Date: Tue, 17 Jul 2001 12:14:49 -0700 From: PM Lashley <patl@phoenix.volant.org> To: Alexey Zakirov <frank@agava.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: jail Message-ID: <609150000.995397289@asimov> In-Reply-To: <Pine.BSF.4.32.0107172237490.78628-400000@hellbell.domain> References: <Pine.BSF.4.32.0107172237490.78628-400000@hellbell.domain>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] --On Tuesday, July 17, 2001 22:48:32 +0400 Alexey Zakirov <frank@agava.com> wrote: > On Tue, 17 Jul 2001, PM Lashley wrote: > >> > make install DESTDIR=$INSTALLATION_PATH >> > cd $INSTALLATION_PATH >> > rm -rf boot dev lkm mnt modules proc root sys >> > cat $WORK/delete.lst | xargs chflags 0 >> > cat $WORK/delete.lst | xargs rm -rf >> > cat $WORK/noworld.lst | xargs chflags 0 >> > cat $WORK/noworld.lst | xargs chmod o-rwx >> > cat $WORK/nosuid.lst | xargs chflags 0 >> > cat $WORK/nosuid.lst | xargs chmod ug-s >> >> So exactly which files do you have listed in each of the '.lst' files? > > Sorry if this can't be appropriate for this list but I've administered > public shell boxes for 3 years and I think those AREN'T important files > for public shell/web hosting so I've attached those lists. No, I agree - there are a lot of files installed by the make world that aren't necessary (or in some cases even useful) in a jail environment. I just thought it would be helpful if you shared your lists. (Thanks!) >> Also, a nit - I'd like to point out that the above six lines would be >> more efficient using redirection instead of cat and pipes. E.g., > > have you ever tried to rm(1) about 1 m files? Most of shells have a pretty > small buffers for it's command line arguments. > And more - it's classic. Yes, I have. Note that my solution still uses xargs to get around the command-line buffer size restrictions. It just eliminates the 'cat' in favor of redirecting stdin for xargs. Yours: cat FOO | xargs CMD Mine: xargs CMD < FOO It eliminates the unnecessary and unhelpful cat process, it's buffers, the pipe, etc. The construct 'cat ONE-FILE |' can almost always be replaced by a stdin redirection to improve efficiency with no down-side at all. It's a different matter, of course, if more than one file is being processed by the cat or if other command-line parameters are being used to alter cat's output. (E.g., 'cat -n ONE-FILE |' or 'cat -v ONE-FILE |') -Pat [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtUjqoACgkQncYNbLD8wuNNGACg7gVQ/81ZOJd6ADRqfMBzybIs ub8AnRsFCQwkijXy1qI0PYX56ktU4Opr =y0S1 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?609150000.995397289>