[Box-Admins] Granting 'webteam' rights on files.squeak.org
Tobias Pape
Das.Linux at gmx.de
Tue Aug 2 08:29:36 UTC 2016
Dear all
I have given the 'webteam' account rights on the files.squeak.org files
so that the webteam can update things there during the release process.
In this course, I have moved the files for files.squeak.org out of the
box2 chroot environment to the proper box4 environment.
Here's the transcript of actions (from ~root/admin-log.txt)
Best regards
-Tobias
Make the webteam able to access the files... files
1. Move files from the zombie-box to the real one.
Find out whether we have to worry about user name aliasing.
root at squeak-box4:~# find /srv/box2/var/www/files/ -exec stat -c %g {} \+ | sort | uniq| while read uid ; do chroot /srv/box2 /usr/bin/getent group $uid; done
root:x:0:
etoys:x:1002:
website:x:1004:
exupery:x:1011:
debian:x:1014:
updates:x:1015:
hydravm:x:1020:
chriscunnington:x:1029:
root at squeak-box4:~# find /srv/box2/var/www/files/ -exec stat -c %g {} \+ | sort | uniq| while read uid ; do chroot /srv/box2 /usr/bin/getent group $uid; done | cut -d: -f1 | while read ngid; do getent group $ngid; done
root:x:0:
website:x:1010:webteam
chriscunnington:x:1002:
Ok, save for chris, none of the old users exists, were obviously not able to login for years and are obsolete. So its safe to not care and push everything to website. These are the 'root' files:
root at squeak-box4:~# find /srv/box2/var/www/files/ -user 0
/srv/box2/var/www/files/3.10/.tmp/Squeak3.10-7159-basic.image
/srv/box2/var/www/files/3.10/.tmp/Squeak3.10-7159-basic.changes
/srv/box2/var/www/files/4.2/4.3
/srv/box2/var/www/files/4.0/unix-linux/SqueakV40.sources.gz
/srv/box2/var/www/files/4.0/SqueakV40.sources.gz
These are obviously root-owned in error. Hence, all files will now be owned by 'website'
root at squeak-box4:~# mv /srv/box2/var/www/files /var/www/files.squeak.org
root at squeak-box4:~# chown -R website:website /var/www/files.squeak.org
root at squeak-box4:~# find /var/www/files.squeak.org -exec stat -c %U {} \+ | sort | uniq
website
See whether some absolute links need to be fixed:
# find /var/www/files.squeak.org -type l -ls | grep ' -> /'
791939 0 lrwxrwxrwx 1 website website 52 Apr 12 2008 /var/www/files.squeak.org/3.10alpha/win/SqueakVM-Win32-3.10.6-bin.zip -> /var/www/files/3.9/win/SqueakVM-Win32-3.10.6-bin.zip
791936 0 lrwxrwxrwx 1 website website 39 Apr 12 2008 /var/www/files.squeak.org/3.10alpha/SqueakV39.sources.gz -> /var/www/files/3.9/SqueakV39.sources.gz
791895 0 lrwxrwxrwx 1 website website 52 May 9 2008 /var/www/files.squeak.org/3.10/win/SqueakVM-Win32-3.10.6-bin.zip -> /var/www/files/3.9/win/SqueakVM-Win32-3.10.6-bin.zip
791892 0 lrwxrwxrwx 1 website website 39 May 9 2008 /var/www/files.squeak.org/3.10/SqueakV39.sources.gz -> /var/www/files/3.9/SqueakV39.sources.gz
Yes. I fixed them manually
Now adapt nginx:
root at squeak-box4:~# vi /etc/nginx/sites-available/files.squeak.org.conf
# /srv/box2/var/www/files -> /var/www/files.squeak.org
And reload it
root at squeak-box4:~# invoke-rc.d nginx reload
[ ok ] Reloading nginx: nginx.
2. Grant access to webteam
Let the webteam be part of the website group
root at squeak-box4:~# adduser webteam website
Make sure the website group (incl, webteam) can write.
root at squeak-box4:~# chmod -R g+w /var/www/files.squeak.org
Make sure that _when_ webteam writes, the website _group_ is retained
root at squeak-box4:~# find /var/www/files.squeak.org -type d -exec chmod u+s,g+s {} \+
That's all folks
More information about the Box-Admins
mailing list