* [9fans] fs administration: how do people update multi-user fs? @ 2003-02-14 15:02 Axel Belinfante 2003-02-14 15:16 ` Russ Cox 0 siblings, 1 reply; 34+ messages in thread From: Axel Belinfante @ 2003-02-14 15:02 UTC (permalink / raw) To: 9fans Just wondering how people who have multiple users using their fs deal with fs permissions during update from sources. (in case it makes a difference: non-fossil, but I assume that the basic questions are independent of fs impl) Planned down-time to run the update? Or update on-the-fly? Use `allow' on boot? Use `allow' from console? How do you avoid that those who do not run the update profit (even just by accident) from the `allow' flag? `Hangup' together with `noattach'? Or is this all just a non-issue? For updating on-the-fly, I'm wondering whether it would help to add a version of the console `allow' command that takes a uid, in the same way as duallow does. Browsed the fs source; hacking it in does not seem to be a problem, but, since it is not there yet, it seems that people can live without it, hence I'm wondering: what do others do? Axel. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:02 [9fans] fs administration: how do people update multi-user fs? Axel Belinfante @ 2003-02-14 15:16 ` Russ Cox 2003-02-14 15:20 ` Ronald G. Minnich ` (2 more replies) 0 siblings, 3 replies; 34+ messages in thread From: Russ Cox @ 2003-02-14 15:16 UTC (permalink / raw) To: 9fans I removed the -u flag from /dist/replica/network and just run as me. Since I'm in group sys I have permissions enough to do a pull. There's no need for allowing. This mirrors the way the Plan 9 file server at Bell Labs runs. We don't "su to root" or anything like that to install new binaries; we do it as ourselves, and make sure our accounts have the right permissions. Some people who were more wary of having such permissions all the time have maintained two accounts, e.g. glenda and glendasys, switching to glendasys to do administrative work. That's still a far cry from root. (Doing the software packaging I became painfully aware of how bad Unix is in this regard. It was impossible to test my installations without su'ing to root. You'd think that some Unix would take the hint and use group permissions so that you didn't have to be root to install potentially untrusted pieces of software that come with custom build scripts.) Allow is useful to get started, and I made it the default in the pull scripts for kfs because kfs is usually a single-user system and allowing solved the problem of remembering to be in group sys, but in general I think it's a bigger hammer than you need. If you're running your own file server, then I have no problem with forcing you to figure out group sys. A few people have proposed a per-uid allow or a per-connection allow for the purposes of updating, but to me, it feels way too much like root. I like the fact that you can't "allow" except when starting the file system. Russ ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:16 ` Russ Cox @ 2003-02-14 15:20 ` Ronald G. Minnich 2003-02-14 17:16 ` Jack Johnson 2003-02-14 15:33 ` Lucio De Re 2003-02-14 16:16 ` Dan Cross 2 siblings, 1 reply; 34+ messages in thread From: Ronald G. Minnich @ 2003-02-14 15:20 UTC (permalink / raw) To: 9fans On Fri, 14 Feb 2003, Russ Cox wrote: > (Doing the software packaging I became painfully aware > of how bad Unix is in this regard. It was impossible to > test my installations without su'ing to root. You'd think > that some Unix would take the hint and use group permissions > so that you didn't have to be root to install potentially > untrusted pieces of software that come with custom build > scripts.) A few things I've noticed in recent years, esp. on Linux - you need to be root more than you used to - more priveleged ports, not less - more setuid-root stuff, not less - code that used to be portable