You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mirrors@apache.org by "Henk P. Penning" <he...@cs.uu.nl> on 2011/06/21 10:51:40 UTC
permission problems ? here's how to fix your set-up
On Tue, 21 Jun 2011, Jaco Lesch wrote:
> Date: Tue, 21 Jun 2011 09:35:37 +0200
> From: Jaco Lesch <ja...@saix.net>
> To: mirrors@apache.org
> Cc: Gavin McDonald <ga...@16degrees.com.au>
> Subject: Re: [Important] - Some mirrors are incomplete,
> please fix or be removed.
>
> Hi All
>
> The permission set was set as follows:
> drwx--S--- 2 miradmin ftp 8 Jun 7 21:28 subversion/
>
> This has now been fixed and working.
Hi all,
Please see the updated 'how-to-mirror' :
http://www.apache.org/info/how-to-mirror.html
Two things changed ;
1. Rsync options ; please use :
rsync -avz --delete --safe symlinks ...
2. Umask setting : please put a 'umask 022' in your cronjob ; change
MIN HR * * * rsync ....
into
MIN HR * * * umask 022 ; rsync ....
The 'umask 022' makes sure that permissions are by default :
drwxr-xr-x for directories
-rw-r--r-- for files
With this setup, 'rsync' will set the right permissions,
and even fix existing problems.
To check your current set-up, look at your archive :
cd /path_to_apache_archive
ls -la
ls -la subversion
If you see files or directories with permissions like
drwx------ for directories
-rw------- for files
then please, fix your set-up. Thanks for all your support.
If you have any remarks, questions etc, please don't hesitate
to mail me (on-list or off-list).
Regards,
Henk Penning -- apache.org infra
> Regards
>
> On 16/06/2011 23:54, Gavin McDonald wrote:
>> Hi All,
>>
>> Below is a list of mirrors that are purposely excluding the 'Subversion'
>> distribution area from their mirrors.
>>
>> Please note that this 'Subversion' directory belongs to the Apache
>> Subversion project and contains official
>> releases from the ASF.
>>
>> Please rectify this issue right away if you are a mirror listed below.
>>
>> This list will be checked and amended again in 3 days at which time the next
>> step will be to email the maintainers
>> of the mirrors directly. If no response after a further 3 days; then any
>> non-compliant mirrors will be removed.
>>
>> Thanks and thanks to all who are compliant and continuing to do an excellent
>> job.!
>>
>> Gav...
>>
>> ASF Infra team
>>
>> List of non-compliant mirrors:
>>
>>
>> Here is a list of mirrors that currently have problems with the subversion
>> directory:
>>
>> HTTP Sites:
>>
>> http://apache.mirror.aussiehq.net.au/subversion - FAIL: '403 Forbidden'
>> http://apache.cbox.biz/subversion - FAIL: '403 Forbidden'
>> http://apache.igor.onlinedirect.bg/subversion - FAIL: '403 Forbidden'
>> http://apache.xenvps.us/subversion - FAIL: '403 Forbidden'
>> http://apache.mirror.testserver.li/subversion - FAIL: '403 Forbidden'
>> http://ftp.fernuni-hagen.de/ftp-dir/pub/mirrors/www.apache.org/subversion -
>> FAIL: '403 Forbidden'
>> http://apache.mirror.digionline.de/subversion - FAIL: '403 Forbidden'
>> http://apache.abdaal.com/subversion - FAIL: '403 Forbidden'
>> http://mirrors.dotsrc.org/apache/subversion - FAIL: '403 Forbidden'
>> http://apache.ntua.gr/subversion - FAIL: '403 Forbidden'
>> http://xenia.sote.hu/ftp/mirrors/www.apache.org/subversion - FAIL: '403
>> Forbidden'
>> http://apache.mirrors.enexis.hu/subversion - FAIL: '403 Forbidden'
>> http://apache.itislinux.com/subversion - FAIL: '404 Not Found'
>> http://apache.linux.edu.lv/subversion - FAIL: '403 Forbidden'
