  The masher
> > > user does not possess the capability of doing this.
> > >
> > > Since the ftpsync user is only really used to sync data onto the Fedora
> > > netapp, I propose that we collapse ftpsync and masher into one user
> > > (masher).  It'll require minimal puppet changes, mostly just moving some
> > > cron jobs from ftpsync over to masher.  It will require UID changes,
> > > either changing masher to the ftpsync UID (which breaks our new range we
> > > just setup), or chmodding some stuff on the Fedora netapp and changing
> > > what UID has write access there.
> > >
> > > For now, I'm syncing rawhide by hand.
> > >
> > > Comments?
> >
> > Fine by me.  ftpsync isn't really one of ours anyway :)
> >
>
> it and masher are, however, names that need to get added to the banlist
> in fas, I think.
>

Anyone care to think of a less manual way of doing this?

	-Mike




More information about the Fedora-infrastructure-list mailing list