to many systems now has trouble compiling on non-Linux systems Things are going downhill in the OS monoculture. ron ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:20 ` Ronald G. Minnich @ 2003-02-14 17:16 ` Jack Johnson 2003-02-14 17:28 ` andrey mirtchovski 2003-02-14 17:47 ` Ronald G. Minnich 0 siblings, 2 replies; 34+ messages in thread From: Jack Johnson @ 2003-02-14 17:16 UTC (permalink / raw) To: 9fans Ronald G. Minnich wrote: > A few things I've noticed in recent years, esp. on Linux > - you need to be root more than you used to > - more priveleged ports, not less I know this is off-topic for this list, but would you be willing to elaborate a bit? I agree with you in the other areas, but it seems that we're trading services, not necessarily adding services. SSH for telnet and ftp, so yes, maybe setuid-root, but we add a privileged port and drop two. We might add Samba or netatalk to a system that already has NFS shares, but the reasons they're privileged ports seem to be outside the hands of the Linux community, and most of the added privileged ports seem to be running as unique users now, instead of all running as root. It also seems like increased usage of chrooted/jailed services has made things slightly better, even though it's still privileged, and yes, still a mess. Are there better ways? Sure, but you're not likely to see them widely implemented anytime soon. As long as Linux continues to accrete functionality to accomodate Someone Else's OS the prevalent services will always be less than desired, but I don't see it as any worse than it was five years ago, just more of the same. I'm always suprised that there isn't more prevalent bootstrapping going on in the client world for halfway decent services. I wouldn't mind seeing an SFS client for Windows, or heck, even Java. Though I think OSX will let you have WebDAV home directories now, there should be some facility for arbitrary-service-home-directory for PAM. (Is the 9P on Python project still in existence?) -Jack ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 17:16 ` Jack Johnson @ 2003-02-14 17:28 ` andrey mirtchovski 2003-02-14 17:42 ` Ronald G. Minnich 2003-02-16 22:28 ` Roman V. Shaposhnick 2003-02-14 17:47 ` Ronald G. Minnich 1 sibling, 2 replies; 34+ messages in thread From: andrey mirtchovski @ 2003-02-14 17:28 UTC (permalink / raw) To: 9fans On Fri, 14 Feb 2003, Jack Johnson wrote: > It also seems like increased usage of chrooted/jailed services has made > things slightly better, even though it's still privileged, and yes, > still a mess. > > Are there better ways? [snip] It was pointed to me recently that after ten years of mulling with the implementation of "proper" jail/chroot environment (i.e. one that is not trivially b0rken) the FreeBSD security people have arrived at the conclusion that "something akin to Plan9's private namespaces may not be a bad idea"... Indeed it takes time, but sooner or later Linux/*BSD will adopt the ideas from Plan9 (some they have already -- devfs comes as an example). We need to do something before that time comes, otherwise no matter how bad their implementations are, everybody will say "well, I use linux because it's good enough" and everything will be lost... andrey ps: In a recent conversation I heard a person say "I can't for the life of me figure out how to play [some brand spanking new video format] in Windows! In Linux it just works." Times have changed, haven't they? ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 17:28 ` andrey mirtchovski @ 2003-02-14 17:42 ` Ronald G. Minnich 2003-02-14 18:04 ` northern snowfall 2003-02-16 22:28 ` Roman V. Shaposhnick 1 sibling, 1 reply; 34+ messages in thread From: Ronald G. Minnich @ 2003-02-14 17:42 UTC (permalink / raw) To: 9fans On Fri, 14 Feb 2003, andrey mirtchovski wrote: > It was pointed to me recently that after ten years of mulling with the > implementation of "proper" jail/chroot environment (i.e. one that is not > trivially b0rken) the FreeBSD security people have arrived at the > conclusion that "something akin to Plan9's private namespaces may not be a > bad idea"... wow, I first started trying to get them interested in this in 1996. No interest of any kind. Looks like we have a time constant ... 