Re: test rpms

0 views
Skip to first unread message

Greg Schueler

unread,
Nov 3, 2009, 10:02:48 PM11/3/09
to contr...@googlegroups.com


On Tue, Nov 3, 2009 at 6:06 PM, Anthony Shortland <ant...@dtosolutions.com> wrote:
The file permissions are all messed up for ctier group members after the RPM install:

drwxrwS--- 10 ctier ctier 4096 Nov  3 16:32 .
drwxr-xr-x  4 root  root  4096 Nov  3 16:32 ..
drwxr-----  2 ctier ctier 4096 Nov  3 16:32 bin
-rw-r-----  1 ctier ctier  866 Nov  3 16:32 ctierrc.sample
-rw-r--r--  1 ctier ctier 1263 Nov  3 16:32 ctierrc.sample.20091103-1632.backup
drwxr-----  7 ctier ctier 4096 Nov  3 16:32 ctl
drwxr-----  9 ctier ctier 4096 Nov  3 16:32 examples
drwxr-----  4 ctier ctier 4096 Nov  3 17:01 jackrabbit
drwxr-----  2 ctier ctier 4096 Nov  3 16:36 jobcenter
drwxr-----  5 ctier ctier 4096 Nov  3 16:32 pkgs
drwxr-----  2 ctier ctier 4096 Nov  3 17:01 reportcenter
drwxr-----  3 ctier ctier 4096 Nov  3 16:32 workbenc
h

In general we should set all files 640 or 750 (for execution) and all directories 750 except those that need to be opened up for (sticky-bit) group write access:

-bash-3.2$ chmod 2770 ctl/depots
-bash-3.2$ chmod 2770 ctl/var
-bash-3.2$ chmod 2770 ctl/var/logs
-bash-3.2$ chmod 2770 ctl/var/tmp


Ok, the spec had the wrong default perms, that is a simple fix.
 
... and, silly me, I forgot to mention explicitly that we need to add this to $CTL_BASE/etc/profile:

umask 002

this should be added to the CTL codebase then, can you log it as an enhancement request?
 

... in order to make sure that all files and directories are created by the Ctl commands with group write permissions.

The assumption is that the server will always be started as the ctier user, but that any number of ctier-group members will want to share the client install.

For example, I can create a depot as the ctier user:

[ctier@centos53 ~]$ ctl-depot -p Development -a create
Project depot structure created: /opt/ctier/ctl/depots/Development
Invoking external setup script: /opt/ctier/pkgs/ctl-1.4.9/bin/commander-depotsetup.xml
Beginning client setup ...
Running CTL depot setup: /opt/ctier/pkgs/ctl-1.4.9/lib/ant/controllers/ctl/depotsetupCmd.xml ...
Trying to override old definition of task document-property
CTL depot setup procedure completed.
Beginning node registration ...
Workbench client host "centos53[Node]" already registered, updating...
Completed client setup. Node centos53 registered in project: "Development".
[ctier@centos53 depots]$ ls -la 
total 24
drwxrws--- 3 ctier ctier 4096 Nov  3 17:54 .
drwxr-x--- 7 ctier ctier 4096 Nov  3 16:32 ..
drwxrwsr-x 5 ctier ctier 4096 Nov  3 17:54 Development

... and similarly using user4 (which is a ctier group member):

  • Sources the common .ctierrc:

[user4@centos53 ~]$ cat .bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# User specific aliases and functions

if [ -f /opt/ctier/.ctierrc ]; then
        . /opt/ctier/.ctierrc
else
        echo /opt/ctier/.ctierrc not found 1>&2
fi

  • Has ctier supernumerary group membership:

[user4@centos53 ~]$ id
uid=507(user4) gid=507(user4) groups=102(ctier),507(user4) context=user_u:system_r:unconfined_t

  • Can remove a (common) depot:

[user4@centos53 ~]$ ctl-depot -v -p Development -a remove 
removing depot: Development
preparing to execute buildfile: /opt/ctier/pkgs/ctl-1.4.9/lib/ant/controllers/ctl/depotunsetupCmd.xml
Created dir: /opt/ctier/ctl/var/removed-depots/Development/20091103-0603/deployments
Deleting directory /opt/ctier/ctl/depots/Development/deployments
Deleting directory /opt/ctier/ctl/depots/Development
Project depot 'Development' removed. Data archived to: /opt/ctier/ctl/var/removed-depots/Development/20091103-0603

  • Can create a (common) depot:

[user4@centos53 ~]$ ctl-depot -v -p Development -a create
depotmoduledir parameter not specified. using default: /opt/ctier/ctl/depots/Development/modules
depot directory exists: false
creating depot structure in: /opt/ctier/ctl/depots/Development...
creating depot module lib in: /opt/ctier/ctl/depots/Development/modules...
Project depot structure created: /opt/ctier/ctl/depots/Development
.
.
.
CTL depot setup procedure completed.
Beginning node registration ...
Checking registration status for: "centos53[Node]" ...
Workbench client host "centos53[Node]" already registered, updating...
Completed client setup. Node centos53 registered in project: "Development".

Anthony.


On Nov 3, 2009, at 4:57 PM, Anthony Shortland wrote:

Let's change the ctier user setup as follows:

  /usr/sbin/useradd  -g %{ctgroup} -r -c "ControlTier user" -d %{installRoot} -s /sbin/nologin %{ctuser}

Anthony.



On Nov 3, 2009, at 4:35 PM, Greg Schueler wrote:

I attached the spec files generated for these rpms (generated from a template).

if you have changes that should be added, please let me know.

