I was unable to create a "4.5" directory as the "updates" user on box2. Owner and Group permission for the "files" directory (rwxr x r x) belonged to "website".
In fact, website does not need write access, just read. "updates" needs write access.
So I gave ownership of "files" to the "updates" user. website still has group.
- Chris
On 02/25/2014 01:22 PM, Chris Muller wrote:
I was unable to create a "4.5" directory as the "updates" user on box2. Owner and Group permission for the "files" directory (rwxr x r x) belonged to "website".
In fact, website does not need write access, just read. "updates" needs write access.
So I gave ownership of "files" to the "updates" user. website still has group.
- Chris
While it can certainly be changed the management of the FTP site aka Files was assigned to the webteam which had control of the website account and could divvy out access to team members as needed. When this failed, anyone with access to the root account (now sudo access) can always step in.
The practice in the past was for someone with either website or superuser access to create a new directory for the release and give updates write access to it.
Ken
Okay. I may not be clear on what the exact role of each user/group is supposed to play. Is website an account only for what the squeak.org _web server_ needs? Or is it an account for web-team members to put out the files to support the web-site?
Would there be a security advantage for the web-site to run under an account that does not have write-access to anything it doesn't need..?
On Tue, Feb 25, 2014 at 1:29 PM, Ken Causey ken@kencausey.com wrote:
On 02/25/2014 01:22 PM, Chris Muller wrote:
I was unable to create a "4.5" directory as the "updates" user on box2. Owner and Group permission for the "files" directory (rwxr x r x) belonged to "website".
In fact, website does not need write access, just read. "updates" needs write access.
So I gave ownership of "files" to the "updates" user. website still has group.
- Chris
While it can certainly be changed the management of the FTP site aka Files was assigned to the webteam which had control of the website account and could divvy out access to team members as needed. When this failed, anyone with access to the root account (now sudo access) can always step in.
The practice in the past was for someone with either website or superuser access to create a new directory for the release and give updates write access to it.
Ken
On 02/25/2014 01:37 PM, Chris Muller wrote:
Okay. I may not be clear on what the exact role of each user/group is supposed to play. Is website an account only for what the squeak.org _web server_ needs? Or is it an account for web-team members to put out the files to support the web-site?
Would there be a security advantage for the web-site to run under an account that does not have write-access to anything it doesn't need..?
Yes it would be. Ideally we should have been maintaining checksums for all the FTP files as well. Care to work on that?
Ken
On Tue, Feb 25, 2014 at 1:29 PM, Ken Causey ken@kencausey.com wrote:
On 02/25/2014 01:22 PM, Chris Muller wrote:
I was unable to create a "4.5" directory as the "updates" user on box2. Owner and Group permission for the "files" directory (rwxr x r x) belonged to "website".
In fact, website does not need write access, just read. "updates" needs write access.
So I gave ownership of "files" to the "updates" user. website still has group.
- Chris
While it can certainly be changed the management of the FTP site aka Files was assigned to the webteam which had control of the website account and could divvy out access to team members as needed. When this failed, anyone with access to the root account (now sudo access) can always step in.
The practice in the past was for someone with either website or superuser access to create a new directory for the release and give updates write access to it.
Ken
box-admins@lists.squeakfoundation.org