7 years. At least it's prime. ron ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 17:42 ` Ronald G. Minnich @ 2003-02-14 18:04 ` northern snowfall 0 siblings, 0 replies; 34+ messages in thread From: northern snowfall @ 2003-02-14 18:04 UTC (permalink / raw) To: 9fans > > >wow, I first started trying to get them interested in this in 1996. No >interest of any kind. Looks like we have a time constant ... 7 years. At >least it's prime. > The thing that bugs me about this is that the FreeBSD team wasn't interested in private namespaces until they started researching the NSA's work on SELinux. (Quoting from FreeBSD developers) Plan9 has done this for ... how long.... yet, its work just isn't as important as, say, the NSA... Don > ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 17:28 ` andrey mirtchovski 2003-02-14 17:42 ` Ronald G. Minnich @ 2003-02-16 22:28 ` Roman V. Shaposhnick 1 sibling, 0 replies; 34+ messages in thread From: Roman V. Shaposhnick @ 2003-02-16 22:28 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 10:28:11AM -0700, andrey mirtchovski wrote: > On Fri, 14 Feb 2003, Jack Johnson wrote: > Indeed it takes time, but sooner or later Linux/*BSD will adopt > the ideas from Plan9 (some they have already -- devfs comes as an example). Speaking about Linux in general and devfs in particular I'd trade adopting the ideas for adopting the code style and cleanliness without a hint of hesitation. As for ideas, last time I spoke with Al Viro, he told me that implementing full blown namespaces will upset looserland tremendously. So, he's not doing it. Thanks, Roman. P.S. Yes, I know, everytime somebody mentions devfs -- I have this itch to scratch ;-) ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 17:16 ` Jack Johnson 2003-02-14 17:28 ` andrey mirtchovski @ 2003-02-14 17:47 ` Ronald G. Minnich 1 sibling, 0 replies; 34+ messages in thread From: Ronald G. Minnich @ 2003-02-14 17:47 UTC (permalink / raw) To: 9fans On Fri, 14 Feb 2003, Jack Johnson wrote: > Ronald G. Minnich wrote: > > A few things I've noticed in recent years, esp. on Linux > > - you need to be root more than you used to > > - more priveleged ports, not less > > I agree with you in the other areas, but it seems that we're trading > services, not necessarily adding services. yeah but. Some are new, some old, some just moved, all assume that priv ports somehow covers the problems. Each one of these new nice services makes you more vulnerable. The problem is we're continuing to glue stuff onto a system that probably can't be fixed, and nobody seems to care too much. Priv ports have been known to be a hack forever, but we use them more than ever. This seems a bad trend. I was also thinking of the move of the NFS port from 2049 to priv space. That was a really insecure protocol, and it still is: people seem to feel that moving it to priv space somehow made things better. Kind of funny, isn't it? After all, nobody can just boot dos and run a little code, right? ron ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:16 ` Russ Cox 2003-02-14 15:20 ` Ronald G. Minnich @ 2003-02-14 15:33 ` Lucio De Re 2003-02-14 15:37 ` Russ Cox ` (2 more replies) 2003-02-14 16:16 ` Dan Cross 2 siblings, 3 replies; 34+ messages in thread From: Lucio De Re @ 2003-02-14 15:33 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 10:16:47AM -0500, Russ Cox wrote: > > I removed the -u flag from /dist/replica/network > and just run as me. Since I'm in group sys I have > permissions enough