Date: Mon, 2 Jun 2003 15:53:29 +0200 From: Cejka Rudolf <cejkar@fit.vutbr.cz> To: Scott Long <scott_long@btc.adaptec.com> Cc: hubs@freebsd.org Subject: Re: Coordinating and distributing the release Message-ID: <20030602135329.GA57126@fit.vutbr.cz> In-Reply-To: <3ED8C082.1080405@btc.adaptec.com> References: <3ED8C082.1080405@btc.adaptec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott Long wrote (2003/05/31): > After 5.0 we discussed ways to coordinate the release so that iso images > could fully propogate to the mirrors before before they were available > to the public. However, I'm not sure if a decision was ever made. Is > this still a reasonable goal? Can it be done using unix file > permissions? Hello, I think that it would be great thing, too. However, there are some issues with permissions. Imagine ftp-master.cz on the way ftp-master =cvsup=> ftp-master.cz =rsync/cvsup=> ftp.cz with some security considerations, where I want that service server (cvsupd or rsync --daemon) could not in any case overwrite or corrupt data storage maintained by cvsup client mirroring from ftp-master. There are rw-rw-r-- permissions on ftp-master. Cvsup can just exactly mirror the permissions (if not, please correct me! - rsync is probably the same category), so I have on ftp-master.cz rw-rw-r-- too and I have to use different user and different group for cvsupd/rsync --daemon, than for cvsup client mirroring from ftp-master. In this case, chmod o-rx and/or chmod go-rx on ftp-master means, that ftp-master.cz can (I hope :o) still download files, but it is impossible to service them to the primary ftp servers. If there are rw-r--r-- permissions, which are probably unacceptable on ftp-master, or if there is possibility to reduce permissions from rw-rw-r-- to rw-r--r-- with cvsup (rsync) method, I can have rw-r--r-- on ftp-master.cz, so I can have different users for cvsup client and cvsupd/rsync --daemon and just one common group, so permissions for others are free subject to change, how to control access to the files on the Tier-1 mirrors, when they are configured in the way, that ftp/... service servers can give files just in case there is o=r bit set. > If so, how do we propagate out the file permission change > quickly? I think there is just one safe way without some push-programming (ftp-master sends some information, that mirrors would start mirroring): Say, that permissions are released at exact time, so everybody can plan start of mirror update process. Or do you want self-updating cvsup mirroring chain, where one of files is repeatedly executed on mirror sites? ... :o) PS: Maybe it would help, when umask=n is not ignored in preserve case: umask=n Causes cvsup to use a umask value of n (an octal number) when updating the files in the collection. This option is ignored if preserve is specified. ??? -- Rudolf Cejka <cejkar at fit.vutbr.cz> http://www.fit.vutbr.cz/~cejkar Brno University of Technology, Faculty of Information Technology Bozetechova 2, 612 66 Brno, Czech Republic
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030602135329.GA57126>