From owner-freebsd-stable@FreeBSD.ORG Fri May 4 18:02:01 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96CAB1065675 for ; Fri, 4 May 2012 18:02:01 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-pz0-f48.google.com (mail-pz0-f48.google.com [209.85.210.48]) by mx1.freebsd.org (Postfix) with ESMTP id 6663D8FC0C for ; Fri, 4 May 2012 18:02:01 +0000 (UTC) Received: by dadz8 with SMTP id z8so243366dad.7 for ; Fri, 04 May 2012 11:02:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=QC7hdX6WP3D9M1LtWeiTmIK0ya0rTA3Kf+laUnwwEPs=; b=i0Z+lGsI8b8Akj8h6QHcR+eMDTn+RvmfAago0A1bEYXkhlBpRclXyvcXDjTLfRgI3K ammsV/xpc6pCX+R8GItN1bVMcI7Bn79RWXXX2uzU2NdmKf8dpokexjsm89Khw2+N7yuL 7AWDVNG7s8Wmv6jDRT3Rsqfmq/jgYqFaD8aexYlqGwT33Zf4Tt8ACHw6kpQTYJCYLwH4 vMIpu4h1aE69fm19ZNnmlfVxkXGJ0BLe9i+O2Bx6sxh9nh+7zjqXbFGhNZvK1mLtafUB a/xUDuhuRxDmGRGj42/aqRx81WAV4zwUz3VenK21at6T22JoHBFOT1kxcDfnQRYlR6Rw pamg== MIME-Version: 1.0 Received: by 10.68.222.134 with SMTP id qm6mr1444528pbc.14.1336154521198; Fri, 04 May 2012 11:02:01 -0700 (PDT) Received: by 10.68.223.165 with HTTP; Fri, 4 May 2012 11:02:01 -0700 (PDT) In-Reply-To: <4FA3FF18.4000309@shatow.net> References: <4FA3FF18.4000309@shatow.net> Date: Fri, 4 May 2012 11:02:01 -0700 Message-ID: From: Freddie Cash To: Bryan Drewery Content-Type: multipart/mixed; boundary=047d7b2ed48f99e0f904bf39b7e9 Cc: FreeBSD Stable Subject: Re: Make filesystem type configurable for periodic(8)? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2012 18:02:01 -0000 --047d7b2ed48f99e0f904bf39b7e9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, May 4, 2012 at 9:08 AM, Bryan Drewery wrote: > On 05/04/2012 11:05 AM, Freddie Cash wrote: >> A few of the periodic(8) scripts in FreeBSD have constructs similar to >> the following to get which filesystems to scan for various things: >> =C2=A0 =C2=A0 MP=3D`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { prin= t $3 }'` >> >> For systems with large ZFS pools, and many ZFS filesystems, these >> periodic scripts can grind it to its knees, and then some. =C2=A0For >> backups servers where we don't really care about the >> ownership/permissions of files from the FreeBSD perspective, we really >> don't want the ZFS filesytems to be scanned; only the UFS ones for the >> FreeBSD OS install. =C2=A0To that end, I have to manually edit these fil= es >> to remove the ",zfs": >> =C2=A0 =C2=A0 MP=3D`mount -t ufs | awk '$0 !