On Thu, 28 Aug 2008, Seth Vidal wrote:
On Thu, 2008-08-28 at 08:42 -0500, Mike McGrath wrote:
> On Wed, 27 Aug 2008, Jesse Keating wrote:
>
> > So I realized something last night. We created a user "masher" to
have
> > the ability to write to /mnt/koji/mash/ but not any of the other koji
> > space. This is useful to prevent too much damage from a horribly wrong
> > rawhide compose. To make things easier in the rawhide compose configs,
> > we decided to run the cron/scripts as the masher user. This is also
> > good because it means things run unprivileged. However I ran into a
> > snag. We have another user, 'ftpsync' that has write access
> > to /pub/fedora/. Previously the rawhide script was ran as root, and
> > thus it was no problem to su ftpsync for the rsync calls. The masher
> > user does not possess the capability of doing this.
> >
> > Since the ftpsync user is only really used to sync data onto the Fedora
> > netapp, I propose that we collapse ftpsync and masher into one user
> > (masher). It'll require minimal puppet changes, mostly just moving some
> > cron jobs from ftpsync over to masher. It will require UID changes,
> > either changing masher to the ftpsync UID (which breaks our new range we
> > just setup), or chmodding some stuff on the Fedora netapp and changing
> > what UID has write access there.
> >
> > For now, I'm syncing rawhide by hand.
> >
> > Comments?
>
> Fine by me. ftpsync isn't really one of ours anyway :)
>
it and masher are, however, names that need to get added to the banlist
in fas, I think.
Anyone care to think of a less manual way of doing this?
-Mike