Am 19.11.2015 um 00:57 schrieb Ian Malone:
On 18 November 2015 at 23:38, Reindl Harald <h.rei...@thelounge.net> wrote:Am 18.11.2015 um 19:49 schrieb Adam Jackson:On Tue, 2015-11-17 at 17:30 +0000, Andrew Haley wrote:On 11/02/2015 03:05 PM, Adam Jackson wrote:But, why take the risk exposure, when you could simply not?How else would I edit root-owned files? I don't get it. I mean, I guess I could run an editor in a text window, but I don't want to do that.That's kind of a non sequitur. To a first order, there are zero root- owned files you need to edit routinely. And I feel pretty comfortable calling any counterexamples bugs that need fixinghopefully all configuration files on your system are root-owned and "routinely" is not black and white because it depens on your use-cases as serveradmin you *routinely* edit root-owned files and *yes* i pull them from 35 machines to a dedicated admin server and open them all together in a GUI editor with tabs to make changes i want to have on all servers while the file itself is machine specific why? because it's much faster than login to each and every machine when i can pull them with a script, edit them centralized and push them back followed by a "distribute-command 'systemctl condrestart affected-service'" and it saves a ton of overhead for configuration management tools with their own security issues all the timeTechnically if doing this then the editing only needs to be done as the owner of the copies and it's the process of copying them back that requires root permission on the target machine
technically i prefer using my "rsync.sh" for any file operationsjust to be sure all permissions, extended attributes and so on are correct, /etc/passwd and /etc/groups have the same IDs everywhere
[root@buildserver:~]$ cat /usr/local/bin/rsync.sh #!/usr/bin/bash # -z compress # -t timestamps # -P progress # -r recursive # -l links # -H hard-links # -p permissions # -o owner # -g group # -E executability # -A acls # -X xtended attributes # Sicherstellen dass Source UND Target uebergeben wurden if [ "$1" == "" ] || [ "$2" == "" ] || [ "$1" == "$2" ]; then echo "USAGE: rsync.sh <source> <target> [bwlimit]" exit fi # Standard-ParameterRSYNC_PARAMS="--no-motd --force --delete-after --devices --specials -tPrlpogEAX"
# Wenn in einem der beiden Paramneter ein @ vorkommt Komprimierung einschalten
# Ansonsten handelt es sich um zwei lokale Ordner und rsync wuerde die # Daten ohne Sinn komprimieren if [ `grep '@' <<< "$1"` ] || [ `grep '@' <<< "$2"` ]; thenRSYNC_PARAMS="--compress --sockopts=SO_SNDBUF=32768,SO_RCVBUF=32768 $RSYNC_PARAMS"
fi if [ "$3" != "" ]; then RSYNC_PARAMS="--bwlimit=$3 $RSYNC_PARAMS" fi # Eigentliches Kommando ausfuehren nice -n 19 rsync $RSYNC_PARAMS --rsync-path='nice -n 19 rsync' "$1" "$2"
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
