Last modified: 2014-04-04 16:38:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T65505, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 63505 - Revoke permission to plain users to modify files underneath /a/squid on stats1002
Revoke permission to plain users to modify files underneath /a/squid on stats...
Status: RESOLVED FIXED
Product: Analytics
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-03 22:54 UTC by christian
Modified: 2014-04-04 16:38 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description christian 2014-04-03 22:54:45 UTC 
From time to time, people by accident modify files underneath /a/squid.

While rsync will typically fix the problem the next day, the ability to
write to /a/squid is typically unneeded and got in the way at least
twice in the past two months.

Removing write privileges from the wikidev group underneath /a/squid,
would make sure we no longer can accidentally modify those files and
thereby make sure we no longer can accidentally break jobs of others.
Comment 1 Bingle 2014-04-03 22:55:24 UTC 
Prioritization and scheduling of this bug is tracked on Mingle card https://wikimedia.mingle.thoughtworks.com/projects/analytics/cards/cards/1525
Comment 2 Oliver Keyes 2014-04-03 22:57:00 UTC 
Seems reasonable; sorry for being the source of this problem.
Comment 3 christian 2014-04-03 23:20:52 UTC 
(In reply to Oliver Keyes from comment #2)
> sorry for being the source of this problem.

Meh. You're not the "source of this problem".
Permissions are to lax. That's the problem.
We shouldn't have permission to write to those files in
first place. Why would we need to?

And just to avoid doubt ... several people accidentally modified
those files before today. So there's company :-D
Comment 4 Toby Negrin 2014-04-04 07:12:58 UTC 
Is this something ops can fix? Seems like something we can do.
Comment 5 Gerrit Notification Bot 2014-04-04 12:45:28 UTC 
Change 123855 had a related patch set uploaded by QChris:
Remove group writability for analitycs files /a/squid, and /a/log

https://gerrit.wikimedia.org/r/123855
Comment 6 christian 2014-04-04 12:56:11 UTC 
(In reply to Toby Negrin from comment #4)
> Is this something ops can fix?

Ops can fix any issues :-D

> Seems like something we can do.

Yes, as with most system related tasks around analytics, ottomata has
nicely puppetized them, and so anybody can do it. Even we plain devs
can try.

And since discussing such responsibilities is more time consuming, then
fixing them, I took a first stab at it in change 123855.
Comment 7 Toby Negrin 2014-04-04 13:00:17 UTC 
great -- thanks Christian.
Comment 8 Gerrit Notification Bot 2014-04-04 13:17:54 UTC 
Change 123855 merged by Ottomata:
Remove group writability for analitycs files /a/squid, and /a/log

https://gerrit.wikimedia.org/r/123855
Comment 9 christian 2014-04-04 16:38:21 UTC 
The relevant files in

  /a/squid/archive/zero
  /a/squid/archive/api
  /a/squid/archive/sampled
  /a/squid/archive/edits
  /a/squid/archive/mobile
  /a/log/webrequest/mobile
  /a/log/webrequest/zero

on stat1002 are now no longer group writable.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links