From owner-freebsd-rc@FreeBSD.ORG Sun May 1 08:19:39 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BFA31065672 for ; Sun, 1 May 2011 08:19:39 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by mx1.freebsd.org (Postfix) with ESMTP id C8AFE8FC0A for ; Sun, 1 May 2011 08:19:38 +0000 (UTC) Received: from mail2.siemens.de (localhost [127.0.0.1]) by goliath.siemens.de (8.13.6/8.13.6) with ESMTP id p418JVMK019647; Sun, 1 May 2011 10:19:31 +0200 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130]) by mail2.siemens.de (8.13.6/8.13.6) with ESMTP id p418JV2i002126; Sun, 1 May 2011 10:19:31 +0200 Received: (from localhost) by curry.mchp.siemens.de (8.14.4/8.14.4) id p418JVXu007886; Date: Sun, 1 May 2011 10:19:30 +0200 From: Andre Albsmeier To: Jason Hellenthal Message-ID: <20110501081930.GA14448@curry.mchp.siemens.de> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110430213157.GC5660@DataIX.net> X-Echelon: X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.20 (2009-06-14) Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2011 08:19:39 -0000 On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: > > Andre, > > By default snapshots directories are hidden and treated as a virtual Is it possible to hide snapshots directories in UFS? -Andre > directory. By enabling the snapshots directory as not hidden you subject > yourself to the following behavior. > > As for a knob to tune the search for the rc.d scripts you mentioned the > knob is already provided via zfs(1) zpool(1) through the properties. > > zfs set snapdir=hidden | visible tank/dataset > zpool set listsnaps=on | off tank > > Please use these at your will to tune the system to ignore the > directories in question. > > PS: Leaving snap directories hidden does not mean that they are not > available for regular use. ( cd /path/to/.snap/... ) still works as > expected. > > On Sat, Apr 30, 2011 at 12:25:21PM +0200, Andre Albsmeier wrote: > >I have noticed that "periodic weekly" started to consume more > >and more time on some of my machines. The reason is the amount > >of snapshots that are used at my site, e.g., on one machine I > >have two file systems: > > > >/dev/ccd0 544G 266G 235G 53% /people > >/dev/ccd1 556G 372G 140G 73% /share > > > >which hold these snapshots: > > > >/dev/md12 544G 241G 259G 48% /people/.snap/@GMT-2011.04.26-03.15.04 > >/dev/md13 544G 241G 259G 48% /people/.snap/@GMT-2011.04.27-03.15.04 > >/dev/md14 544G 236G 264G 47% /people/.snap/@GMT-2011.04.28-03.15.03 > >/dev/md15 544G 240G 260G 48% /people/.snap/@GMT-2011.04.29-03.15.03 > >/dev/md16 544G 238G 263G 47% /people/.snap/@GMT-2011.04.30-03.15.04 > >/dev/md17 544G 241G 259G 48% /people/.snap/@GMT-2011.04.23-03.15.01 > >/dev/md18 544G 239G 261G 48% /people/.snap/@GMT-2011.04.16-03.15.01 > >/dev/md22 556G 344G 167G 67% /share/.snap/@GMT-2011.04.26-03.28.32 > >/dev/md23 556G 344G 167G 67% /share/.snap/@GMT-2011.04.27-03.28.26 > >/dev/md24 556G 344G 167G 67% /share/.snap/@GMT-2011.04.28-03.28.42 > >/dev/md25 556G 341G 170G 67% /share/.snap/@GMT-2011.04.29-03.29.12 > >/dev/md26 556G 343G 168G 67% /share/.snap/@GMT-2011.04.30-03.26.48 > >/dev/md27 556G 344G 167G 67% /share/.snap/@GMT-2011.04.23-03.27.33 > >/dev/md28 556G 341G 170G 67% /share/.snap/@GMT-2011.04.16-03.27.39 > >/dev/md29 556G 337G 175G 66% /share/.snap/@GMT-2011.04.09-03.22.01 > > > >For our purpose, the weekly maintainance is not desired on > >the snapshots. Of course, it might be possible to modify the > >behaviour of > > > >310.locate > >340.noid > > > >by tweaking /etc/locate.rc or weekly_noid_dirs which would > >be rather annoying since this would have to be done on > >every machine individually due to their different filesystem > >names (and pretty sure will be forgotten when fss are added > >or removed). > > > >One condition that would match everything (at least in my case) > >would be to restrict the work of 310.locate and 340.noid on > >filesystems which are not mounted readonly. > > > >So what would people think about a knob that restricts at least > >these two scripts (maybe there are more candidates) from letting > >find(1) decend into rdonly filesystems? Of course, this knob would > >default to "off" and could be set in periodic.conf and/or locate.rc > >individually... > > > > -- > > Regards, (jhell) > Jason Hellenthal > -- Windows NT Multitasking: Messing up several things at once. From owner-freebsd-rc@FreeBSD.ORG Mon May 2 02:59:50 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73893106566B for ; Mon, 2 May 2011 02:59:50 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 28BE08FC0C for ; Mon, 2 May 2011 02:59:49 +0000 (UTC) Received: by iyj12 with SMTP id 12so6174905iyj.13 for ; Sun, 01 May 2011 19:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=YkrgFnSqhcpyrerk0FVGSczhFhGoshJk4400wUjKWYc=; b=BIAijDG4Q6NHqNUXp4M/ugcCb/JFN714gCGjbzsOn/9v/HnwNdMm5EMaFiEpTmRQDt sdhryDjiLRw1OzOkt4DHvFGPYwPmPeD2EHDJ/R0DdcJU+bMj00WEzJADQKbz3xCaxUls abz/s863qxWWGVPazjDH3J6bvNK8IsAP7lNKk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=a/pBypZtYc48e7rpakVrMkVi9uRKdJ2b5DKBba8LC9MD+66dw/ASIC3XjBOqZOjpCV 1GLgu9nyjyRi4LoylTZrNWaWO96bWtT9+keU03tzDO2ynv0pPBqD67ZGQ0fS9iNmYdOl 5s+b6y99pmbKhx6X/e8wL7plm+VmN/UZLhx3k= Received: by 10.43.131.130 with SMTP id hq2mr8131659icc.90.1304305189517; Sun, 01 May 2011 19:59:49 -0700 (PDT) Received: from DataIX.net (adsl-99-190-84-116.dsl.klmzmi.sbcglobal.net [99.190.84.116]) by mx.google.com with ESMTPS id xe15sm1979835icb.8.2011.05.01.19.59.47 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 01 May 2011 19:59:48 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p422xiW8036688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 1 May 2011 22:59:45 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p422xhSh036684; Sun, 1 May 2011 22:59:43 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Sun, 1 May 2011 22:59:42 -0400 From: Jason Hellenthal To: Andre Albsmeier Message-ID: <20110502025942.GA31396@DataIX.net> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> <20110501081930.GA14448@curry.mchp.siemens.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <20110501081930.GA14448@curry.mchp.siemens.de> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 02:59:50 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andre, On Sun, May 01, 2011 at 10:19:30AM +0200, Andre Albsmeier wrote: >On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: >>=20 >> By default snapshots directories are hidden and treated as a virtual > >Is it possible to hide snapshots directories in UFS? > Snapshot directories on UFS are treated differently than they are in ZFS. UFS snapshot directories live as the base of the filesystem and are not auto-mounted perse when you cd(1) into them so therefore there isn't a need to hide them because they cannot be traversed. --=20 Regards, (jhell) Jason Hellenthal --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNvh4eAAoJEJBXh4mJ2FR+BesH/08X4GR2G7RJT70hHwZEeelt DCI/1EuiLCfmi0lPvhnP5cMSUT7cBbPmUTvFw/essIq4JS4+r3bWpp3kUsohIm6Y vCVM9BEw0TOD50wf4mQoff0NpZ9Ip6/1v5IKLwONSfXN9rv7EBbJJO7taD4kmkJ4 brYHTXeuyf+rQPuw3y2xGBO4gEuMk3ogc5LHXvH4if1J/YeR2lxyqt38wyZAcOf1 aRPQd2oopVeTUTcT1HwORNYUZ5fT8WQPbXngkq9PXQEQ4F+6nvTiR8vGi7+rbUZ1 6Ogm+/56aBAQ6COaqhaXlQBfJn2BBO22fJBNCOUygWa9cu/VEDAZdx9pGaePyoI= =kx5I -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From owner-freebsd-rc@FreeBSD.ORG Mon May 2 05:27:44 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C6DA106566C for ; Mon, 2 May 2011 05:27:44 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by mx1.freebsd.org (Postfix) with ESMTP id D7BC88FC12 for ; Mon, 2 May 2011 05:27:43 +0000 (UTC) Received: from mail3.siemens.de (localhost [127.0.0.1]) by goliath.siemens.de (8.13.6/8.13.6) with ESMTP id p425Retv008350; Mon, 2 May 2011 07:27:40 +0200 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130]) by mail3.siemens.de (8.13.6/8.13.6) with ESMTP id p425Rehq026913; Mon, 2 May 2011 07:27:40 +0200 Received: (from localhost) by curry.mchp.siemens.de (8.14.4/8.14.4) id p425ResC010171; Date: Mon, 2 May 2011 07:27:39 +0200 From: Andre Albsmeier To: Jason Hellenthal Message-ID: <20110502052739.GB20839@curry.mchp.siemens.de> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> <20110501081930.GA14448@curry.mchp.siemens.de> <20110502025942.GA31396@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110502025942.GA31396@DataIX.net> X-Echelon: X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.20 (2009-06-14) Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 05:27:44 -0000 On Mon, 02-May-2011 at 04:59:42 +0200, Jason Hellenthal wrote: > > Andre, > > > On Sun, May 01, 2011 at 10:19:30AM +0200, Andre Albsmeier wrote: > >On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: > >> > >> By default snapshots directories are hidden and treated as a virtual > > > >Is it possible to hide snapshots directories in UFS? > > > > Snapshot directories on UFS are treated differently than they are in > ZFS. UFS snapshot directories live as the base of the filesystem and are > not auto-mounted perse when you cd(1) into them so therefore there isn't a > need to hide them because they cannot be traversed. They are mounted and they have to be mounted (at least here). If they weren't mounted, people couldn't access them. That's why they are also being traversed by 310.locate and 340.noid. To summarise: - I use UFS. - My snapshots must be mounted. - They are being