~ /no(suid|exec)/ { print $3= }'` >> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 ^^^^^^^^ >> Would it be worthwhile to anyone else to make the filesystem type(s) >> to scan via the periodic(8) scripts a variable that's set by default >> in /etc/defaults/periodic.conf and that user's can override via >> /etc/periodic.conf? >> >> Or, am I the only one that's suffering here? =C2=A0:) >> >> If there's interesting in this, I can look into coming up with some >> patches. =C2=A0But wanted to check if anyone else would find it useful. >> > > I would find this useful. But further, I have a ZFS root pool as well as > a ZFS backup pool. I don't want to exclude all of ZFS, just certain > pools, or even certain datasets. Would you mind testing the attached patch? It adds four new variables for use in periodic.conf (defaults shown): daily_status_security_chksetuid_fs=3D"ufs,zfs" daily_status_security_chksetuid_fs_ignore=3D"" daily_status_security_neggrpperm_fs=3D"ufs,zfs" daily_status_security_neggrpperm_fs_ignore=3D"" The _fs variables take filesystem types, as would be passed to mount(8). These limit the entire search based on type, so an all or nothing approach. The _fs_ignore variables are space separated lists of mountpoints to skip. So you can leave zfs in the _fs list, and then list specific filesystems here that you do not want to be scanned. I don't claim to be any great shell script writer, but this appears to do the job. Any suggestions, pointers, comments, etc welcomed. :) --=20 Freddie Cash fjwcash@gmail.com --047d7b2ed48f99e0f904bf39b7e9 Content-Type: application/octet-stream; name="periodic-fs-type.patch" Content-Disposition: attachment; filename="periodic-fs-type.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_h1tjroap0 LS0tIGRlZmF1bHRzL3BlcmlvZGljLmNvbmYub3JpZwkyMDEyLTA1LTA0IDEwOjQ0OjEzLjAwMDAw MDAwMCAtMDcwMAorKysgZGVmYXVsdHMvcGVyaW9kaWMuY29uZgkyMDEyLTA1LTA0IDA5OjM4OjE4 LjAwMDAwMDAwMCAtMDcwMApAQCAtMTcwLDkgKzE3MCwxMyBAQAogCiAjIDEwMC5jaGtzZXR1aWQK IGRhaWx5X3N0YXR1c19zZWN1cml0eV9jaGtzZXR1aWRfZW5hYmxlPSJZRVMiCitkYWlseV9zdGF0 dXNfc2VjdXJpdHlfY2hrc2V0dWlkX2ZzPSJ1ZnMsemZzIgkJIyBGaWxlc3lzdGVtIHR5cGVzIHRv IHNjYW4KK2RhaWx5X3N0YXR1c19zZWN1cml0eV9jaGtzZXR1aWRfZnNfaWdub3JlPSIiCQkjIExp c3Qgb2YgZmlsZXN5c3RlbXMgdG8gc2tpcAogCiAjIDExMC5uZWdncnBwZXJtCiBkYWlseV9zdGF0 dXNfc2VjdXJpdHlfbmVnZ3JwcGVybV9lbmFibGU9IllFUyIKK2RhaWx5X3N0YXR1c19zZWN1cml0 eV9uZWdncnBwZXJtX2ZzPSJ1ZnMsemZzIgkJIyBGaWxlc3lzdGVtIHR5cGVzIHRvIHNjYW4KK2Rh aWx5X3N0YXR1c19zZWN1cml0eV9uZWdncnBwZXJtX2ZzPSIiCQkJIyBMaXN0IG9mIGZpbGVzeXN0 