>> http://apache.mirrors.webazilla.nl/subversion - FAIL: '403 Forbidden'
>> http://apache.hippo.nl/subversion - FAIL: '403 Forbidden'
>> http://mirror.hostfuss.com/apache/subversion - FAIL: '403 Forbidden'
>> http://apache.uib.no/subversion - FAIL: '403 Forbidden'
>> http://mirrors.fe.up.pt/pub/apache/subversion - FAIL: '403 Forbidden'
>> http://apache.phphosts.org/subversion - FAIL: '403 Forbidden'
>> http://mirrors.dedipower.com/ftp.apache.org/subversion - FAIL: '403
>> Forbidden'
>> http://mirror.fubra.com/ftp.apache.org/subversion - FAIL: '403 Forbidden'
>> http://mirrors.ukfast.co.uk/sites/ftp.apache.org/subversion - FAIL: '403
>> Forbidden'
>> http://apache.mirror.anlx.net/subversion - FAIL: '403 Forbidden'
>> http://apache.mirror.rbftpnetworks.com/subversion - FAIL: '403 Forbidden'
>> http://mirrors.enquira.co.uk/apache/subversion - FAIL: '404 Not Found'
>> http://mirror.lividpenguin.com/pub/apache/subversion - FAIL: '403 Forbidden'
>> http://apache.imghat.com/subversion - FAIL: '404 Not Found'
>> http://download.filehat.com/apache/subversion - FAIL: '404 Not Found'
>> http://apache.saix.net/subversion - FAIL: '403 Forbidden'
>>
>> FTP Sites:
>>
>> ftp.ntua.gr/pub/www/apache/subversion - FAIL - CWD subversion: Failed to
>> change directory.
>> xenia.sote.hu/pub/mirrors/www.apache.org/subversion - FAIL - CWD
>> subversion: Failed to change directory.
>> apache.mirrors.enexis.hu/mirrors/apache/subversion - FAIL - CWD subversion:
>> Can't change directory to subversion: Permission denied
>> mirror.hostfuss.com/apache/subversion - FAIL - CWD subversion: Can't change
>> directory to subversion: Permission denied
>> apache.uib.no/pub/apache/subversion - FAIL - CWD subversion: Failed to
>> change directory.
>> mirrors.fe.up.pt/pub/apache/subversion - FAIL - CWD subversion: Failed to
>> change directory.
>> mirrors.dedipower.com/ftp.apache.org/subversion - FAIL - CWD subversion:
>> Failed to change directory.
>>
>>
>>
>
> --
> ---
> Jaco Lesch
> SAIX HLS
> Email: jacol@saix.net
>
>
>
--------------------------------------------------------- _
Henk P. Penning, ICT-beta R Uithof WISK-412 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://people.cs.uu.nl/henkp/ M penning@cs.uu.nl \_/
Re: permission problems ? here's how to fix your set-up
Posted by Carsten Otto <ot...@informatik.rwth-aachen.de>.
Hi,
On Tue, Jun 21, 2011 at 11:57:14AM +0200, Henk P. Penning wrote:
> > Instead of changing
> >the (well-established) setup on the individual mirrors, please first
> >take care that the official apache mirrors use the intended settings -
> >we then just copy this and everything is fine.
>
> ... not if your cronjob runs with 'umask 077', as it often does.
... and not if the file system does not support long file names
... and not if the storage backend garbles information
... and not if the webserver serving the data back does strange things
There are many reasons for errors. In our case everything _is_ fine, but
you demand that - nevertheless - we change our behaviour. If you want
certain permissions, set them on your own server. If you see a mirror
that does not offer the permissions you want them to offer (which is
defined by the master mirror, not your mail!), tell them (e.g. by
dropping wrong umask settings or by repairing the file system/storage
backend/webserver/...).
In summary: Please only tell us to change something if there is any indication
that we did something wrong. We will continue to serve the permission
bits we get from the official apache mirror.