traversed by 310.locate and 340.noid. - I don't want the latter. To accomplish this, I can play around with (directory name dependent) exclusion lists for 310.locate and 340.noid. I could also implement a rdonly knob. -Andre From owner-freebsd-rc@FreeBSD.ORG Mon May 2 07:04:45 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B13141065670 for ; Mon, 2 May 2011 07:04:45 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 61F8E8FC0A for ; Mon, 2 May 2011 07:04:45 +0000 (UTC) Received: by iyj12 with SMTP id 12so6295091iyj.13 for ; Mon, 02 May 2011 00:04:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=lDIYK2eWHNSopxmW0ZZzvg9POLYIog4V2T4YMAbKUIA=; b=Pp4OfEJVGqHCOA0X5co+PMbg1+esFqNG919FDLgFlSiFuc9TNFt2jOZzeKDHxdRY6B MpVPspQbYDt3e61coZwgO5ODFxamP/E2amjLnAkeb2TBAaq6qz7fYhGUuEHLQLpCf1FN +sHbScVjE0c9XVemUsWBHxlSxWFexwmUfCFlo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=bsQO519R/K93h3InTyPvxU64VkXW5eD6rTu8ZAxuEGhlw80n99dLVwZLrt+cMmgWtq E9HgjDLuxNb5kDi+K6SSzK7tdPKmrOi7L8n7r+bt3jkWceth1qj3mMdJLy1f7Cn/yUmr fXs4DlFGSz5wLf607EH6cZ9GKufHu+HuahzBA= Received: by 10.231.114.41 with SMTP id c41mr5329527ibq.112.1304319884561; Mon, 02 May 2011 00:04:44 -0700 (PDT) Received: from DataIX.net (adsl-99-190-84-116.dsl.klmzmi.sbcglobal.net [99.190.84.116]) by mx.google.com with ESMTPS id f7sm2248797ibn.41.2011.05.02.00.04.42 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 May 2011 00:04:43 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p4274dWj036290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 May 2011 03:04:40 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p4274bBE036289; Mon, 2 May 2011 03:04:37 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Mon, 2 May 2011 03:04:37 -0400 From: Jason Hellenthal To: Andre Albsmeier Message-ID: <20110502070437.GB6066@DataIX.net> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> <20110501081930.GA14448@curry.mchp.siemens.de> <20110502025942.GA31396@DataIX.net> <20110502052739.GB20839@curry.mchp.siemens.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="E13BgyNx05feLLmH" Content-Disposition: inline In-Reply-To: <20110502052739.GB20839@curry.mchp.siemens.de> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 07:04:45 -0000 --E13BgyNx05feLLmH Content-Type: multipart/mixed; boundary="MW5yreqqjyrRcusr" Content-Disposition: inline --MW5yreqqjyrRcusr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andre, On Mon, May 02, 2011 at 07:27:39AM +0200, Andre Albsmeier wrote: >On Mon, 02-May-2011 at 04:59:42 +0200, Jason Hellenthal wrote: >>=20 >> Andre, >>=20 >>=20 >> On Sun, May 01, 2011 at 10:19:30AM +0200, Andre Albsmeier wrote: >> >On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: >> >>=20 >> >> By default snapshots directories are hidden and treated as a virtual >> > >> >Is it possible to hide snapshots directories in UFS? >> > >>=20 >> Snapshot directories on UFS are treated differently than they are in >> ZFS. UFS snapshot directories live as the base of the filesystem and are >> not auto-mounted perse when you cd(1) into them so therefore there isn't= a >> need to hide them because they cannot be traversed. > >They are mounted and they have to be mounted (at least here). If >they weren't mounted, people couldn't access them. That's why >they are also being traversed by 310.locate and 340.noid. To >summarise: > >- I use UFS. >- My snapshots must be mounted. >- They are being traversed by 310.locate and 340.noid. >- I don't want the latter. > >To accomplish this, I can play around with (directory name dependent) >exclusion lists for 310.locate and 340.noid. I could also implement >a rdonly knob. > Well for the case of 310.locate this is already of no concern since it can be finely tuned via /etc/locate.rc As for 340.noid I played around with that. It should have been modeled after 100.setuid but it wasn't. Also doesn't really provide any real useful information other than a filename on output. Attached is an adjustment to 340.noid that I think you will like and here is some sample output. $ sudo sh 340.noid Check for files with an unknown user or group: Directories, / -rw-r--r-- 1 404 404 0 May 2 02:44 /test2 -rw-r--r-- 1 root 404 0 May 2 02:52 /test3 -rw-r--r-- 1 404 wheel 0 May 2 02:53 /test4 After I finish this up I am going to propose a patch for both of 100.setuid and 340.noid so they can provide similiar output to the above. For now I have just attached the modified script as it has to unset the weekly_noid_dir variable before it brings in your local periodic configs otherwise it wouldn't have let the script function with your config. Ill write back with an update once that is finished. PS: You should be able to just drop the attachment into the following directories for it to take effect and then adjust the directories via weekly_noid_dir per your periodic.conf or periodic.conf.local /usr/src/etc/periodic/weekly /etc/periodic/weekly --=20 Regards, (jhell) Jason Hellenthal --MW5yreqqjyrRcusr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="340.noid" #!/bin/sh - # # $FreeBSD: stable/8/etc/periodic/weekly/340.noid 220107 2011-03-28 19:22:55Z dougb $ # # If there is a global system configuration file, suck it in. # if [ -r /etc/defaults/periodic.conf ] then . /etc/defaults/periodic.conf unset weekly_noid_dirs source_periodic_confs fi case "$weekly_noid_enable" in [Yy][Ee][Ss]) echo "" echo "Check for files with an unknown user or group:" MP="${weekly_noid_dirs:-`mount -t ufs,zfs |awk '{print $3}' |xargs`}" echo "Directories, $MP" find -sxH $MP /dev/null \ \( ! -fstype local -prune -or -name \* \) -and \ \( -nogroup -o -nouser \) |sed 's/^/ /' |\ xargs ls -l rc=$? ;; *) rc=0;; esac exit $rc --MW5yreqqjyrRcusr-- --E13BgyNx05feLLmH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNvleEAAoJEJBXh4mJ2FR+xMQH/jTxgNnvJBAp2b902hwFI7z2 FlI5vQHQH1f1RHFWxPrG2ma+ai8utpUZUR0h1Xo7kwvVOd8SdOf2FLyj53JHXB7g idTRNicQsRCqhjhzEFfvwRoKgviUL6xbfWeF+IKM01XRJcOLnlusJcSFCcTrfByq AHc7FV1W7pEnwRbp6Hi4w/vZCpzGHRWhg2rVD/B5pbLtvCv/mEw9S82QdblkB5D2 YgQFaBcCwoeSUeFMX1x6+natw9IzU9CfT5DGxDwx9lycAoE4qunMPaHTEoKpDGPf pw5UThZiS76UyDUfXjm746hcHu/xXPHdESPLpHzgBvqpUuizYo1VzZNXrFUfyYU= =e6pG -----END PGP SIGNATURE----- --E13BgyNx05feLLmH-- From owner-freebsd-rc@FreeBSD.ORG Mon May 2 08:30:46 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 572BF1065673 for ; Mon, 2 May 2011 08:30:46 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0B1588FC08 for ; Mon, 2 May 2011 08:30:45 +0000 (UTC) Received: by iyj12 with SMTP id 12so6341152iyj.13 for ; Mon, 02 May 2011 01:30:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=CrriIrkmyKe1erGuNxm2XLcNbILH/Xil5eP7gLvxXjA=; b=tiNGwBHKrmPbO1uXyv4dMEH3a1jo8g9FFuIJSvR+vKiLlCJlxELSxhRAL6y9oaB3Tb MvNuWRbR0W7pJ3wXbk0nU9cNqCoOUDfpE6oEqUREtKEIZDpdh5DW/qOV6atda0LVHKnq 8O6XeblLP3np2suznKU/Ec3CdVruERWKz52EQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=gCnlY32PaSvl7bP1QL59+2buldSuAoj5APlAJtm3q4IN1GZY2DyIiNB1396H8MawNe WJizdqcKzyPUfQKqBSLaPKXpEMt369SHWNvkt8AdTp24CfKTe8CbQdvQ3fUzMXEsN/MY p43MDKKAK7FiadglIUYe7r9yJWSrNyu+1DMdc= Received: by 10.42.130.198 with SMTP id w6mr7703549ics.149.1304325045039; Mon, 02 May 2011 01:30:45 -0700 (PDT) Received: from DataIX.net (adsl-99-190-84-116.dsl.klmzmi.sbcglobal.net [99.190.84.116]) by mx.google.com with ESMTPS id g16sm2268212ibb.54.2011.05.02.01.30.43 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 May 2011 01:30:44 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p428Uee9046250 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 2 May 2011 04:30:41 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p428Ueup046249; Mon, 2 May 2011 04:30:40 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Mon, 2 May 2011 04:30:39 -0400 From: Jason Hellenthal To: Andre Albsmeier Message-ID: <20110502083039.GC6066@DataIX.net> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> <20110501081930.GA14448@curry.mchp.siemens.de> <20110502025942.GA31396@DataIX.net> <20110502052739.GB20839@curry.mchp.siemens.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k4f25fnPtRuIRUb3" Content-Disposition: inline In-Reply-To: <20110502052739.GB20839@curry.mchp.siemens.de> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 08:30:46 -0000 --k4f25fnPtRuIRUb3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Andre, Give this a shot. http://patches.jhell.googlecode.com/hg/340.noid.patch Apply with ( patch -p1 -E < /path/to/340.noid.patch ) Then either copy the resulting script to where it needs to go and remove the old 340.noid or run one of mergemaster or etcupdate. This effectively pushes it to periodic/security/310.chknoid which makes a lot more sense than beeing in weekly as a non-security measure. Introduces: daily_status_security_chknoid_enable=3D"YES" daily_status_security_chknoid_dirs=3D"" By default it populates its directory list with zfs,ufs mountpoints and will not cross mountpoints as per '-x' options to find(1). On Mon, May 02, 2011 at 07:27:39AM +0200, Andre Albsmeier wrote: >On Mon, 02-May-2011 at 04:59:42 +0200, Jason Hellenthal wrote: >>=20 >> Andre, >>=20 >>=20 >> On Sun, May 01, 2011 at 10:19:30AM +0200, Andre Albsmeier wrote: >> >On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: >> >>=20 >> >> By default snapshots directories are hidden and treated as a virtual >> > >> >Is it possible to hide snapshots directories in UFS? >> > >>=20 >> Snapshot directories on UFS are treated differently than they are in >> ZFS. UFS snapshot