Coordinating and distributing the release

Cejka Rudolf cejkar at fit.vutbr.cz
Mon Jun 2 06:53:38 PDT 2003


Scott Long wrote (2003/05/31):
> After 5.0 we discussed ways to coordinate the release so that iso images
> could fully propogate to the mirrors before before they were available
> to the public.  However, I'm not sure if a decision was ever made.  Is
> this still a reasonable goal?  Can it be done using unix file
> permissions?

Hello, I think that it would be great thing, too. However, there are
some issues with permissions. Imagine ftp-master.cz on the way
ftp-master =cvsup=> ftp-master.cz =rsync/cvsup=> ftp.cz with some
security considerations, where I want that service server (cvsupd
or rsync --daemon) could not in any case overwrite or corrupt data
storage maintained by cvsup client mirroring from ftp-master.

There are rw-rw-r-- permissions on ftp-master. Cvsup can just exactly
mirror the permissions (if not, please correct me! - rsync is probably
the same category), so I have on ftp-master.cz rw-rw-r-- too and I have
to use different user and different group for cvsupd/rsync --daemon,
than for cvsup client mirroring from ftp-master. In this case,
chmod o-rx and/or chmod go-rx on ftp-master means, that ftp-master.cz
can (I hope :o) still download files, but it is impossible to service
them to the primary ftp servers.

If there are rw-r--r-- permissions, which are probably unacceptable
on ftp-master, or if there is possibility to reduce permissions from
rw-rw-r-- to rw-r--r-- with cvsup (rsync) method, I can have rw-r--r--
on ftp-master.cz, so I can have different users for cvsup client and
cvsupd/rsync --daemon and just one common group, so permissions for
others are free subject to change, how to control access to the files
on the Tier-1 mirrors, when they are configured in the way, that ftp/...
service servers can give files just in case there is o=r bit set.

> If so, how do we propagate out the file permission change
> quickly?

I think there is just one safe way without some push-programming
(ftp-master sends some information, that mirrors would start
mirroring): Say, that permissions are released at exact time,
so everybody can plan start of mirror update process. Or do
you want self-updating cvsup mirroring chain, where one of files
is repeatedly executed on mirror sites? ... :o)

PS: Maybe it would help, when umask=n is not ignored in preserve case:
umask=n Causes cvsup to use a umask value of n (an octal number) when
        updating the files in the collection.  This option is ignored
        if preserve is specified.
???

-- 
Rudolf Cejka <cejkar at fit.vutbr.cz> http://www.fit.vutbr.cz/~cejkar
Brno University of Technology, Faculty of Information Technology
Bozetechova 2, 612 66  Brno, Czech Republic


More information about the freebsd-hubs mailing list