From owner-freebsd-hubs@FreeBSD.ORG Mon Jun 2 06:53:37 2003 Return-Path: Delivered-To: freebsd-hubs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C851737B401; Mon, 2 Jun 2003 06:53:37 -0700 (PDT) Received: from kazi.fit.vutbr.cz (kazi.fit.vutbr.cz [147.229.8.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 525E843F93; Mon, 2 Jun 2003 06:53:36 -0700 (PDT) (envelope-from cejkar@fit.vutbr.cz) Received: from kazi.fit.vutbr.cz (localhost [127.0.0.1]) by kazi.fit.vutbr.cz (8.12.9/8.12.9) with ESMTP id h52DrUN9062969 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 2 Jun 2003 15:53:30 +0200 (CEST) Received: (from cejkar@localhost) by kazi.fit.vutbr.cz (8.12.9/8.12.5/Submit) id h52DrTYu062962; Mon, 2 Jun 2003 15:53:29 +0200 (CEST) X-Authentication-Warning: kazi.fit.vutbr.cz: cejkar set sender to cejkar@fit.vutbr.cz using -f Date: Mon, 2 Jun 2003 15:53:29 +0200 From: Cejka Rudolf To: Scott Long Message-ID: <20030602135329.GA57126@fit.vutbr.cz> References: <3ED8C082.1080405@btc.adaptec.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3ED8C082.1080405@btc.adaptec.com> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.16 (www . roaringpenguin . com / mimedefang) cc: re@freebsd.org cc: hubs@freebsd.org Subject: Re: Coordinating and distributing the release X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Distributions Hubs: mail sup ftp List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 13:53:38 -0000 Scott Long wrote (2003/05/31): > After 5.0 we discussed ways to coordinate the release so that iso images > could fully propogate to the mirrors before before they were available > to the public. However, I'm not sure if a decision was ever made. Is > this still a reasonable goal? Can it be done using unix file > permissions? Hello, I think that it would be great thing, too. However, there are some issues with permissions. Imagine ftp-master.cz on the way ftp-master =cvsup=> ftp-master.cz =rsync/cvsup=> ftp.cz with some security considerations, where I want that service server (cvsupd or rsync --daemon) could not in any case overwrite or corrupt data storage maintained by cvsup client mirroring from ftp-master. There are rw-rw-r-- permissions on ftp-master. Cvsup can just exactly mirror the permissions (if not, please correct me! - rsync is probably the same category), so I have on ftp-master.cz rw-rw-r-- too and I have to use different user and different group for cvsupd/rsync --daemon, than for cvsup client mirroring from ftp-master. In this case, chmod o-rx and/or chmod go-rx on ftp-master means, that ftp-master.cz can (I hope :o) still download files, but it is impossible to service them to the primary ftp servers. If there are rw-r--r-- permissions, which are probably unacceptable on ftp-master, or if there is possibility to reduce permissions from rw-rw-r-- to rw-r--r-- with cvsup (rsync) method, I can have rw-r--r-- on ftp-master.cz, so I can have different users for cvsup client and cvsupd/rsync --daemon and just one common group, so permissions for others are free subject to change, how to control access to the files on the Tier-1 mirrors, when they are configured in the way, that ftp/... service servers can give files just in case there is o=r bit set. > If so, how do we propagate out the file permission change > quickly? I think there is just one safe way without some push-programming (ftp-master sends some information, that mirrors would start mirroring): Say, that permissions are released at exact time, so everybody can plan start of mirror update process. Or do you want self-updating cvsup mirroring chain, where one of files is repeatedly executed on mirror sites? ... :o) PS: Maybe it would help, when umask=n is not ignored in preserve case: umask=n Causes cvsup to use a umask value of n (an octal number) when updating the files in the collection. This option is ignored if preserve is specified. ??? -- Rudolf Cejka http://www.fit.vutbr.cz/~cejkar Brno University of Technology, Faculty of Information Technology Bozetechova 2, 612 66 Brno, Czech Republic