directories live as the base of the filesystem and are >> not auto-mounted perse when you cd(1) into them so therefore there isn't= a >> need to hide them because they cannot be traversed. > >They are mounted and they have to be mounted (at least here). If >they weren't mounted, people couldn't access them. That's why >they are also being traversed by 310.locate and 340.noid. To >summarise: > >- I use UFS. >- My snapshots must be mounted. >- They are being traversed by 310.locate and 340.noid. >- I don't want the latter. > >To accomplish this, I can play around with (directory name dependent) >exclusion lists for 310.locate and 340.noid. I could also implement >a rdonly knob. > > -Andre --=20 Regards, (jhell) Jason Hellenthal --k4f25fnPtRuIRUb3 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNvmuvAAoJEJBXh4mJ2FR+7BIH/0EEL3p7PizcEQkizixpSugv Bf7NnVoDN/DDoCb0LxqoaLd2FdymXGslpCDO4D40Y8Arvgu8wVN2eIeA58Am+3mx LOHYgE48Ub49bx5jiaMBmHPUoLBL5ELGSRnXYTKL4eGNVHyFfBcWT4pgZhAO2ouN r5PZULrBzXHfegy/OHayP95o8J6+0WkYidQSSkRSTSAyldVGsQeQctVWZXs6ECYq kBe8llKT8ZpcT196PSrvS9OWI2pDzt7+p4qzba5khUQRCKQA8YFY4PBDc9KFNsdT KRLUvb0PHwD8yuRY/A7+46ouJoM0Ks+9mGApwYOAW41p0RoCUCH4zUVW/STcOPU= =wsEP -----END PGP SIGNATURE----- --k4f25fnPtRuIRUb3-- From owner-freebsd-rc@FreeBSD.ORG Mon May 2 11:07:06 2011 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7056E106566B for ; Mon, 2 May 2011 11:07:06 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 55E788FC1B for ; Mon, 2 May 2011 11:07:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p42B767b064195 for ; Mon, 2 May 2011 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p42B75mk064193 for freebsd-rc@FreeBSD.org; Mon, 2 May 2011 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 May 2011 11:07:05 GMT Message-Id: <201105021107.p42B75mk064193@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 11:07:06 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/154554 rc [rc.d] [patch] statd and lockd fail to start o conf/153666 rc [rc.d][patch] mount filesystems from fstab over zfs da o conf/153200 rc post-boot /etc/rc.d/network_ipv6 start can miss neighb o conf/153123 rc [rc] [patch] add gsched rc file to automatically inser o conf/152784 rc services provide himself instead providing class of se o conf/151063 rc [rc.subr] Verify network link and packet flow before s o conf/150752 rc [rc.subr] [patch] be not needed to eval $_pidcmd on re o conf/150474 rc [patch] rc.d/accounting: Add ability to set location o o conf/149867 rc [PATCH] rc.d script to manage multiple FIBS (kern opti o conf/149831 rc [PATCH] add support to /etc/rc.d/jail for delegating Z o conf/148656 rc rc.firewall(8): {oip} and {iip} variables in rc.firewa o conf/147685 rc [rc.d] [patch] new feature for /etc/rc.d/fsck o conf/147444 rc [rc.d] [patch] /etc/rc.d/zfs stop not called on reboot o conf/146053 rc [patch] [request] shutdown of jails breaks inter-jail o conf/145445 rc [rc.d] error in /etc/rc.d/jail (bad logic) o conf/145440 rc [rc.d] [patch] add multiple fib support (setfib) in /e o conf/145399 rc [patch] rc.d scripts are unable to start/stop programs o conf/145344 rc [patch] Fix kitchen sink approach for rc.d scripts ins o conf/145009 rc [patch] rc.subr(8): rc.conf should allow mac label con o conf/144213 rc [rc.d] [patch] Disappearing zvols on reboot o conf/143637 rc [patch] ntpdate(8) support for ntp-servers supplied by o conf/143085 rc [patch] ftp-proxy(8) rc(8) with multiple instances o conf/143084 rc [jail] [patch]: fix rc.d/jail creating stray softlinks o conf/142973 rc [jail] [patch] Strange counter init value in jail rc o conf/142434 rc [patch] Add cpuset(1) support to rc.subr(8) o conf/142304 rc rc.conf(5): mdconfig and mdconfig2 rc.d scripts lack e o conf/141909 rc rc.subr(8): [patch] add rc.conf.d support to /usr/loca o conf/141907 rc [rc.d] Bug if mtu (maybe others?) is set as first argu o conf/141678 rc [patch] A minor enhancement to how /etc/rc.d/jail dete o conf/141275 rc [request] dhclient(8) rc script should print something o conf/140440 rc [patch] allow local command files in rc.