summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
5114bcb)
When a file has been downloaded, all files in the update accelerator
cache directory have been chowned which causes huge IO load.
It is only required to set permissions that members of the group
can delete the files (purge function on the web user interface).
Changing the owner is completely unnecessary as only the squid
user needs write access and the web server is able to deliver
any file in the update cache anyways.
floppy:x:19:
tape:x:20:
utmp:x:22:
floppy:x:19:
tape:x:20:
utmp:x:22:
ntp:x:38:
dip:x:40:
mysql:x:41:
ntp:x:38:
dip:x:40:
mysql:x:41:
usr/local/bin/timectrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
usr/local/bin/timectrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
-usr/local/bin/updxsetperms
usr/local/bin/upnpctrl
usr/local/bin/urlfilterctrl
usr/local/bin/wirelessctrl
usr/local/bin/upnpctrl
usr/local/bin/urlfilterctrl
usr/local/bin/wirelessctrl
add_to_backup etc/sysconfig/lm_sensors
add_to_backup etc/sysconfig/rc.local
add_to_backup usr/local/bin/vpn-watch
add_to_backup etc/sysconfig/lm_sensors
add_to_backup etc/sysconfig/rc.local
add_to_backup usr/local/bin/vpn-watch
+add_to_backup usr/local/bin/updxsetperms
add_to_backup usr/libexec/ipsec
# Backup the files
add_to_backup usr/libexec/ipsec
# Backup the files
+# Add user nobody to group squid.
+usermod -a -G squid nobody
+
echo
echo Update Kernel to $KVER ...
#
echo
echo Update Kernel to $KVER ...
#
rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
rm -f /usr/local/bin/vpn-watch
rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
rm -f /usr/local/bin/vpn-watch
+# Remove update accelerator permissions script.
+rm -f /usr/local/bin/updxsetperms
+
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
unless (-d "$repository/download/$vendorid")
{
system("mkdir -p $repository/download/$vendorid");
unless (-d "$repository/download/$vendorid")
{
system("mkdir -p $repository/download/$vendorid");
- #system("chmod 775 $repository/download/$vendorid");
+ chmod 0775, "$repository/download/$vendorid";
unless (-d "$repository/$vendorid")
{
system("mkdir -p $repository/$vendorid");
unless (-d "$repository/$vendorid")
{
system("mkdir -p $repository/$vendorid");
- #system("chmod 775 $repository/$vendorid");
+ chmod 0775, "$repository/$vendorid";
}
unless (-d "$repository/$vendorid/$uuid")
{
system("mkdir -p $repository/$vendorid/$uuid");
}
unless (-d "$repository/$vendorid/$uuid")
{
system("mkdir -p $repository/$vendorid/$uuid");
- #system("chmod 775 $repository/$vendorid/$uuid");
+ chmod 0775, "$repository/$vendorid/$uuid";
}
&writelog("Moving file to the cache directory: $vendorid/$uuid");
}
&writelog("Moving file to the cache directory: $vendorid/$uuid");
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
- system("/usr/local/bin/updxsetperms");
- #system("chmod 775 $repository/$vendorid/$uuid/*");
+ # Update permissions of all files in the download directory.
+ my @files = (
+ "$repository/$vendorid/$uuid/source.url",
+ "$repository/$vendorid/$uuid/status",
+ "$repository/$vendorid/$uuid/checkup.log",
+ "$repository/$vendorid/$uuid/access.log",
+ "$repository/$vendorid/$uuid/$updatefile"
+ );
+ chmod 0664, @files;
unlink ("$repository/download/$vendorid/$updatefile.info");
unlink ("$repository/download/$vendorid/$updatefile.info");
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable
-SUID_UPDX = updxsetperms
install : all
install -m 755 $(PROGS) /usr/local/bin
install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
install : all
install -m 755 $(PROGS) /usr/local/bin
install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
- install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
-all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX)
+all : $(PROGS) $(SUID_PROGS)
- -rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core
+ -rm -f $(PROGS) $(SUID_PROGS) *.o core
-$(SUID_UPDX): setuid.o
-
logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o
- $(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@