Make filesystem type configurable for periodic(8)?
Locked
 
|
|
|
|
On Fri, May 4, 2012 at 9:08 AM, Bryan Drewery <[hidden email]> wrote:
> On 05/04/2012 11:05 AM, Freddie Cash wrote: >> A few of the periodic(8) scripts in FreeBSD have constructs similar to >> the following to get which filesystems to scan for various things: >> MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` >> >> For systems with large ZFS pools, and many ZFS filesystems, these >> periodic scripts can grind it to its knees, and then some. For >> backups servers where we don't really care about the >> ownership/permissions of files from the FreeBSD perspective, we really >> don't want the ZFS filesytems to be scanned; only the UFS ones for the >> FreeBSD OS install. To that end, I have to manually edit these files >> to remove the ",zfs": >> MP=`mount -t ufs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` >> ^^^^^^^^ >> Would it be worthwhile to anyone else to make the filesystem type(s) >> to scan via the periodic(8) scripts a variable that's set by default >> in /etc/defaults/periodic.conf and that user's can override via >> /etc/periodic.conf? >> >> Or, am I the only one that's suffering here? :) >> >> If there's interesting in this, I can look into coming up with some >> patches. But wanted to check if anyone else would find it useful. >> > > I would find this useful. But further, I have a ZFS root pool as well as > a ZFS backup pool. I don't want to exclude all of ZFS, just certain > pools, or even certain datasets. for use in periodic.conf (defaults shown): daily_status_security_chksetuid_fs="ufs,zfs" daily_status_security_chksetuid_fs_ignore="" daily_status_security_neggrpperm_fs="ufs,zfs" daily_status_security_neggrpperm_fs_ignore="" The _fs variables take filesystem types, as would be passed to mount(8). These limit the entire search based on type, so an all or nothing approach. The _fs_ignore variables are space separated lists of mountpoints to skip. So you can leave zfs in the _fs list, and then list specific filesystems here that you do not want to be scanned. I don't claim to be any great shell script writer, but this appears to do the job. Any suggestions, pointers, comments, etc welcomed. :) -- Freddie Cash [hidden email] _______________________________________________ [hidden email] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[hidden email]" |
periodic-fs-type.patch (3K) |
|
|
|
|
|
On Sun, May 06, 2012 at 11:20:42AM +0300, Daniel Kalchev wrote: > > On May 4, 2012, at 7:05 PM, Freddie Cash wrote: > > > A few of the periodic(8) scripts in FreeBSD have constructs similar to > > the following to get which filesystems to scan for various things: > > MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` > > > > For systems with large ZFS pools, and many ZFS filesystems, these > > periodic scripts can grind it to its knees, and then some. For > > backups servers where we don't really care about the > > ownership/permissions of files from the FreeBSD perspective, we really > > don't want the ZFS filesytems to be scanned; > […] > > The script already accommodates this scenario. Just mount your storage filesystems with 'nosuidexec' and they won't be scanned. > while and backed it out of a working source tree about a month ago so I am no longer tracking it. But last I used it, it was working cleanly. Configuration was like so... daily_status_security_chknoid_enable="YES" daily_status_security_chknoid_dirs="/ /home /tmp /var /usr/local" The same thing should also be done for anything that traverses multiple filesystems by default configuration and reporting output should remain consistent. The current reporting format of these scripts is nearly rediculous in its current use of diff(1). 1). http://code.google.com/p/jhell/source/browse/340.noid.patch?repo=patches -- - (2^(N-1)) |
Loading...
| Powered by Nabble | Edit this page |