From owner-freebsd-stable@FreeBSD.ORG Sun May 6 17:04:29 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4615106566C for ; Sun, 6 May 2012 17:04:29 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 526548FC08 for ; Sun, 6 May 2012 17:04:29 +0000 (UTC) Received: by obcni5 with SMTP id ni5so9398978obc.13 for ; Sun, 06 May 2012 10:04:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=Px82Q0RYop4gkXCKeDAjAXbAXHkrf8KzsIVK6XkjRA8=; b=ATjRbMClRAuAd4CstrThRTQhGrUWChvpiisCEelcUZGj1wJECsHoTyWEm/nYSJSB+L VNMQltA5XoLozVDKgQQdTP6RUPk7Yw+Cx4/W3TirXRYQTNDnvn5ipEGMNnv3Il2KFxfv uqS8SWCkAmSZmzSY8csmewvy5qa6HIURSFRnY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=Px82Q0RYop4gkXCKeDAjAXbAXHkrf8KzsIVK6XkjRA8=; b=dOl2hx2HHkQYt3n8new64TKTWJy64SmhIXJEK2CykzZpXUmkl1DFosjvXBiuMPimkD 6n8e3jxxDZnNvXadZwhhZz4EpnV58uN8ACQff1uucVSyEu9ezLDWTHat+dcbQmf1rSuc Y4Es+0diXdz+vHw1oXOTNttgvh2i3moYnSMGYWfOSK8BJHj79XFJTEkPRabNIU2y6xhT hwNG5T/8i6gyCOcKhP1FTGvTSLO5QjuLJU3p51DRDAtCRx0nxD7mFYjruF9q47F8Pzck SNSMeU6tJ/64nUVq6MuO8eMpBej2Wl0nlkG3eb1BijDzPCAbZP5LGwXGWIlixsBAQyQk O2Rg== Received: by 10.50.135.4 with SMTP id po4mr6796217igb.60.1336323868594; Sun, 06 May 2012 10:04:28 -0700 (PDT) Received: from DataIX.net (24-247-238-117.dhcp.aldl.mi.charter.com. [24.247.238.117]) by mx.google.com with ESMTPS id ww4sm7508387igb.9.2012.05.06.10.04.27 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 06 May 2012 10:04:28 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q46H4Q3O035802 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 6 May 2012 13:04:26 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jhellenthal@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q46H4P0r035144; Sun, 6 May 2012 13:04:25 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 6 May 2012 13:04:25 -0400 From: Jason Hellenthal To: Daniel Kalchev Message-ID: <20120506170425.GA24117@DataIX.net> References: <995A1779-9983-4AB9-8618-9227C1B491E5@digsys.bg> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline In-Reply-To: <995A1779-9983-4AB9-8618-9227C1B491E5@digsys.bg> X-Gm-Message-State: ALoCoQkSIElR9hN7BBnt/UnAvuuBLWrwtRAfhAyBfgqG9IBECMmkyi0oPwig8+PM0d47KSaXcjKL Cc: FreeBSD Stable Subject: Re: Make filesystem type configurable for periodic(8)? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 May 2012 17:04:29 -0000 --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 06, 2012 at 11:20:42AM +0300, Daniel Kalchev wrote: >=20 > On May 4, 2012, at 7:05 PM, Freddie Cash wrote: >=20 > > A few of the periodic(8) scripts in FreeBSD have constructs similar to > > the following to get which filesystems to scan for various things: > > MP=3D`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` > >=20 > > For systems with large ZFS pools, and many ZFS filesystems, these > > periodic scripts can grind it to its knees, and then some. For > > backups servers where we don't really care about the > > ownership/permissions of files from the FreeBSD perspective, we really > > don't want the ZFS filesytems to be scanned;=20 > [=E2=80=A6] >=20 > The script already accommodates this scenario. Just mount your storage fi= lesystems with 'nosuidexec' and they won't be scanned.=20 >=20 You all may be interested in this [1] but I have not touched it in a while and backed it out of a working source tree about a month ago so I am no longer tracking it. But last I used it, it was working cleanly. Configuration was like so... daily_status_security_chknoid_enable=3D"YES" daily_status_security_chknoid_dirs=3D"/ /home /tmp /var /usr/local" The same thing should also be done for anything that traverses multiple filesystems by default configuration and reporting output should remain consistent. The current reporting format of these scripts is nearly rediculous in its current use of diff(1). 1). http://code.google.com/p/jhell/source/browse/340.noid.patch?repo=3Dpatches --=20 - (2^(N-1)) --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJPpq8YAAoJEBSh2Dr1DU7WALQH/3mrT2vAs6r+W03Hary8QOhl 84NnaTHiThfzY8UogJm+uCouCStUN3WDrdbMeG4NN1warL35M+TWZwJ9x1J66Kpq c0LxZvT+AKTbTwsv6Z3XzzlqB6dEF1tu0Zb+oOCCo95tHnzJhdHyiWkZbNmp1e+T LE39fq/xP2XAx++iW8+9mhpj628DfDOiKzpzYwQ6c/V8xCKteVhXhNJTqAVV+KmE 391WpDwo+rWlQeAGhCCR1ij2RYzO1q63LTWDjJ62AIgheQ8ScgmdXrruJlUVKpkl 3qGUkh8M23L1UimpAoUL+rCABaB1h4Lvi3Db+r37KrnXlAqlfgAVkdRtlM+cMX8= =neRG -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l--