to do a pull. There's no need > for allowing. > You can't create new files, though, and assign them sys as owner or special permissions. Unless of course you manage to log in as "sys". > [ ... ] > > Russ Well, I'll be flattered, Russ manages to mirror my semntiments pretty accurately. That should worry him. ++L ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:33 ` Lucio De Re @ 2003-02-14 15:37 ` Russ Cox 2003-02-14 16:08 ` [9fans] chown in fossil Fco.J.Ballesteros 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen 2 siblings, 0 replies; 34+ messages in thread From: Russ Cox @ 2003-02-14 15:37 UTC (permalink / raw) To: 9fans > You can't create new files, though, and assign them sys as owner or > special permissions. Unless of course you manage to log in as "sys". right, removing -u does not set the owners. the owners don't matter anyway. you can certainly set the permissions to whatever you want, though -- you're the owner! ^ permalink raw reply [flat|nested] 34+ messages in thread
* [9fans] chown in fossil 2003-02-14 15:33 ` Lucio De Re 2003-02-14 15:37 ` Russ Cox @ 2003-02-14 16:08 ` Fco.J.Ballesteros 2003-02-14 16:17 ` Russ Cox 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen 2 siblings, 1 reply; 34+ messages in thread From: Fco.J.Ballesteros @ 2003-02-14 16:08 UTC (permalink / raw) To: 9fans When you try to chown a file in fossil, you sometimes get an error like `attempting to change length of a directory entry'. Is that a bug or a feature? I was going to take a look at it but don't know if that's the intended behaviour. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] chown in fossil 2003-02-14 16:08 ` [9fans] chown in fossil Fco.J.Ballesteros @ 2003-02-14 16:17 ` Russ Cox 2003-02-14 16:20 ` Fco.J.Ballesteros 0 siblings, 1 reply; 34+ messages in thread From: Russ Cox @ 2003-02-14 16:17 UTC (permalink / raw) To: 9fans what is the exact error? ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] chown in fossil 2003-02-14 16:17 ` Russ Cox @ 2003-02-14 16:20 ` Fco.J.Ballesteros 2003-02-14 16:23 ` Russ Cox 0 siblings, 1 reply; 34+ messages in thread From: Fco.J.Ballesteros @ 2003-02-14 16:20 UTC (permalink / raw) To: 9fans [-- Attachment #1: Type: text/plain, Size: 114 bytes --] chown: can't chown wiki to paurea: wstat -- attempt to change length of directory The old owner was "nemo". [-- Attachment #2: Type: message/rfc822, Size: 1389 bytes --] From: "Russ Cox" <rsc@plan9.bell-labs.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] chown in fossil Date: Fri, 14 Feb 2003 11:17:50 -0500 Message-ID: <90358b2def55278e58cc538d9f6a45d8@plan9.bell-labs.com> what is the exact error? ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] chown in fossil 2003-02-14 16:20 ` Fco.J.Ballesteros @ 2003-02-14 16:23 ` Russ Cox 2003-02-14 16:27 ` Fco.J.Ballesteros 0 siblings, 1 reply; 34+ messages in thread From: Russ Cox @ 2003-02-14 16:23 UTC (permalink / raw) To: 9fans fossil is fussier about rejecting bad 9p requests than any of our other file servers. in this case your chown Twstat message is actually attempting to change the length field as well as the uid field. which program are you using to chown? chgrp -o looks like it does the right thing. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] chown in fossil 2003-02-14 16:23 ` Russ Cox @ 2003-02-14 16:27 ` Fco.J.Ballesteros 0 siblings, 0 replies; 34+ messages in thread From: Fco.J.Ballesteros @ 2003-02-14 16:27 UTC (permalink / raw) To: 9fans [-- Attachment #1: Type: text/plain, Size: 186 bytes --] Ugh. That was it. We had a chown.c from a long time ago (even before we had the 3rd ed. fs running). I got used to chown and never used chgrp -o. I just deleted chown. thanks a lot. [-- Attachment #2: Type: message/rfc822, Size: 1557 bytes --] From: "Russ Cox" <rsc@plan9.bell-labs.