[mirror-admin] MirrorManager ACL is useless
Jan Kasprzak
kas at fi.muni.cz
Mon Nov 7 14:59:57 EST 2011
Matt Domsch wrote:
: On Mon, Nov 7, 2011 at 1:37 PM, Jan Kasprzak <kas at fi.muni.cz> wrote:
: > Hello,
: >
: > has anybody actually looked at the mirrormanager ACL file
: > at https://admin.fedoraproject.org/mirrormanager/rsync_acl ?
: > I think it is pretty unusable as a list of Tier 2 mirrors
: > which can be allowed to access the pre-bitflip content.
: > It contains whatever the mirror owners decide to put into
: > mirrormanager: I can probably add something like
: >
: > \n[hiddenmodule]\npath=/\nuid=root\ngid=root\nread only=no\n
: >
: > there and get the full access to the whole file system of those
: > mirrors who are "brave enough" to include this list in their rsyncd.conf.
: > The input is not sanitized in any way. It contains empty lines,
: > several rsync:// urls, several /24 prefixes, a /15 prefix,
: > and two /8 prefixes.
: >
: > Some time ago I wanted to use it for my pre-bitflip data module,
: > but after looking at it I have decided to maintain the list of
: > downstream Tier-2 mirrors for my site manually.
:
: This is all true. It simply passes through what any mirror admin may
: wish to put there, and anyone with a FAS account can create a mirror
: entry in MM. It certainly needs to be sanitized before use, but as I
: haven't spent any time thinking about what a sanitized list there
: would look like, and it wasn't really being used, it's been a low
: priority thought process (at best).
OK. Personally, I have no problem with that. I just wanted it
to be stated explicitly, as from time to time I see posts containing the
"I use the ACL from MirrorManager" statement on this list (in fact,
wgetting the list and including it in rsyncd.conf has been recommended
here even today).
-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list. --Alan Cox
--
More information about the Mirror-admin
mailing list