{suspend,resum o conf/140261 rc [patch] Improve flexibility of mdconfig2 startup scrip o conf/138208 rc [rc.d] [patch] Making rc.firewall (workstation) IPv6 a o conf/137629 rc [rc.d] background_dhclient rc.conf option causing doub o conf/137470 rc [PATCH] /etc/rc.d/mdconfig2 : prioritize cli parameter o conf/137271 rc [rc.d] Cannot update /etc/host.conf when root filesyst o conf/136875 rc [request] _flags appending o conf/136624 rc [rc.d] sysctl variables for ipnat are not applied on b o conf/135338 rc [rc.d] pf startup order seems broken [regression] o conf/134918 rc [patch] rc.subr fails to detect perl daemons o conf/134660 rc [patch] rc-script for initializing ng_netflow+ng_ipfw o conf/134333 rc PPP configuration problem in the rc.d scripts in combi o conf/134006 rc [patch] Unload console screensaver kernel modules if s o conf/133987 rc [rc.d] defaultroute broken with DHCP in some cases o conf/133890 rc [patch] sshd(8): add multiple profiles to the rc.d scr o conf/132483 rc rc.subr(8) [patch] setfib(1) support for rc.subr o conf/132476 rc [rc.d] [patch] add support setfib(1) in rc.d/routing o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped p bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [jail] [patch] add support for nice value for rc.d/jai o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122968 rc [rc.d] /etc/rc.d/addswap: md swapfile multiplication a o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/108589 rc rtsol(8) fails due to default ipfw rules o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 92 problems total. From owner-freebsd-rc@FreeBSD.ORG Mon May 2 12:16:04 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B6E4106566B for ; Mon, 2 May 2011 12:16:04 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by mx1.freebsd.org (Postfix) with ESMTP id F40058FC08 for ; Mon, 2 May 2011 12:16:03 +0000 (UTC) Received: from mail2.siemens.de (localhost [127.0.0.1]) by goliath.siemens.de (8.13.6/8.13.6) with ESMTP id p42CG19M027447; Mon, 2 May 2011 14:16:01 +0200 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130]) by mail2.siemens.de (8.13.6/8.13.6) with ESMTP id p42CG0oi029187; Mon, 2 May 2011 14:16:00 +0200 Received: (from localhost) by curry.mchp.siemens.de (8.14.4/8.14.4) id p42CG0S0011216; Date: Mon, 2 May 2011 14:16:00 +0200 From: Andre Albsmeier To: Jason Hellenthal Message-ID: <20110502121600.GB31186@curry.mchp.siemens.de> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> <20110501081930.GA14448@curry.mchp.siemens.de> <20110502025942.GA31396@DataIX.net> <20110502052739.GB20839@curry.mchp.siemens.de> <20110502070437.GB6066@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110502070437.GB6066@DataIX.net> X-Echelon: X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.20 (2009-06-14) Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 12:16:04 -0000 On Mon, 02-May-2011 at 09:04:37 +0200, Jason Hellenthal wrote: > > Andre, > > > On Mon, May 02, 2011 at 07:27:39AM +0200, Andre Albsmeier wrote: > >On Mon, 02-May-2011 at 04:59:42 +0200, Jason Hellenthal wrote: > >> > >> Andre, > >> > >> > >> On Sun, May 01, 2011 at 10:19:30AM +0200, Andre Albsmeier wrote: > >> >On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: > >> >> > >> >> By default snapshots directories are hidden and treated as a virtual > >> > > >> >Is it possible to hide snapshots directories in UFS? > >> > > >> > >> Snapshot directories on UFS are treated differently than they are in > >> ZFS. UFS snapshot directories live as the base of the filesystem and are > >> not auto-mounted perse when you cd(1) into them so therefore there isn't a > >> need to hide them because they cannot be traversed. > > > >They are mounted and they have to be mounted (at least here). If > >they weren't mounted, people couldn't access them. That's why > >they are also being traversed by 310.locate and 340.noid. To > >summarise: > > > >- I use UFS. > >- My snapshots must be mounted. > >- They are being traversed by 310.locate and 340.noid. > >- I don't want the latter. > > > >To accomplish this, I can play around with (directory name dependent) > >exclusion lists for 310.locate and 340.noid. I could also implement > >a rdonly knob. > > > > Well for the case of 310.locate this is already of no concern since it > can be finely tuned via /etc/locate.rc I know. But as outlined in my initial mail, I would have to tune /etc/locate.rc for each directory by name on each machine. A simple "ignore readonly mountpoints" knob would simplify things a lot. -Andre > > As for 340.noid I played around with that. It should have been modeled > after 100.setuid but it wasn't. Also doesn't really provide any real > useful information other than a filename on output. > > Attached is an adjustment to 340.noid that I think you will like and > here is some sample output. > > $ sudo sh 340.noid > > Check for files with an unknown user or group: > Directories, / > -rw-r--r-- 1 404 404 0 May 2 02:44 /test2 > -rw-r--r-- 1 root 404 0 May 2 02:52 /test3 > -rw-r--r-- 1 404 wheel 0 May 2 02:53 /test4 > > After I finish this up I am going to propose a patch for both of > 100.setuid and 340.noid so they can provide similiar output to the > above. > > For now I have just attached the modified script as it has to unset the > weekly_noid_dir variable before it brings in your local periodic configs > otherwise it wouldn't have let the script function with your config. > > Ill write back with an update once that is finished. > > PS: You should be able to just drop the attachment into the following > directories for it to take effect and then adjust the directories via > weekly_noid_dir per your periodic.conf or periodic.conf.local > > /usr/src/etc/periodic/weekly > /etc/periodic/weekly > > -- > > Regards, (jhell) > Jason Hellenthal > > #!