ZW1zIHRvIHNraXAKIAogIyAyMDAuY2hrbW91bnRzCiBkYWlseV9zdGF0dXNfc2VjdXJpdHlfY2hr bW91bnRzX2VuYWJsZT0iWUVTIgoKLS0tIHBlcmlvZGljL3NlY3VyaXR5LzEwMC5jaGtzZXR1aWQu b3JpZwkyMDEyLTA1LTA0IDEwOjQ2OjA1LjAwMDAwMDAwMCAtMDcwMAorKysgcGVyaW9kaWMvc2Vj dXJpdHkvMTAwLmNoa3NldHVpZAkyMDEyLTA1LTA0IDEwOjQ2OjQ3LjAwMDAwMDAwMCAtMDcwMApA QCAtNDMsNyArNDMsMTIgQEAKICAgICBbWXldW0VlXVtTc10pCiAJZWNobyAiIgogCWVjaG8gJ0No ZWNraW5nIHNldHVpZCBmaWxlcyBhbmQgZGV2aWNlczonCi0JTVA9YG1vdW50IC10IHVmcyx6ZnMg fCBhd2sgJyQwICF+IC9ubyhzdWlkfGV4ZWMpLyB7IHByaW50ICQzIH0nYAorCWlmIFsgLXogIiRk YWlseV9zdGF0dXNfc2VjdXJpdHlfY2hrc2V0dWlkX2ZzX2lnbm9yZSIgXTsgdGhlbgorCQlNUD1g bW91bnQgLXQgJGRhaWx5X3N0YXR1c19zZWN1cml0eV9jaGtzZXR1aWRfZnMgfCBhd2sgJyQwICF+ IC9ubyhzdWlkfGV4ZWMpLyB7IHByaW50ICQzIH0nYAorCWVsc2UKKwkJZGFpbHlfc3RhdHVzX3Nl Y3VyaXR5X2Noa3NldHVpZF9mc19pZ25vcmU9YCBlY2hvICRkYWlseV9zdGF0dXNfc2VjdXJpdHlf Y2hrc2V0dWlkX2ZzX2lnbm9yZSB8IHNlZCAncy9cIC9cfC9nJ2AKKwkJTVA9YG1vdW50IC10ICRk YWlseV9zdGF0dXNfc2VjdXJpdHlfY2hrc2V0dWlkX2ZzIHwgYXdrICckMCAhfiAvbm8oc3VpZHxl eGVjKS8geyBwcmludCAkMyB9J3wgZWdyZXAgLXZlICIkZGFpbHlfc3RhdHVzX3NlY3VyaXR5X2No a3NldHVpZF9mc19pZ25vcmUiYAorCWZpCiAJZmluZCAtc3ggJE1QIC9kZXYvbnVsbCAtdHlwZSBm IFwKIAkgICAgXCggLXBlcm0gLXUreCAtb3IgLXBlcm0gLWcreCAtb3IgLXBlcm0gLW8reCBcKSBc CiAJICAgIFwoIC1wZXJtIC11K3MgLW9yIC1wZXJtIC1nK3MgXCkgLWV4ZWMgbHMgLWxpVGQgXHtc fSBcKyB8CgotLS0gcGVyaW9kaWMvc2VjdXJpdHkvMTEwLm5lZ2dycHBlcm0ub3JpZwkyMDEyLTA1 LTA0IDEwOjU0OjIzLjAwMDAwMDAwMCAtMDcwMAorKysgcGVyaW9kaWMvc2VjdXJpdHkvMTEwLm5l Z2dycHBlcm0JMjAxMi0wNS0wNCAxMDo0ODoxNi4wMDAwMDAwMDAgLTA3MDAKQEAgLTQxLDYgKzQx LDEyIEBACiAgICAgW1l5XVtFZV1bU3NdKQogCWVjaG8gIiIKIAllY2hvICdDaGVja2luZyBuZWdh dGl2ZSBncm91cCBwZXJtaXNzaW9uczonCisJaWYgWyAteiAiJGRhaWx5X3N0YXR1c19zZWN1cml0 eV9uZWdncnBwZXJtX2ZzX2lnbm9yZSIgXTsgdGhlbgorCQlNUD1gbW91bnQgLXQgJGRhaWx5X3N0 YXR1c19zZWN1cml0eV9uZWdncnBwZXJtX2ZzIHwgYXdrICckMCAhfiAvbm8oc3VpZHxleGVjKS8g eyBwcmludCAkMyB9J2AKKwllbHNlCisJCWRhaWx5X3N0YXR1c19zZWN1cml0eV9uZWdncnBwZXJt X2ZzX2lnbm9yZT1gIGVjaG8gJGRhaWx5X3N0YXR1c19zZWN1cml0eV9uZWdncnBwZXJtX2ZzX2ln bm9yZSB8IHNlZCAncy9cIC9cfC9nJ2AKKwkJTVA9YG1vdW50IC10ICRkYWlseV9zdGF0dXNfc2Vj dXJpdHlfbmVnZ3JwcGVybV9mcyB8IGF3ayAnJDAgIX4gL25vKHN1aWR8ZXhlYykvIHsgcHJpbnQg JDMgfSd8IGVncmVwIC12ZSAiJGRhaWx5X3N0YXR1c19zZWN1cml0eV9uZWdncnBwZXJtX2ZzX2ln bm9yZSJgCisgICAgICAgIGZpCiAJTVA9YG1vdW50IC10IHVmcyx6ZnMgfCBhd2sgJyQwICF+IC9u byhzdWlkfGV4ZWMpLyB7IHByaW50ICQzIH0nYAogCW49JChmaW5kIC1zeCAkTVAgL2Rldi9udWxs IC10eXBlIGYgXAogCSAgICBcKCBcKCAhIC1wZXJtICswMTAgLWFuZCAtcGVybSArMDAxIFwpIC1v ciBcCg== --047d7b2ed48f99e0f904bf39b7e9--