From owner-freebsd-hackers@FreeBSD.ORG Fri Oct 31 13:48:50 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5191A1065680 for ; Fri, 31 Oct 2008 13:48:50 +0000 (UTC) (envelope-from fb-hackers@psconsult.nl) Received: from mx1.psconsult.nl (psc11.adsl.iaf.nl [80.89.238.138]) by mx1.freebsd.org (Postfix) with ESMTP id D3CD68FC1D for ; Fri, 31 Oct 2008 13:48:49 +0000 (UTC) (envelope-from fb-hackers@psconsult.nl) Received: from mx1.psconsult.nl (localhost [80.89.238.138]) by mx1.psconsult.nl (8.14.2/8.14.2) with ESMTP id m9VDmhfL015404 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 31 Oct 2008 14:48:48 +0100 (CET) (envelope-from fb-hackers@psconsult.nl) Received: (from paul@localhost) by mx1.psconsult.nl (8.14.2/8.14.2/Submit) id m9VDmhdT015403 for freebsd-hackers@freebsd.org; Fri, 31 Oct 2008 14:48:43 +0100 (CET) (envelope-from fb-hackers@psconsult.nl) Date: Fri, 31 Oct 2008 14:48:42 +0100 From: Paul Schenkeveld To: freebsd-hackers@freebsd.org Message-ID: <20081031134842.GA15218@psconsult.nl> Mail-Followup-To: freebsd-hackers@freebsd.org References: <20081030154711.GA8416@icarus.home.lan> <490A6A8A.7080504@delphij.net> <20081031024748.GA20319@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-01) Subject: Re: open(2) and O_NOATIME X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2008 13:48:50 -0000 On Fri, Oct 31, 2008 at 08:04:48AM +0000, Igor Mozolevsky wrote: > 2008/10/31 Jeremy Chadwick : > > > ... If that's what you were referring to, then possibly making O_NOATIME > > only to root would be a suitable compromise. > > And no systems are compromised with rootkits?.. utimes(2) allows non-root users to (re)set atime provided they own the file or have write permission. Having O_NOATIME follow the same rules would not break any assumed security any further than utimes(2) already does but greatfully benefit all kind of backup programs. So I'd be more than happy to see O_NOATIME be implemented as I'm currently experimenting with backups to detachable harddisks using rsync and not having a way to reset atime is my one big reason for not deploying this kind of backups with more servers. If you wonder why I'm using rsyng instead of dump or tar, here are two reasons: first the detachable disks are much slower than the systems disks so rsync saves a lot of time and secondly a file-by-file-only-if-changed scheme allows me to efficiently use snapshots on the backup medium. Patching rsync to implement the kind of reset atime as i.e. cpio does looks far more complex than adding O_NOATIME to rsync. My $0.02 Regards, Paul Schenkeveld