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] chown in fossil Date: Fri, 14 Feb 2003 11:23:12 -0500 Message-ID: <feba7225d7991b1f9f7c8c39768fdcd9@plan9.bell-labs.com> fossil is fussier about rejecting bad 9p requests than any of our other file servers. in this case your chown Twstat message is actually attempting to change the length field as well as the uid field. which program are you using to chown? chgrp -o looks like it does the right thing. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:33 ` Lucio De Re 2003-02-14 15:37 ` Russ Cox 2003-02-14 16:08 ` [9fans] chown in fossil Fco.J.Ballesteros @ 2003-02-15 2:56 ` Christopher Nielsen 2003-02-15 3:03 ` Geoff Collyer ` (3 more replies) 2 siblings, 4 replies; 34+ messages in thread From: Christopher Nielsen @ 2003-02-15 2:56 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 05:33:50PM +0200, Lucio De Re wrote: > On Fri, Feb 14, 2003 at 10:16:47AM -0500, Russ Cox wrote: > > > > I removed the -u flag from /dist/replica/network > > and just run as me. Since I'm in group sys I have > > permissions enough to do a pull. There's no need > > for allowing. > > > You can't create new files, though, and assign them sys as owner or > special permissions. Unless of course you manage to log in as "sys". Why do you need to assign them to be owned by sys? I find it better to be owned by the person that made the changes. Better for tracking who made changes to what last. -- Christopher Nielsen - Metal-wielding pyro techie madhatter@teaparty.org "They who can give up essential liberty for temporary safety, deserve neither liberty nor safety." --Benjamin Franklin ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen @ 2003-02-15 3:03 ` Geoff Collyer 2003-02-15 4:38 ` Christopher Nielsen 2003-02-15 3:13 ` Scott Schwartz ` (2 subsequent siblings) 3 siblings, 1 reply; 34+ messages in thread From: Geoff Collyer @ 2003-02-15 3:03 UTC (permalink / raw) To: 9fans `ls -m' will tell you who last modified a file; there's no need for ownership to also tell you that. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 3:03 ` Geoff Collyer @ 2003-02-15 4:38 ` Christopher Nielsen 0 siblings, 0 replies; 34+ messages in thread From: Christopher Nielsen @ 2003-02-15 4:38 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 07:03:36PM -0800, Geoff Collyer wrote: > > `ls -m' will tell you who last modified a file; there's no need for > ownership to also tell you that. Oh! Very cool. I did not know that. That's what I get for not reading the man page. :-) -- Christopher Nielsen - Metal-wielding pyro techie "They who can give up essential liberty for temporary safety, deserve neither liberty nor safety." --Benjamin Franklin ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen 2003-02-15 3:03 ` Geoff Collyer @ 2003-02-15 3:13 ` Scott Schwartz 2003-02-15 4:39 ` Christopher Nielsen 2003-02-15 4:48 ` Andrew 2003-02-15 9:49 ` Lucio De Re 2003-02-15 15:53 ` Kenji Arisawa 3 siblings, 2 replies; 34+ messages in thread From: Scott Schwartz @ 2003-02-15 3:13 UTC (permalink / raw) To: 9fans | Why do you need to assign them to be owned by sys? | I find it better to be owned by the person that | made the changes. Better for tracking who made | changes to what last. The fileserver has a field for last-person; that's a different idea than owner. On a system with lots of users, maybe you want important files to be owned by a virtual user in case one of the humans leaves and their account gets deleted or otherwise needs to have it's power reduced. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 3:13 ` Scott Schwartz @ 2003-02-15 4:39 ` Christopher Nielsen 2003-02-15 4:48 ` Andrew 1 sibling, 0 replies; 34+ messages in thread From: Christopher Nielsen @ 2003-02-15 4:39 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 10:13:15PM -0500, Scott Schwartz wrote: > > The fileserver has a field for last-person; that's a different idea > than owner. > > On a system with lots of users, maybe you want important files to be > owned by a virtual user in case one of the humans leaves and their > account gets deleted or otherwise needs to have it's power reduced. Very good point. -- Christopher Nielsen - Metal-wielding pyro techie "They who can give up essential liberty for temporary safety, deserve neither liberty nor safety." --Benjamin Franklin ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 3:13 ` Scott Schwartz 2003-02-15 4:39 ` Christopher Nielsen @ 2003-02-15 4:48 ` Andrew 2003-02-15 16:20 ` Dan Cross 1 sibling, 1 reply; 34+ messages in thread From: Andrew @ 2003-02-15 4:48 UTC (permalink / raw) To: 9fans > On a system with lots of users, maybe you want important files to be > owned by a virtual user in case one of the humans leaves and their > account gets deleted or otherwise needs to have it's power reduced. > perhaps an update (not root) account specifically for updating would work? Im gearing up to get my system worked out and am not sure what would be the best way to do all this either. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 4:48 ` Andrew @ 2003-02-15 16:20 ` Dan Cross 0 siblings, 0 replies; 34+ messages in thread From: Dan Cross @ 2003-02-15 16:20 UTC (permalink / raw) To: 9fans > perhaps an update (not root) account specifically for updating would > work? Im gearing up to get my system worked out and am not sure what > would be the best way to do all this either. Why not just give sys a password and login as it when you need to do a pull? - Dan C. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen 2003-02-15 3:03 ` Geoff Collyer 2003-02-15 3:13 ` Scott Schwartz @ 2003-02-15 9:49 ` Lucio De Re 2003-02-15 14:18 ` Russ Cox 2003-02-15 15:53 ` Kenji Arisawa 3 siblings, 1 reply; 34+ messages in thread From: Lucio De Re @ 2003-02-15 9:49 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 06:56:41PM -0800, Christopher Nielsen wrote: > > Why do you need to assign them to be owned by sys? > I find it better to be owned by the person that > made the changes. Better for tracking who made > changes to what last. > Tidiness and public release. And the new history(1) command records the last change eefector anyway. I get a little uncomfortable when a file in an archive is owned by "rob" and there is no "rob" in my /adm/users. I do appreciate that this gets corrected, but having files owned by "none" as a result is even more disconcerting. And difficult to fix. ++L ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 9:49 ` Lucio De Re @ 2003-02-15 14:18 ` Russ Cox 2003-02-15 15:29 ` Lucio De Re 0 siblings, 1 reply; 34+ messages in thread From: Russ Cox @ 2003-02-15 14:18 UTC (permalink / raw) To: 9fans > I get a little uncomfortable when a file in an archive is owned by > "rob" and there is no "rob" in my /adm/users. I do appreciate that > this gets corrected, but having files owned by "none" as a result is > even more disconcerting. And difficult to fix. I'm not sure what you're talking about. If you pull with the -u flag in your scripts, then copied files will be owned by sys, despite being owned by rob or whoever on sources. If you don't have it, they'll be owned by lucio or whoever runs pull. In no case should you end up with files owned by rob or by none. Russ ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 14:18 ` Russ Cox @ 2003-02-15 15:29 ` Lucio De Re 2003-02-16 14:20 ` Russ Cox 0 siblings, 1 reply; 34+ messages in thread From: Lucio De Re @ 2003-02-15 15:29 UTC (permalink / raw) To: 9fans On Sat, Feb 15, 2003 at 09:18:09AM -0500, Russ Cox wrote: > > In no case should you end up with files owned by rob or by none. > In the more general case of unwinding an archive such as tar files, I'm sure I've had situations where a non-existent user was translated to "none". But I've had so many dicky installations of Plan 9, from 2ed to the