You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Dan Fabulich <da...@fabulich.com> on 2008/05/14 03:31:20 UTC
proposal: setuid-root fix-permissions.sh
I've rewritten fix-permissions.sh to use absolute paths for find and
chmod, and removed the "-user ${USER}" check. I believe this modified
script should be safe to be configured setuid root. That way, anybody
could run it and clean up anyone's fix-permissions errors, even if someone
else forgot.
I know we've been talking about setting it up as a cron job for months,
but apparently that's politically difficult (I suppose that it could be
more maintenance work). In this proposal, all I want is for somebody to
mark this version of the script setuid root; it's a one-time-only chmod
command.
Unlike the cron proposal, I believe this could actually happen this week
if we decided it should happen.
Agreed?
-------------
echo Checking /www/people.apache.org/repo/m2-snapshot-repository
/usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm 775 -type d -exec /bin/chmod 775 {} \; -print
/usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
echo Checking /www/people.apache.org/repo/m2-ibiblio-rsync-repository
/usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository ! -perm 775 -type d -exec /bin/chmod 775 {} \; -print
/usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository ! -perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
echo Checking /www/people.apache.org/repo/m2-incubating-repository
/usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm 775 -type d -exec /bin/chmod 775 {} \; -print
/usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
-------------
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: proposal: setuid-root fix-permissions.sh
Posted by Dan Fabulich <da...@fabulich.com>.
Raphaël Piéroni wrote:
> +1 (obviously)
>
> Dan, i will use the script after work.
> where is fix-permission.sh located?
/www/people.apache.org/repo/m2-snapshot-repository/fix-permissions.sh
It was originally just for fixing permissions in the
m2-snapshot-repository, but now you can run it there and it will fix your
permissions in three locations (m2-snapshot-repository,
m2-ibiblio-rsync-repository, m2-incubating-repository).
-Dan
Re: proposal: setuid-root fix-permissions.sh
Posted by Raphaël Piéroni <ra...@gmail.com>.
+1 (obviously)
Dan, i will use the script after work.
where is fix-permission.sh located?
Raphaël
2008/5/14 Arnaud HERITIER <ah...@gmail.com>:
> +1 to have this very useful script to unblock us with these annoying
> problems of permissions.
>
> Arnuad
>
>
>
> On Wed, May 14, 2008 at 3:31 AM, Dan Fabulich <da...@fabulich.com> wrote:
>
> >
> > I've rewritten fix-permissions.sh to use absolute paths for find and
> > chmod, and removed the "-user ${USER}" check. I believe this modified
> > script should be safe to be configured setuid root. That way, anybody could
> > run it and clean up anyone's fix-permissions errors, even if someone else
> > forgot.
> >
> > I know we've been talking about setting it up as a cron job for months,
> > but apparently that's politically difficult (I suppose that it could be more
> > maintenance work). In this proposal, all I want is for somebody to mark
> > this version of the script setuid root; it's a one-time-only chmod command.
> >
> > Unlike the cron proposal, I believe this could actually happen this week
> > if we decided it should happen.
> >
> > Agreed?
> >
> > -------------
> >
> > echo Checking /www/people.apache.org/repo/m2-snapshot-repository
> > /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm
> > 775 -type d -exec /bin/chmod 775 {} \; -print
> > /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm
> > 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
> >
> > echo Checking /www/people.apache.org/repo/m2-ibiblio-rsync-repository
> > /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository !
> > -perm 775 -type d -exec /bin/chmod 775 {} \; -print
> > /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository !
> > -perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
> >
> > echo Checking /www/people.apache.org/repo/m2-incubating-repository
> > /usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm
> > 775 -type d -exec /bin/chmod 775 {} \; -print
> > /usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm
> > 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
> >
> > -------------
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
> >
> >
>
Re: proposal: setuid-root fix-permissions.sh
Posted by Arnaud HERITIER <ah...@gmail.com>.
+1 to have this very useful script to unblock us with these annoying
problems of permissions.
Arnuad
On Wed, May 14, 2008 at 3:31 AM, Dan Fabulich <da...@fabulich.com> wrote:
>
> I've rewritten fix-permissions.sh to use absolute paths for find and
> chmod, and removed the "-user ${USER}" check. I believe this modified
> script should be safe to be configured setuid root. That way, anybody could
> run it and clean up anyone's fix-permissions errors, even if someone else
> forgot.
