Last modified: 2014-04-04 16:38:21 UTC
From time to time, people by accident modify files underneath /a/squid. While rsync will typically fix the problem the next day, the ability to write to /a/squid is typically unneeded and got in the way at least twice in the past two months. Removing write privileges from the wikidev group underneath /a/squid, would make sure we no longer can accidentally modify those files and thereby make sure we no longer can accidentally break jobs of others.
Prioritization and scheduling of this bug is tracked on Mingle card https://wikimedia.mingle.thoughtworks.com/projects/analytics/cards/cards/1525
Seems reasonable; sorry for being the source of this problem.
(In reply to Oliver Keyes from comment #2) > sorry for being the source of this problem. Meh. You're not the "source of this problem". Permissions are to lax. That's the problem. We shouldn't have permission to write to those files in first place. Why would we need to? And just to avoid doubt ... several people accidentally modified those files before today. So there's company :-D
Is this something ops can fix? Seems like something we can do.
Change 123855 had a related patch set uploaded by QChris: Remove group writability for analitycs files /a/squid, and /a/log https://gerrit.wikimedia.org/r/123855
(In reply to Toby Negrin from comment #4) > Is this something ops can fix? Ops can fix any issues :-D > Seems like something we can do. Yes, as with most system related tasks around analytics, ottomata has nicely puppetized them, and so anybody can do it. Even we plain devs can try. And since discussing such responsibilities is more time consuming, then fixing them, I took a first stab at it in change 123855.
great -- thanks Christian.
Change 123855 merged by Ottomata: Remove group writability for analitycs files /a/squid, and /a/log https://gerrit.wikimedia.org/r/123855
The relevant files in /a/squid/archive/zero /a/squid/archive/api /a/squid/archive/sampled /a/squid/archive/edits /a/squid/archive/mobile /a/log/webrequest/mobile /a/log/webrequest/zero on stat1002 are now no longer group writable.