present, that I could have been hoisting myself on my own petard. Still, I have seen odd situations, so I'm sure the warning is not unjustified. ++L ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 15:29 ` Lucio De Re @ 2003-02-16 14:20 ` Russ Cox 2003-02-16 14:30 ` Lucio De Re 0 siblings, 1 reply; 34+ messages in thread From: Russ Cox @ 2003-02-16 14:20 UTC (permalink / raw) To: 9fans > Still, I have seen odd situations, so I'm sure the warning is not > unjustified. I agree -- I think that the wrap tools might have done this. My point was just that with the current tools you should never get files owned by anyone but you and system accounts. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-16 14:20 ` Russ Cox @ 2003-02-16 14:30 ` Lucio De Re 2003-02-16 14:36 ` Russ Cox 0 siblings, 1 reply; 34+ messages in thread From: Lucio De Re @ 2003-02-16 14:30 UTC (permalink / raw) To: 9fans On Sun, Feb 16, 2003 at 09:20:39AM -0500, Russ Cox wrote: > > > Still, I have seen odd situations, so I'm sure the warning is not > > unjustified. > > I agree -- I think that the wrap tools might have done this. > My point was just that with the current tools you should never > get files owned by anyone but you and system accounts. This could be taken to mean that there was a time when "none" was the default destination file owner if the source owner was not recognised on the destination host, and that none of the currently in use tools manifest this behaviour any more. The reason I'm being pedantic, is that I'd like to be sure that this behaviour is not something hidden in the file handling somewhere that will return to haunt those of us who are not aware of it. If it is, then it would be good to have it documented. ++L ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-16 14:30 ` Lucio De Re @ 2003-02-16 14:36 ` Russ Cox 0 siblings, 0 replies; 34+ messages in thread From: Russ Cox @ 2003-02-16 14:36 UTC (permalink / raw) To: 9fans When a file is created, it is owned by the person who created it. If you logged into a kfs system using a user name that was not in /adm/users, then to kfs you are logged in as `none'. If you are using a tool that sets the owner of a file on a kfs system in allow mode, then kfs does not check that you ask for a valid uid. If you ask for a user not in /adm/users, it will use `none'. The file server kernel and fossil are both much more paranoid -- they will not let you log in and will not let you chown when the users don't exist. Kfs was never meant to be more than a crutch. The fact that it is the most commonly used file server on Plan 9 is little more than an unfortunate historical accident. Russ ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen ` (2 preceding siblings ...) 2003-02-15 9:49 ` Lucio De Re @ 2003-02-15 15:53 ` Kenji Arisawa 2003-02-15 16:00 ` Lucio De Re 3 siblings, 1 reply; 34+ messages in thread From: Kenji Arisawa @ 2003-02-15 15:53 UTC (permalink / raw) To: 9fans On Fri, Feb 14, 2003 at 10:16:47AM -0500, Russ Cox wrote: > > I removed the -u flag from /dist/replica/network > and just run as me. Since I'm in group sys I have > permissions enough to do a pull. There's no need > for allowing. > I would like to agree with Russ but some old files have permissions: --rw-r--r-- M 161 sys sys 24982 Dec 12 1999 troff/FIXES --rw-r--r-- M 161 sys sys 1168 Dec 12 1999 troff/README --rw-r--r-- M 161 sys sys 9115 Dec 12 1999 troff/dwbinit.c --rw-r--r-- M 161 sys sys 491 Dec 12 1999 troff/dwbinit.h --rwxr-xr-x M 161 sys sys 15 Dec 12 1999 troff/find Kenji Arisawa ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 15:53 ` Kenji Arisawa @ 2003-02-15 16:00 ` Lucio De Re 2003-02-15 16:22 ` Dan Cross 2003-02-15 17:58 ` Russ Cox 0 siblings, 2 replies; 34+ messages in thread From: Lucio De Re @ 2003-02-15 16:00 UTC (permalink / raw) To: 9fans On Sun, Feb 16, 2003 at 12:53:40AM +0900, Kenji Arisawa