> -rtlzv --delete -> -avz --delete --safe-symlinks
You mean --safe-links? We added that now. Of course, you could also take
care that the master mirror does not provide unsafe links.
> Note: no 'p' in the 'old' ; in 'new', 'p' is implied by '-a'.
> Anyway, '-a' is what you want for mirrors, so why use some-
> thing else ?
This implies -p is added, but also -goD (group, owner, device files).
We also have have -H (hard links), -S (sparse files) and -p (see the
discussion above), but not -goD and want to keep that.
Bye,
--
Carsten Otto otto@informatik.rwth-aachen.de
LuFG Informatik 2 http://verify.rwth-aachen.de/otto/
RWTH Aachen phone: +49 241 80-21211
Re: permission problems ? here's how to fix your set-up
Posted by "Henk P. Penning" <he...@cs.uu.nl>.
On Tue, 21 Jun 2011, Carsten Otto wrote:
> Date: Tue, 21 Jun 2011 11:00:30 +0200
> From: Carsten Otto <ot...@informatik.rwth-aachen.de>
> To: mirrors@apache.org
> Cc: Gavin McDonald <ga...@16degrees.com.au>, FTP <ft...@halifax.rwth-aachen.de>
> Subject: Re: permission problems ? here's how to fix your set-up
Hi Otto,
> rsync is perfectly able to mirror permission bits.
Sure.
> Instead of changing
> the (well-established) setup on the individual mirrors, please first
> take care that the official apache mirrors use the intended settings -
> we then just copy this and everything is fine.
... not if your cronjob runs with 'umask 077', as it often does.
I agree that the 'old' settings were not wrong in some cases.
The point of the change is to prevent permission problems from
occurring (as they now often do) by a more strict prescription of
a setup that we think will always work, or at least more often.
> PS: What was the change in rsync options?
-rtlzv --delete -> -avz --delete --safe-symlinks
Note: no 'p' in the 'old' ; in 'new', 'p' is implied by '-a'.
Anyway, '-a' is what you want for mirrors, so why use some-
thing else ?
> Carsten Otto otto@informatik.rwth-aachen.de
Groeten,
HPP
--------------------------------------------------------- _
Henk P. Penning, ICT-beta R Uithof WISK-412 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://people.cs.uu.nl/henkp/ M penning@cs.uu.nl \_/
Re: permission problems ? here's how to fix your set-up
Posted by Carsten Otto <ot...@informatik.rwth-aachen.de>.
Dear Henk,
rsync is perfectly able to mirror permission bits. Instead of changing
the (well-established) setup on the individual mirrors, please first
take care that the official apache mirrors use the intended settings -
we then just copy this and everything is fine.
This is what I see on rsync.eu.apache.org (which is replicated on
ftp.halifax.rwth-aachen.de):
rsync -av rsync://rsync.eu.apache.org/apache-dist/ | grep " zookeeper"
drwxrwsr-x 6 2011/02/27 09:25:36 zookeeper
-rw-rw-r-- 427 2011/02/27 09:25:36 zookeeper/HEADER.html
-rw-rw-r-- 5462 2011/02/27 09:25:36 zookeeper/KEYS
lrwxrwxrwx 16 2011/02/27 09:54:20 zookeeper/stable -> zookeeper-3.3.3/
drwxrwxr-x 6 2011/02/24 04:06:37 zookeeper/zookeeper-3.3.3
-rw-rw-r-- 9639959 2011/02/24 04:43:52 zookeeper/zookeeper-3.3.3/zookeeper-3.3.3.tar.gz
-rw-rw-r-- 836 2011/02/24 04:43:52 zookeeper/zookeeper-3.3.3/zookeeper-3.3.3.tar.gz.asc
PS: What was the change in rsync options?
Best regards,
--
Carsten Otto otto@informatik.rwth-aachen.de
LuFG Informatik 2 http://verify.rwth-aachen.de/otto/
RWTH Aachen phone: +49 241 80-21211