Gentoo Archives: gentoo-mirrors

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-mirrors@l.g.o
Subject: Re: [gentoo-mirrors] rsync source problem
Date: Wed, 21 Oct 2009 18:39:54
In Reply to: Re: [gentoo-mirrors] rsync source problem by Gokdeniz Karadag
On Wed, Oct 21, 2009 at 09:27:15PM +0300, Gokdeniz Karadag wrote:
> FYI, that file had been there since I started mirroring gentoo ~1.5 years ago. > There is no read permission, as a result it does not become public, but gives > annoying message at every sync. I just --excluded that file to get rid of the > error message.
The file is meant to go out to your mirrors, and give a 403 when anybody tries to access it. darkside (our new mirroradmin) is working on updating the checker scripts to make sure it exists and returns an error on your mirrors. It's got the same permissions that we use for staging content. Specifically 1. Place content on mirror, with permissions to distribute TO mirror only. Permissions on files is 0600, dirs 0700, user/group = rsync:root. 2. Wait for content to hit mirrors. 3. Change permissions to 0644 / 0755. Additionally, you run your rsync fetch as root or rsync, and you serve the files as some unprivileged uid (NOT user=rsync). The OSU mirror that feeds all of your mirrors was supposed to be explicitly configured that you could fetch from it always, but it seems that is broken. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85