wrote: > > > I would like to agree with Russ but some old files have permissions: > --rw-r--r-- M 161 sys sys 24982 Dec 12 1999 troff/FIXES > --rw-r--r-- M 161 sys sys 1168 Dec 12 1999 troff/README > --rw-r--r-- M 161 sys sys 9115 Dec 12 1999 troff/dwbinit.c > --rw-r--r-- M 161 sys sys 491 Dec 12 1999 troff/dwbinit.h > --rwxr-xr-x M 161 sys sys 15 Dec 12 1999 troff/find > I think that a special CPU/AUTH server with permission to speak for "sys" is called for. Altering the /lib/ndb/auth files is one option, another is to have a small host just for things like this. Or am I missing something? ++L ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 16:00 ` Lucio De Re @ 2003-02-15 16:22 ` Dan Cross 2003-02-15 17:58 ` Russ Cox 1 sibling, 0 replies; 34+ messages in thread From: Dan Cross @ 2003-02-15 16:22 UTC (permalink / raw) To: 9fans > I think that a special CPU/AUTH server with permission to speak for > "sys" is called for. Altering the /lib/ndb/auth files is one option, > another is to have a small host just for things like this. > > Or am I missing something? What's wrong with just logging in as sys, if that's what's desired? - Dan C. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-15 16:00 ` Lucio De Re 2003-02-15 16:22 ` Dan Cross @ 2003-02-15 17:58 ` Russ Cox 1 sibling, 0 replies; 34+ messages in thread From: Russ Cox @ 2003-02-15 17:58 UTC (permalink / raw) To: 9fans arguably pull should know how to turn the write bits on and then turn them off again when changing a read-only file. i've been trying to catch files that aren't group writable and just fix the modes. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [9fans] fs administration: how do people update multi-user fs? 2003-02-14 15:16 ` Russ Cox 2003-02-14 15:20 ` Ronald G. Minnich 2003-02-14 15:33 ` Lucio De Re @ 2003-02-14 16:16 ` Dan Cross 2 siblings, 0 replies; 34+ messages in thread From: Dan Cross @ 2003-02-14 16:16 UTC (permalink / raw) To: 9fans > I like the fact that you can't "allow" except when starting > the file system. In the current file server (not fossil), you can ``allow'' from the console when it's up and running (and then ``disallow''). I just wish you could toggle none attaches, as well. I can wait for fossil to take over, though. btw- I still like the idea of /dist/replica/inst and /dist/replica/site; is there any chance of getting such things sanctioned by the powers that be and put on sources? - Dan C. ^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2003-02-16 22:28 UTC | newest] Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2003-02-14 15:02 [9fans] fs administration: how do people update multi-user fs? Axel Belinfante 2003-02-14 15:16 ` Russ Cox 2003-02-14 15:20 ` Ronald G. Minnich 2003-02-14 17:16 ` Jack Johnson 2003-02-14 17:28 ` andrey mirtchovski 2003-02-14 17:42 ` Ronald G. Minnich 2003-02-14 18:04 ` northern snowfall 2003-02-16 22:28 ` Roman V. Shaposhnick 2003-02-14 17:47 ` Ronald G. Minnich 2003-02-14 15:33 ` Lucio De Re 2003-02-14 15:37 ` Russ Cox 2003-02-14 16:08 ` [9fans] chown in fossil Fco.J.Ballesteros 2003-02-14 16:17 ` Russ Cox 2003-02-14 16:20 ` Fco.J.Ballesteros 2003-02-14 16:23 ` Russ Cox 2003-02-14 16:27 ` Fco.J.Ballesteros 2003-02-15 2:56 ` [9fans] fs administration: how do people update multi-user fs? Christopher Nielsen 2003-02-15 3:03 ` Geoff Collyer 2003-02-15 4:38 ` Christopher Nielsen 2003-02-15 3:13 ` Scott Schwartz 2003-02-15 4:39 ` Christopher Nielsen 2003-02-15 4:48 ` Andrew 2003-02-15 16:20 ` Dan Cross 2003-02-15 9:49 ` Lucio De Re 2003-02-15 14:18 ` Russ Cox 2003-02-15 15:29 ` Lucio De Re 2003-02-16 14:20 ` Russ Cox 2003-02-16 14:30 ` Lucio De Re 2003-02-16 14:36 ` Russ Cox 2003-02-15 15:53 ` Kenji Arisawa 2003-02-15 16:00 ` Lucio De Re 2003-02-15 16:22 ` Dan Cross 2003-02-15 17:58 ` Russ Cox 2003-02-14 16:16 ` Dan Cross
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).