From time to time, people by accident modify files underneath /a/squid.
While rsync will typically fix the problem the next day, the ability to
write to /a/squid is typically unneeded and got in the way at least
twice in the past two months.
Removing write privileges from the wikidev group underneath /a/squid,
would make sure we no longer can accidentally modify those files and
thereby make sure we no longer can accidentally break jobs of others.
Version: unspecified
Severity: normal
bingle-admin wrote:
Prioritization and scheduling of this bug is tracked on Mingle card https://wikimedia.mingle.thoughtworks.com/projects/analytics/cards/cards/1525
(In reply to Oliver Keyes from comment #2)
sorry for being the source of this problem.
Meh. You're not the "source of this problem".
Permissions are to lax. That's the problem.
We shouldn't have permission to write to those files in
first place. Why would we need to?
And just to avoid doubt ... several people accidentally modified
those files before today. So there's company :-D
Change 123855 had a related patch set uploaded by QChris:
Remove group writability for analitycs files /a/squid, and /a/log
(In reply to Toby Negrin from comment #4)
Is this something ops can fix?
Ops can fix any issues :-D
Seems like something we can do.
Yes, as with most system related tasks around analytics, ottomata has
nicely puppetized them, and so anybody can do it. Even we plain devs
can try.
And since discussing such responsibilities is more time consuming, then
fixing them, I took a first stab at it in change 123855.
Change 123855 merged by Ottomata:
Remove group writability for analitycs files /a/squid, and /a/log
The relevant files in
/a/squid/archive/zero /a/squid/archive/api /a/squid/archive/sampled /a/squid/archive/edits /a/squid/archive/mobile /a/log/webrequest/mobile /a/log/webrequest/zero
on stat1002 are now no longer group writable.