Community
Participate
Working Groups
similar to bug 374704 and bug 300296 I think the permissions for /shared/eclipse directory (and everything below it) needs some attention. What really stands out is are the "common" group owners. But, I think the right group, for everything there should be eclipse.platform.releng. I see some that are "user" (I forget what that is) and I also see eclipse.e4. Is that one all the committers in e4 proper? (the permanent incubator?). And, of course the e4Build id itself needs to have user/group rwx permissions via ACL (if I'm remembering right ... but, I admit my head is spinning right now). and the GUID set and Default ACLs and ACLs for those already over 16 groups ... Only "issue" I see is that Bogdan (gheorghe) is involved with builds, but don't see him in eclipse.platform.releng, just eclipse.e4. Not sure if he uses this directory or not, so will CC him. I think this a little less urgent than the "downloads server" problem, since that is "public" ... but should get straighted out eventually.
in particular, can you add me (soon) to acl of /shared/eclipse, my 'david_williams' id, that is. I can not created a new directory under that, such as /shared/eclipse/eclipse4 (says permission denied) Also please add e4Build id to ACL. If there is anything I can/should do myself to fix this, please let me know. current ACL looks like: $ getfacl ../eclipse # file: ../eclipse # owner: kmoir # group: eclipse.platform.releng user::rwx user:hudsonBuild:rwx group::rwx mask::rwx other::r-x default:user::rwx default:user:hudsonBuild:rwx default:group::rwx default:mask::rwx default:other::r-x
David you are a member of eclipse.platform.releng so you should have access here. e4Build@build:/shared/eclipse> groups david_williams david_williams : common webtools tools signers callistoadmin callisto-dev tools.orbit technology.packaging webtools.incubator webtools.all webtools.common webtools.datatools webtools.ejbtools webtools.jeetools webtools.releng webtools.servertools webtools.sourceediting webtools.webservices eclipse.platform eclipse.platform.releng
(In reply to comment #2) > David you are a member of eclipse.platform.releng so you should have access > here. Yeah, you'd think. But none the less, "permission denied" ... and from memory, there are some suse linux limits to "number of groups a user can belong to" and that limit is 16 (and webmasters would prefer not to rebuild the kernel with a higher setting, understandably) ... I'm a member of 20 groups ... I've no idea if this gives me permissions to the _first_ 16 .. or some random list ... or none ... but, its a common problem for me (and Kim :) In this case, I can do work there in /shared/eclipse/e4 directory as e4Build user, but ... as a best practice ... work-work should be done under committer ID, and e4Build reserved for actually "running builds" (as much as practical).
Sorry about the delay. I've made you the owner, and added the Acls as well. -M.
Almost there .... Can you set chmod 2775 /shared/eclipse ? I've tried, and don't seem to have the ability too. Just as well do it recursively while you are at it :) chmod -R 2775 /shared/eclipse I think after doing that, might be the time to set default ACL(s)? Since then will pick up what is already set? I notice in "webtools" it has a special field "flags" which looks related to guid bit, but I could find no way or documentation on how to set it in acls. $ getfacl /shared/webtools getfacl: Removing leading '/' from absolute path names # file: shared/webtools # owner: wtpBuild # group: webtools.releng # flags: -s- No such "flags" for /shared/eclipse $ getfacl /shared/eclipse getfacl: Removing leading '/' from absolute path names # file: shared/eclipse # owner: david_williams # group: eclipse.platform.releng Well, the above is I think the "solution" .... the problem is that I can now create a directory "eclipse4" but it is given default group of "common" instead of desired eclipse.platform.releng. And, if I tried "chgrp" it said "permission denied" I guess because a different group owned directory? For what its worth, I have tried, changing guid bit myself, and it reports it is changing it, but it really doesn't: $ chmod -c 2775 /shared/eclipse mode of `/shared/eclipse' changed to 2775 (rwxrwsr-x) [21:37:02] david_williams@build:/opt/public/eclipse $ ll -d /shared/eclipse drwxrwxr-x+ 9 david_williams eclipse.platform.releng 4K 2012-04-02 21:33 /shared/eclipse/ Thanks
Also, you'll need to add e4Build to all of /shared/eclipse setfacl -R -m u:e4Build:rwx /shared/eclipse I believe it is.
Darn typos. Fixed. -M.
I _am_ sorry to be such a pain, but still not right. Perhaps I wrote too much in comment 5? e4Build is there and working, that's good. Thanks. But, still does not set and inherit "group" owners correctly. With 'david_williams' I created "testdir" and the group owner is "common". With 'e4Build' I created "test2dir" and the group owner is "user". Just like normal. But The group owner of all directories beginning with /shared/eclipse and under it needs to be "eclipse.platform.releng" and any new directories created need to inherit that group owner of "eclipse.platform.releng". Hence, after changing group owner, recursively, then the GUID bit needs to be set on /shared/eclipse, recursively, so that the group owner of all _new_ directories ends up being "eclipse.platform.releng". And then, I think, the acl needs to be changed, for all directories, for "group" and "default group" to simply "modify" them (to exactly what they are now) and then, I think, that step causes them to auto-magically drag along the "-s-" flag for the ACLs too. I'm half guessing ... maybe you could guess on the other half and together we'd be right? :)
I've updated the setgid bit. I've verified that the default group on creation is eclipse.platform.releng for both David and e4Build(and root). -M.
confirmed. Thanks so much!