On Tue, Nov 3, 2009 at 11:52 AM, Greg Schueler <gr...@controltier.com> wrote:
here are 3.4.9 rpms for testing:




I also created a document to describe installation using these files:


<ctier-client-3.4.9.spec><ctier-server-3.4.9.spec>

Anthony Shortland
Professional Services | DTO Solutions, Inc. | mobile: 650.215.3117 aim: anthony....@me.com yahoo: anthony.shortland irc.freenode.net: #controltier skype: anthony.shortland ]

ControlTier Software Inc. is now DTO Solutions Inc. The ControlTier open source project remains: http://www.controltier.org


Anthony Shortland
Professional Services | DTO Solutions, Inc. | mobile: 650.215.3117 aim: anthony....@me.com yahoo: anthony.shortland irc.freenode.net: #controltier skype: anthony.shortland ]

ControlTier Software Inc. is now DTO Solutions Inc. The ControlTier open source project remains: http://www.controltier.org


Anthony Shortland

unread,
Nov 8, 2009, 2:38:33 PM11/8/09
to ControlTier Accounting
Checking the permissions after the latest server RPM install I see:

[root@centos54 ctier]# ls -ld /opt/ctier
drwxrws--- 10 ctier ctier 4096 Nov  6 09:31 /opt/ctier

... I think we've subsequently added other read/execute permissions, but we really should also avoid adding the group sticky write bits at this level. I believe this was setup by the installer, and there's no need for ctier group members to change the CTIER_ROOT in any way.

Thanks,

Anthony.

On Nov 4, 2009, at 9:10 AM, Greg Schueler wrote:

yes, that is in the spec if you looked.  like i said, the perms I had set in it were intended to reflect all of you suggestions for perms you had sent me before, but just had some incorrect modes

On Wed, Nov 4, 2009 at 9:07 AM, Anthony Shortland <ant...@controltier.com> wrote:
Regarding permissions ... did you see the specific permissions for those four directories under CTL_BASE?
Anthony Shortland
Developer | ControlTier Open Source Project | mobile: 650.215.3117 aim: anthony....@me.com yahoo: anthony.shortland irc.freenode.net: #controltier skype: anthony.shortland ]

Alex-SF

unread,
Nov 8, 2009, 3:08:53 PM11/8/09
to ControlTier
IMO, I believe /opt/ctier should be made to have 755 perms.

On Nov 8, 11:38 am, Anthony Shortland <anth...@controltier.com> wrote:
> Checking the permissions after the latest server RPM install I see:
>
> [root@centos54 ctier]# ls -ld /opt/ctier
> drwxrws--- 10 ctier ctier 4096 Nov  6 09:31 /opt/ctier
>
> ... I think we've subsequently added other read/execute permissions,  
> but we really should also avoid adding the group sticky write bits at  
> this level. I believe this was setup by the installer, and there's no  
> need for ctier group members to change the CTIER_ROOT in any way.
>
> Thanks,
>
> Anthony.
>
> On Nov 4, 2009, at 9:10 AM, Greg Schueler wrote:
>
>
>
> > yes, that is in the spec if you looked.  like i said, the perms I  
> > had set in it were intended to reflect all of you suggestions for  
> > perms you had sent me before, but just had some incorrect modes
>
> > On Wed, Nov 4, 2009 at 9:07 AM, Anthony Shortland <anth...@controltier.com
> > > wrote:
> > Regarding permissions ... did you see the specific permissions for  
> > those four directories under CTL_BASE?
>
> > On Nov 3, 2009, at 7:02 PM, Greg Schueler wrote:
>
> >> On Tue, Nov 3, 2009 at 6:06 PM, Anthony Shortland <anth...@dtosolutions.com
> >>>> On Tue, Nov 3, 2009 at 11:52 AM, Greg Schueler <g...@controltier.com
> >>>> > wrote:
> >>>> here are 3.4.9 rpms for testing:
>
> >>>> ctier-server-3.4.9-1.noarch.rpm
>
> >>>> ctier-client-3.4.9-1.noarch.rpm
>
> >>>> I also created a document to describe installation using these  
> >>>> files:
>
> >>>>http://wiki.controltier.org/wiki/RPM_installer
>
> >>>> <ctier-client-3.4.9.spec><ctier-server-3.4.9.spec>
>
> >>> Anthony Shortland
> >>> [ Professional Services | DTO Solutions, Inc. | mobile:  
> >>> 650.215.3117 aim: anthony.shortl...@me.com yahoo:  
> >>> anthony.shortland irc.freenode.net: #controltier skype:  
> >>> anthony.shortland ]
>
> >>> ControlTier Software Inc. is now DTO Solutions Inc. The  
> >>> ControlTier open source project remains:http://www.controltier.org
>
> >> Anthony Shortland
> >> [ Professional Services | DTO Solutions, Inc. | mobile:  
> >> 650.215.3117 aim: anthony.shortl...@me.com yahoo: anthony.shortland irc.freenode.net
> >> : #controltier skype: anthony.shortland ]
>
> >> ControlTier Software Inc. is now DTO Solutions Inc. The ControlTier  
> >> open source project remains:http://www.controltier.org
>
> > Anthony Shortland
> > [ Developer | ControlTier Open Source Project | mobile: 650.215.3117  
> > aim: anthony.shortl...@me.com yahoo: anthony.shortland irc.freenode.net

Anthony Shortland

unread,
Nov 8, 2009, 7:49:31 PM11/8/09
to contr...@googlegroups.com
Agreed.

Greg Schueler

unread,
Nov 9, 2009, 11:42:35 AM11/9/09
to contr...@googlegroups.com
Ok, looks like /opt/ctier was getting 2775 perms, I will fix that.
Reply all
Reply to author
Forward
0 new messages