Date: Mon, 2 Jun 2003 15:53:29 +0200 From: Cejka Rudolf <cejkar@fit.vutbr.cz> To: Scott Long <scott_long@btc.adaptec.com> Cc: hubs@freebsd.org Subject: Re: Coordinating and distributing the release Message-ID: <20030602135329.GA57126@fit.vutbr.cz> In-Reply-To: <3ED8C082.1080405@btc.adaptec.com> References: <3ED8C082.1080405@btc.adaptec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott Long wrote (2003/05/31):
> After 5.0 we discussed ways to coordinate the release so that iso images
> could fully propogate to the mirrors before before they were available
> to the public. However, I'm not sure if a decision was ever made. Is
> this still a reasonable goal? Can it be done using unix file
> permissions?
Hello, I think that it would be great thing, too. However, there are
some issues with permissions. Imagine ftp-master.cz on the way
ftp-master =cvsup=> ftp-master.cz =rsync/cvsup=> ftp.cz with some
security considerations, where I want that service server (cvsupd
or rsync --daemon) could not in any case overwrite or corrupt data
storage maintained by cvsup client mirroring from ftp-master.
There are rw-rw-r-- permissions on ftp-master. Cvsup can just exactly
mirror the permissions (if not, please correct me! - rsync is probably
the same category), so I have on ftp-master.cz rw-rw-r-- too and I have
to use different user and different group for cvsupd/rsync --daemon,
than for cvsup client mirroring from ftp-master. In this case,
chmod o-rx and/or chmod go-rx on ftp-master means, that ftp-master.cz
can (I hope :o) still download files, but it is impossible to service
them to the primary ftp servers.
If there are rw-r--r-- permissions, which are probably unacceptable
on ftp-master, or if there is possibility to reduce permissions from
rw-rw-r-- to rw-r--r-- with cvsup (rsync) method, I can have rw-r--r--
on ftp-master.cz, so I can have different users for cvsup client and
cvsupd/rsync --daemon and just one common group, so permissions for
others are free subject to change, how to control access to the files
on the Tier-1 mirrors, when they are configured in the way, that ftp/...
service servers can give files just in case there is o=r bit set.
> If so, how do we propagate out the file permission change
> quickly?
I think there is just one safe way without some push-programming
(ftp-master sends some information, that mirrors would start
mirroring): Say, that permissions are released at exact time,
so everybody can plan start of mirror update process. Or do
you want self-updating cvsup mirroring chain, where one of files
is repeatedly executed on mirror sites? ... :o)
PS: Maybe it would help, when umask=n is not ignored in preserve case:
umask=n Causes cvsup to use a umask value of n (an octal number) when
updating the files in the collection. This option is ignored
if preserve is specified.
???
--
Rudolf Cejka <cejkar at fit.vutbr.cz> http://www.fit.vutbr.cz/~cejkar
Brno University of Technology, Faculty of Information Technology
Bozetechova 2, 612 66 Brno, Czech Republic
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030602135329.GA57126>