>
> I know we've been talking about setting it up as a cron job for months,
> but apparently that's politically difficult (I suppose that it could be more
> maintenance work). In this proposal, all I want is for somebody to mark
> this version of the script setuid root; it's a one-time-only chmod command.
>
> Unlike the cron proposal, I believe this could actually happen this week
> if we decided it should happen.
>
> Agreed?
>
> -------------
>
> echo Checking /www/people.apache.org/repo/m2-snapshot-repository
> /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm
> 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm
> 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> echo Checking /www/people.apache.org/repo/m2-ibiblio-rsync-repository
> /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository !
> -perm 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository !
> -perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> echo Checking /www/people.apache.org/repo/m2-incubating-repository
> /usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm
> 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm
> 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> -------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
Re: proposal: setuid-root fix-permissions.sh
Posted by John Casey <jd...@commonjava.org>.
+1 from me, if it's safe (I'm not qualified to say, personally).
-john
On May 13, 2008, at 9:31 PM, Dan Fabulich wrote:
>
> I've rewritten fix-permissions.sh to use absolute paths for find
> and chmod, and removed the "-user ${USER}" check. I believe this
> modified script should be safe to be configured setuid root. That
> way, anybody could run it and clean up anyone's fix-permissions
> errors, even if someone else forgot.
>
> I know we've been talking about setting it up as a cron job for
> months, but apparently that's politically difficult (I suppose that
> it could be more maintenance work). In this proposal, all I want
> is for somebody to mark this version of the script setuid root;
> it's a one-time-only chmod command.
>
> Unlike the cron proposal, I believe this could actually happen this
> week if we decided it should happen.
>
> Agreed?
>
> -------------
>
> echo Checking /www/people.apache.org/repo/m2-snapshot-repository
> /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -
> perm 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -
> perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> echo Checking /www/people.apache.org/repo/m2-ibiblio-rsync-repository
> /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-
> repository ! -perm 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-
> repository ! -perm 664 -iname maven-metadata.xml* -exec /bin/chmod
> 664 {} \; -print
>
> echo Checking /www/people.apache.org/repo/m2-incubating-repository
> /usr/bin/find /www/people.apache.org/repo/m2-incubating-
> repository ! -perm 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-incubating-
> repository ! -perm 664 -iname maven-metadata.xml* -exec /bin/chmod
> 664 {} \; -print
>
> -------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
---
John Casey
Committer and PMC Member, Apache Maven
mail: jdcasey at commonjava dot org
blog: http://www.ejlife.net/blogs/john
rss: http://feeds.feedburner.com/ejlife/john
Re: proposal: setuid-root fix-permissions.sh
Posted by Carlos Sanchez <ca...@apache.org>.
this point was raised several times before, and it was opposed by
infra, so you'd need to ask them. Here I'm sure everybody is +1 ;)
On Tue, May 13, 2008 at 6:31 PM, Dan Fabulich <da...@fabulich.com> wrote:
>
> I've rewritten fix-permissions.sh to use absolute paths for find and chmod,
> and removed the "-user ${USER}" check. I believe this modified script
> should be safe to be configured setuid root. That way, anybody could run it
> and clean up anyone's fix-permissions errors, even if someone else forgot.
>
> I know we've been talking about setting it up as a cron job for months, but
> apparently that's politically difficult (I suppose that it could be more
> maintenance work). In this proposal, all I want is for somebody to mark
> this version of the script setuid root; it's a one-time-only chmod command.
>
> Unlike the cron proposal, I believe this could actually happen this week if
> we decided it should happen.
>
> Agreed?
>
> -------------
>
> echo Checking /www/people.apache.org/repo/m2-snapshot-repository
> /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm 775
> -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-snapshot-repository ! -perm 664
> -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> echo Checking /www/people.apache.org/repo/m2-ibiblio-rsync-repository
> /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository !
> -perm 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-ibiblio-rsync-repository !
> -perm 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> echo Checking /www/people.apache.org/repo/m2-incubating-repository
> /usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm
> 775 -type d -exec /bin/chmod 775 {} \; -print
> /usr/bin/find /www/people.apache.org/repo/m2-incubating-repository ! -perm
> 664 -iname maven-metadata.xml* -exec /bin/chmod 664 {} \; -print
>
> -------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org