rawhide, /mnt/koji and /pub/fedora
Mike McGrath
mmcgrath at redhat.com
Thu Aug 28 15:13:33 UTC 2008
On Thu, 28 Aug 2008, Seth Vidal wrote:
> On Thu, 2008-08-28 at 08:42 -0500, Mike McGrath wrote:
> > On Wed, 27 Aug 2008, Jesse Keating wrote:
> >
> > > So I realized something last night. We created a user "masher" to have
> > > the ability to write to /mnt/koji/mash/ but not any of the other koji
> > > space. This is useful to prevent too much damage from a horribly wrong
> > > rawhide compose. To make things easier in the rawhide compose configs,
> > > we decided to run the cron/scripts as the masher user. This is also
> > > good because it means things run unprivileged. However I ran into a
> > > snag. We have another user, 'ftpsync' that has write access
> > > to /pub/fedora/. Previously the rawhide script was ran as root, and
> > > thus it was no problem to su ftpsync for the rsync calls. The masher
> > > user does not possess the capability of doing this.
> > >
> > > Since the ftpsync user is only really used to sync data onto the Fedora
> > > netapp, I propose that we collapse ftpsync and masher into one user
> > > (masher). It'll require minimal puppet changes, mostly just moving some
> > > cron jobs from ftpsync over to masher. It will require UID changes,
> > > either changing masher to the ftpsync UID (which breaks our new range we
> > > just setup), or chmodding some stuff on the Fedora netapp and changing
> > > what UID has write access there.
> > >
> > > For now, I'm syncing rawhide by hand.
> > >
> > > Comments?
> >
> > Fine by me. ftpsync isn't really one of ours anyway :)
> >
>
> it and masher are, however, names that need to get added to the banlist
> in fas, I think.
>
Anyone care to think of a less manual way of doing this?
-Mike
More information about the Fedora-infrastructure-list
mailing list