Page MenuHomePhabricator
Create Task
Maniphest T95554

Identify possibly problematic file ownership on the NFS filesystems
Closed, ResolvedPublic
Actions

Description

In preparation for disabling idmap, inventory files on the NFS filesystem which are not currently owned by (a) root or (b) a uid that is known to be unique accross all instances because it comes from LDAP.

Plausible problematic uids are those managed by apt from a package, which vary depending on the order and set of installed packages.

Once the list of problematic files is extracted, contact project owners with the list for remediation.

Identified outliers:
project deployment-prep:

uid 48
    /home/anomie/.mweval_history
    /data/project/hhvm-cores/
uid 101 (probably syslog)
    /data/project/deployment-salt/log/
    /data//project/hhvm-cores/
uid 103 (also syslog on another system?)
    /data/project/deployment-salt/log/
uid 105 (perhaps another syslog?)
    /data/project/deployment-salt/log/
uid 107
    /data/project/deployment-salt/log/ntpstats/
uid 111
    /data/project/deployment-salt/log/diamond/

project testlabs:

uid 101 (probably syslog)
    /home/syslog 101

project integration:

uid 103 (maybe ssl-certs?)
    /home/yuvipanda

project puppet:

uid 106 (maybe ssl-certs?)
    /home/faidon/certs-bck
uid 110 (mysql?)
    /home/mysql

project wdq-mm:

uid 111
    /data/project/wdq
uid 112
    /home/magnus/replica.my.cnf

project mobile:

uid 113 (mysql?)
    /srv/project/mobile/home/backup-mysql

project orgcharts:

uid 113
    /data/project/olddb/other/

project phabricator:

uid 113
    /home/vcs-user 113

project tools:

uid 113
    /data/project/incolabot/.old/

project wikidata-query:

uid 113 (mysql?)
    /home/mysql
    * Also, do not put a mysql database on NFS

project catgraph:

uid 114
    /home/catgraph.catgraph/elasticsearch/

project gerrit:

uid 114
    /data/project/phabricator-elastic/elasticsearch/

project mediawiki-api:

uid 114
    /home/graphoid/

project shinken:

uid 114
    /home/testakos/

project video:

uid 99
    /data/project/old-cruft-deleteme/

Related Objects
Search...

Event Timeline

coren created this task.Apr 9 2015, 3:06 PM
coren claimed this task.
coren raised the priority of this task from to High.
coren updated the task description. (Show Details)
coren added projects: Labs-Q4-Sprint-1, Labs-Q4-Sprint-2, ToolLabs-Goals-Q4, Cloud-Services.
coren added subscribers: Andrew, yuvipanda, coren.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 9 2015, 3:06 PM
coren moved this task from Backlog to Doing on the Labs-Q4-Sprint-2 board.Apr 9 2015, 3:12 PM
coren added a comment.Apr 10 2015, 3:51 AM

project deployment-prep:

uid 48
    /home/anomie/.mweval_history
    /data/project/hhvm-cores/
uid 101 (probably syslog)
    /data/project/deployment-salt/log/
    /data//project/hhvm-cores/
uid 103 (also syslog on another system?)
    /data/project/deployment-salt/log/
uid 105 (perhaps another syslog?)
    /data/project/deployment-salt/log/
uid 107
    /data/project/deployment-salt/log/ntpstats/
uid 111
    /data/project/deployment-salt/log/diamond/

project testlabs:

uid 101 (probably syslog)
    /home/syslog 101

project integration:

uid 103 (maybe ssl-certs?)
    /home/yuvipanda

project puppet:

uid 106 (maybe ssl-certs?)
    /home/faidon/certs-bck
uid 110 (mysql?)
    /home/mysql

project wdq-mm:

uid 111
    /data/project/wdq
uid 112
    /home/magnus/replica.my.cnf

project mobile:

uid 113 (mysql?)
    /srv/project/mobile/home/backup-mysql

project orgcharts:

uid 113
    /data/project/olddb/other/

project phabricator:

uid 113
    /home/vcs-user 113

project tools:

uid 113
    /data/project/incolabot/.old/

project wikidata-query:

uid 113 (mysql?)
    /home/mysql
    * Also, do not put a mysql database on NFS

project catgraph:

uid 114
    /home/catgraph.catgraph/elasticsearch/

project gerrit:

uid 114
    /data/project/phabricator-elastic/elasticsearch/

project mediawiki-api:

uid 114
    /home/graphoid/

project shinken:

uid 114
    /home/testakos/

project video:

uid 99
    /data/project/old-cruft-deleteme/
yuvipanda added a comment.Apr 10 2015, 5:22 AM

Is that all? if so w00t :D

coren added a comment.Apr 10 2015, 12:31 PM

It's all, execpt for the 9.4 million files owned by www-data which - while not puppetized or in ldap - is stable between instances.

coren moved this task from Doing to Code Review / Blocked on the Labs-Q4-Sprint-2 board.Apr 10 2015, 6:28 PM
coren closed this task as Resolved.Apr 10 2015, 6:32 PM

The list is made, and labs-announce notified; since none of those will break for now, there is no point in keeping the ticket open.

coren updated the task description. (Show Details)Apr 10 2015, 6:33 PM
coren set Security to None.
coren moved this task from Code Review / Blocked to Done on the Labs-Q4-Sprint-2 board.
Nikerabbit mentioned this in T95764: [InTense] Create service group for repolibrary user.Apr 10 2015, 9:16 PM
Negative24 subscribed.Apr 11 2015, 4:21 AM
Negative24 mentioned this in T95982: Stabilize vcs-user owned files and directories in Phab-02.Apr 14 2015, 2:38 AM
yuvipanda moved this task from Backlog to Tech Debt / Simplification on the ToolLabs-Goals-Q4 board.Apr 15 2015, 8:28 AM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:52 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL