[Bug 1208] Permissions on ftp.rtems.org are broken

rtems-bugs at rtems.org rtems-bugs at rtems.org
Mon Jan 8 19:18:46 UTC 2007


------- Comment #3 from joel.sherrill at oarcorp.com  2007-01-08 13:18 -------
(In reply to comment #2)
> (In reply to comment #1)
> > Joel and I changed
> Interesting, Mr. Mayes writing as "joel"
> > all directories under /pub/rtems to be group writeable.
> > That seems to be necessary.  We have three questions:
> > 
> > + Should all regular files be group writeable?
> Somewhat oversimplified: yes.

OK.  I have changed everything to group writeable under

> More precisely: All files being processed by the scripts being used to setup
> the repos be writable/deletable/modifiable by
> the person (release manager) running theses tools (createrepo and my
> release-scripts).
> I.e. if we want to share maintainership, instead of proclaiming a sole
> individual release manager, all *.rpm must be group-deleteable and repodata/*
> and .cache/* files must be group-writable/deleteable/modificable.

And we all have to be in the same group and they have to be created
as group writeable.  That's the umask part -- details below.

> > + What owner/group should the files have?  We now have at least root.ftp,
> > ftp.ftp, and ralfcorsepius.users.  
> IMO, best would be to have another, dedicated group, because I would suspect 
> group "ftp" to be special to vsftpd.

I don't know but it is easily possible to add the necessary people to another 
rtems ftp specific group.  The problem is that it should be the "effective"
group when ftp site maintenance is performed.

> > + Is there some point during ftp site maintenance at which the umask should
> > include group writeable?
> Probably, but I am not sure what you have in mind to apply this.

I think that the script driving the updates needs to:

umask 005
newgrp ftp

That way the files will be created as belonging to the ftp group and being
group writeable  ------ OR -----

After uploading or doing any operation on the ftp site, the files changed by
the process must be chmod/chgrp to be group writeable and ftp group.  

It seems easier to change umask and effective group before the copy.

> > It seems like when uploads or the yum repository
> > scripts are run, you want the output to be group ftp and group writeable?
> Yes.

The problem to me is that it looks tedious to get to the alternate groups you
are a member of.  And if you are doing this on england, then we have to have
the same groups on it.

Which way do you think is best to solve this?  I lean to umask/newgrp setting
things as expected in the script before they do anything.


Configure bugmail: http://www.rtems.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the bugs mailing list