/bin/sh - > # > # $FreeBSD: stable/8/etc/periodic/weekly/340.noid 220107 2011-03-28 19:22:55Z dougb $ > # > > # If there is a global system configuration file, suck it in. > # > if [ -r /etc/defaults/periodic.conf ] > then > . /etc/defaults/periodic.conf > unset weekly_noid_dirs > source_periodic_confs > fi > > case "$weekly_noid_enable" in > [Yy][Ee][Ss]) > echo "" > echo "Check for files with an unknown user or group:" > > MP="${weekly_noid_dirs:-`mount -t ufs,zfs |awk '{print $3}' |xargs`}" > echo "Directories, $MP" > find -sxH $MP /dev/null \ > \( ! -fstype local -prune -or -name \* \) -and \ > \( -nogroup -o -nouser \) |sed 's/^/ /' |\ > xargs ls -l > rc=$? > ;; > *) rc=0;; > esac > > exit $rc -- Division by zero error -- multiplying by zero to recover... From owner-freebsd-rc@FreeBSD.ORG Mon May 2 12:22:17 2011 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE042106566C for ; Mon, 2 May 2011 12:22:17 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mx1.freebsd.org (Postfix) with ESMTP id 539868FC15 for ; Mon, 2 May 2011 12:22:16 +0000 (UTC) Received: from mail1.siemens.de (localhost [127.0.0.1]) by thoth.sbs.de (8.13.6/8.13.6) with ESMTP id p42CC7rS005437; Mon, 2 May 2011 14:12:08 +0200 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130]) by mail1.siemens.de (8.13.6/8.13.6) with ESMTP id p42CC7GR029027; Mon, 2 May 2011 14:12:07 +0200 Received: (from localhost) by curry.mchp.siemens.de (8.14.4/8.14.4) id p42CC7mi011203; Date: Mon, 2 May 2011 14:12:07 +0200 From: Andre Albsmeier To: Jason Hellenthal Message-ID: <20110502121207.GA31186@curry.mchp.siemens.de> References: <20110430102521.GA11716@curry.mchp.siemens.de> <20110430213157.GC5660@DataIX.net> <20110501081930.GA14448@curry.mchp.siemens.de> <20110502025942.GA31396@DataIX.net> <20110502052739.GB20839@curry.mchp.siemens.de> <20110502083039.GC6066@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110502083039.GC6066@DataIX.net> X-Echelon: X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.20 (2009-06-14) Cc: "freebsd-rc@freebsd.org" Subject: Re: New knob for ignoring readonly fss in 340.noid and 310.locate? X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 12:22:17 -0000 On Mon, 02-May-2011 at 10:30:39 +0200, Jason Hellenthal wrote: > > Andre, Hi Jason, > > Give this a shot. > > http://patches.jhell.googlecode.com/hg/340.noid.patch > > Apply with ( patch -p1 -E < /path/to/340.noid.patch ) > > Then either copy the resulting script to where it needs to go and remove > the old 340.noid or run one of mergemaster or etcupdate. > > This effectively pushes it to periodic/security/310.chknoid which makes > a lot more sense than beeing in weekly as a non-security measure. > > Introduces: > daily_status_security_chknoid_enable="YES" > daily_status_security_chknoid_dirs="" > > By default it populates its directory list with zfs,ufs mountpoints and > will not cross mountpoints as per '-x' options to find(1). Yes, but this won't give me anything in my case. My UFS snapshots will still be found by mount -t ufs,zfs |awk '{print $3}' as we can see here: andre@server:~>mount -t ufs,zfs |awk '{print $3}' / /usr /var /scratch /dump /server /pc /people /share /tmp /people/.snap/@GMT-2011.04.26-03.15.04 /people/.snap/@GMT-2011.04.27-03.15.04 /people/.snap/@GMT-2011.04.28-03.15.03 /people/.snap/@GMT-2011.04.29-03.15.03 /people/.snap/@GMT-2011.04.30-03.15.04 /people/.snap/@GMT-2011.04.23-03.15.01 /people/.snap/@GMT-2011.04.16-03.15.01 /share/.snap/@GMT-2011.04.26-03.28.32 /share/.snap/@GMT-2011.04.27-03.28.26 /share/.snap/@GMT-2011.04.28-03.28.42 /share/.snap/@GMT-2011.04.29-03.29.12 /share/.snap/@GMT-2011.04.30-03.26.48 /share/.snap/@GMT-2011.04.23-03.27.33 /share/.snap/@GMT-2011.04.16-03.27.39 /share/.snap/@GMT-2011.04.09-03.22.01 so I will again have to tweak daily_status_security_chknoid_dirs manually for each machine. While I like your approach, using -x and a list of ufs,zfs instead of the old way of doing it, it doesn't help me ;-). As for the idea of moving it to periodic/security: This might be a good thing but could confuse other who expect this check to be run once a week. Thanks, -Andre > > On Mon, May 02, 2011 at 07:27:39AM +0200, Andre Albsmeier wrote: > >On Mon, 02-May-2011 at 04:59:42 +0200, Jason Hellenthal wrote: > >> > >> Andre, > >> > >> > >> On Sun, May 01, 2011 at 10:19:30AM +0200, Andre Albsmeier wrote: > >> >On Sat, 30-Apr-2011 at 23:31:57 +0200, Jason Hellenthal wrote: > >> >> > >> >> By default snapshots directories are hidden and treated as a virtual > >> > > >> >Is it possible to hide snapshots directories in UFS? > >> > > >> > >> Snapshot directories on UFS are treated differently than they are in > >> ZFS. UFS snapshot directories live as the base of the filesystem and are > >> not auto-mounted perse when you cd(1) into them so therefore there isn't a > >> need to hide them because they cannot be traversed. > > > >They are mounted and they have to be mounted (at least here). If > >they weren't mounted, people couldn't access them. That's why > >they are also being traversed by 310.locate and 340.noid. To > >summarise: > > > >- I use UFS. > >- My snapshots must be mounted. > >- They are being traversed by 310.locate and 340.noid. > >- I don't want the latter. > > > >To accomplish this, I can play around with (directory name dependent) > >exclusion lists for 310.locate and 340.noid. I could also implement > >a rdonly knob. > > > > -Andre > > -- > > Regards, (jhell) > Jason Hellenthal > -- Note: No Micro$oft programs were used in the creation or distribution of this message. If you are using a Micro$oft program to view or forward this message, be forewarned that I am not responsible for any harm you may encounter as a result. From owner-freebsd-rc@FreeBSD.ORG Thu May 5 01:30:34 2011 Return-Path: Delivered-To: rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4727106566C for ; Thu, 5 May 2011 01:30:34 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 668998FC1A for ; Thu, 5 May 2011 01:30:34 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqkHAIH8wU2DaFvO/2dsb2JhbAAuhCKTfo5IqDWOHpEigSqDXIEBBI81jlY X-IronPort-AV: E=Sophos;i="4.64,317,1301889600"; d="scan'208";a="119660108" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 04 May 2011 21:30:33 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id A5E1FB3FB4 for ; Wed, 4 May 2011 21:30:33 -0400 (EDT) Date: Wed, 4 May 2011 21:30:33 -0400 (EDT) From: Rick Macklem To: rc@freebsd.org Message-ID: <1424708985.1031270.1304559033631.JavaMail.root@erie.cs.uoguelph.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.203] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - IE7 (Win)/6.0.10_GA_2692) Cc: Subject: NFS client script changes for review X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2011 01:30:34 -0000 Hi, I put some modified rc scripts and diffs at: http://people.freebsd.org/~rmacklem/rc.conf Basically, it doesn't seem that any of the nfs specific stuff in mountcritremote is needed anymore (at least when I test here with a kernel built without any NFS options, so the clients have to load as modules). If getting rid of the stuff seems too risky (or someone thinks that it's still needed), it can be fixed to work by just replacing "load_kld -m nfs nfsclient" with "load_kld -m nfs nfscl", since the module name is now "nfscl". I changed the "vfs.nfs." sysctl names in nfsclient to "vfs.newnfs." and created a clone of nfsclient called oldnfsclient for the old one. That, plus changing a couple of lines in /etc/defaults/rc.conf seems to make things work ok, but, as you know, I'm not a shell programmer. rick From owner-freebsd-rc@FreeBSD.ORG Thu May 5 14:52:08 2011 Return-Path: Delivered-To: rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDD61106566C for ; Thu, 5 May 2011 14:52:08 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 940E08FC15 for ; Thu, 5 May 2011 14:52:08 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvEGAHa5wk2DaFvO/2dsb2JhbACEUJQDjlylWI4ekS2BKoNcgQEEj0qOaw X-IronPort-AV: E=Sophos;i="4.64,319,1301889600"; d="scan'208";a="119719666" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 05 May 2011 10:52:00 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 5F1A6B4039 for ; Thu, 5 May 2011 10:52:00 -0400 (EDT) Date: Thu, 5 May 2011 10:52:00 -0400 (EDT) From: Rick Macklem To: rc@freebsd.org Message-ID: <1352957796.1050106.1304607120290.JavaMail.root@erie.cs.uoguelph.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.203] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - IE7 (Win)/6.0.10_GA_2692) Cc: Subject: more re: NFS client rc scripts for review X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2011 14:52:09 -0000 I just posted an idea w.r.t. making the sysctl vfs.nfs.xxx namespace shared between the 2 NFS clients. If that happens, the rc script changes are simplified. No clone of nfsclient (or oldnfs_client_enable) is needed. All that happens is that nfsclient now needs the module "nfslock" instead of "nfsclient". rick