rawhide, /mnt/koji and /pub/fedora

Jesse Keating jkeating at redhat.com
Thu Aug 28 04:44:02 UTC 2008


So I realized something last night.  We created a user "masher" to have
the ability to write to /mnt/koji/mash/ but not any of the other koji
space.  This is useful to prevent too much damage from a horribly wrong
rawhide compose.  To make things easier in the rawhide compose configs,
we decided to run the cron/scripts as the masher user.  This is also
good because it means things run unprivileged.  However I ran into a
snag.  We have another user, 'ftpsync' that has write access
to /pub/fedora/.  Previously the rawhide script was ran as root, and
thus it was no problem to su ftpsync for the rsync calls.  The masher
user does not possess the capability of doing this.

Since the ftpsync user is only really used to sync data onto the Fedora
netapp, I propose that we collapse ftpsync and masher into one user
(masher).  It'll require minimal puppet changes, mostly just moving some
cron jobs from ftpsync over to masher.  It will require UID changes,
either changing masher to the ftpsync UID (which breaks our new range we
just setup), or chmodding some stuff on the Fedora netapp and changing
what UID has write access there.

For now, I'm syncing rawhide by hand.

Comments?
-- 
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080827/17737878/attachment.sig>


More information about the Fedora-infrastructure-list mailing list