>> By the way, a little bit irritated I was about the large number of mirrored >> rules tarballs (currently 4413 ones, the oldest from Februar 2007) and the >> inhomogeneous and at least to me somewhat unexpected file permissions >> (partly "write" flag for owner removed, partly "write" flag also for group >> set, partly "execute" flag set for owner or even owner, group and other). >> >> Regards >> >> Jens > > I too would like to clean up old unused rulesets but Kevin says this causes > some problems. I would think that if there are no DNS entries pointing to > the ruleset, it should no longer be needed and could be cleaned up from the > mirrors. Still it's only ~330 MB so not a big deal.
I had exactly the same thought, concluding with the ultimate size being too small to stress about. > The scripts that generate the rulesets set the perms. I can look at updating > the scripts to change the perms but this doesn't hurt anything or cause a > security risk, Today there is no direct risk, but I’m not comfortable with unneeded +x. Luckily you can override the permissions and owner with rsync, if you desire. Currently I am using this: --perms --chmod=Dg+s,ug+r,Fu-x,Fog-wx --owner --group --chown=www-data:www-data —owner and —perms are redundant with -a, but I prefer to avoid -a and explicitly define my options. It’s probably not quite ideal, but it’s tuned for another mirror I run and for the moment consistency was worth more than simplifying it to the exact permissions needed here. Not that it should matter, but I also randomized my execution times, but it will run an average of every 10 minutes. If this causes issues, I can switch back to running on the 0s, it just avoids having too many background jobs all run at the same time.
