Dear all
I have given the 'webteam' account rights on the files.squeak.org files so that the webteam can update things there during the release process. In this course, I have moved the files for files.squeak.org out of the box2 chroot environment to the proper box4 environment.
Here's the transcript of actions (from ~root/admin-log.txt)
Best regards -Tobias
Make the webteam able to access the files... files 1. Move files from the zombie-box to the real one. Find out whether we have to worry about user name aliasing.
root@squeak-box4:~# find /srv/box2/var/www/files/ -exec stat -c %g {} + | sort | uniq| while read uid ; do chroot /srv/box2 /usr/bin/getent group $uid; done root:x:0: etoys:x:1002: website:x:1004: exupery:x:1011: debian:x:1014: updates:x:1015: hydravm:x:1020: chriscunnington:x:1029:
root@squeak-box4:~# find /srv/box2/var/www/files/ -exec stat -c %g {} + | sort | uniq| while read uid ; do chroot /srv/box2 /usr/bin/getent group $uid; done | cut -d: -f1 | while read ngid; do getent group $ngid; done root:x:0: website:x:1010:webteam chriscunnington:x:1002:
Ok, save for chris, none of the old users exists, were obviously not able to login for years and are obsolete. So its safe to not care and push everything to website. These are the 'root' files:
root@squeak-box4:~# find /srv/box2/var/www/files/ -user 0 /srv/box2/var/www/files/3.10/.tmp/Squeak3.10-7159-basic.image /srv/box2/var/www/files/3.10/.tmp/Squeak3.10-7159-basic.changes /srv/box2/var/www/files/4.2/4.3 /srv/box2/var/www/files/4.0/unix-linux/SqueakV40.sources.gz /srv/box2/var/www/files/4.0/SqueakV40.sources.gz
These are obviously root-owned in error. Hence, all files will now be owned by 'website'
root@squeak-box4:~# mv /srv/box2/var/www/files /var/www/files.squeak.org root@squeak-box4:~# chown -R website:website /var/www/files.squeak.org root@squeak-box4:~# find /var/www/files.squeak.org -exec stat -c %U {} + | sort | uniq website
See whether some absolute links need to be fixed:
# find /var/www/files.squeak.org -type l -ls | grep ' -> /' 791939 0 lrwxrwxrwx 1 website website 52 Apr 12 2008 /var/www/files.squeak.org/3.10alpha/win/SqueakVM-Win32-3.10.6-bin.zip -> /var/www/files/3.9/win/SqueakVM-Win32-3.10.6-bin.zip 791936 0 lrwxrwxrwx 1 website website 39 Apr 12 2008 /var/www/files.squeak.org/3.10alpha/SqueakV39.sources.gz -> /var/www/files/3.9/SqueakV39.sources.gz 791895 0 lrwxrwxrwx 1 website website 52 May 9 2008 /var/www/files.squeak.org/3.10/win/SqueakVM-Win32-3.10.6-bin.zip -> /var/www/files/3.9/win/SqueakVM-Win32-3.10.6-bin.zip 791892 0 lrwxrwxrwx 1 website website 39 May 9 2008 /var/www/files.squeak.org/3.10/SqueakV39.sources.gz -> /var/www/files/3.9/SqueakV39.sources.gz
Yes. I fixed them manually Now adapt nginx:
root@squeak-box4:~# vi /etc/nginx/sites-available/files.squeak.org.conf # /srv/box2/var/www/files -> /var/www/files.squeak.org
And reload it
root@squeak-box4:~# invoke-rc.d nginx reload [ ok ] Reloading nginx: nginx.
2. Grant access to webteam Let the webteam be part of the website group
root@squeak-box4:~# adduser webteam website
Make sure the website group (incl, webteam) can write.
root@squeak-box4:~# chmod -R g+w /var/www/files.squeak.org
Make sure that _when_ webteam writes, the website _group_ is retained
root@squeak-box4:~# find /var/www/files.squeak.org -type d -exec chmod u+s,g+s {} +
That's all folks