update accelerator: Don't change owner of ALL files in cache.
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 26 Jan 2013 18:07:17 +0000 (19:07 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 26 Jan 2013 18:31:58 +0000 (19:31 +0100)
When a file has been downloaded, all files in the update accelerator
cache directory have been chowned which causes huge IO load.
It is only required to set permissions that members of the group
can delete the files (purge function on the web user interface).

Changing the owner is completely unnecessary as only the squid
user needs write access and the web server is able to deliver
any file in the update cache anyways.

config/etc/group
config/rootfiles/common/misc-progs
config/rootfiles/core/66/update.sh
config/updxlrator/download
src/misc-progs/Makefile

index 3b155fa889a90922a6c4e5a255ccfd45591ed02a..46e4b80295050eac06d90e8236fdba485152ad01 100644 (file)
@@ -14,7 +14,7 @@ dialout:x:16:
 floppy:x:19:
 tape:x:20:
 utmp:x:22:
-squid:x:23:
+squid:x:23:nobody
 ntp:x:38:
 dip:x:40:
 mysql:x:41:
index 2d6b2e2cb4b863b7799ba978d068c94378f90da3..d2cf7102c14c1b5c27a8baa1f23df9fba6fd3033 100644 (file)
@@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl
 usr/local/bin/timectrl
 #usr/local/bin/tripwirectrl
 usr/local/bin/updxlratorctrl
-usr/local/bin/updxsetperms
 usr/local/bin/upnpctrl
 usr/local/bin/urlfilterctrl
 usr/local/bin/wirelessctrl
index c76f3c728d5814852cd3e8c9c242e2bb13b53639..c63db02b7c0135bdfd2d0a1c78267070c5a84cc4 100644 (file)
@@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo
 add_to_backup etc/sysconfig/lm_sensors
 add_to_backup etc/sysconfig/rc.local
 add_to_backup usr/local/bin/vpn-watch
+add_to_backup usr/local/bin/updxsetperms
 add_to_backup usr/libexec/ipsec
 
 # Backup the files
@@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then
        exit 2
 fi
 
+# Add user nobody to group squid.
+usermod -a -G squid nobody
+
 echo
 echo Update Kernel to $KVER ...
 #
@@ -184,6 +188,9 @@ rm -rf /lib/libncurses*
 rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
 rm -f /usr/local/bin/vpn-watch
 
+# Remove update accelerator permissions script.
+rm -f /usr/local/bin/updxsetperms
+
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
index 8b219bcab46fc3b0c43a99e29864d9ec924934b3..1624609f4ee7a9897e7abc23b4b36e9a5fc0b1a4 100644 (file)
@@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/;
 unless (-d "$repository/download/$vendorid")
 {
        system("mkdir -p $repository/download/$vendorid");
-       #system("chmod 775 $repository/download/$vendorid");
+       chmod 0775, "$repository/download/$vendorid";
 }
 
 if($restartdl == 0)
@@ -159,13 +159,13 @@ if ($_ == 0)
        unless (-d "$repository/$vendorid")
        {
                system("mkdir -p $repository/$vendorid");
-               #system("chmod 775 $repository/$vendorid");
+               chmod 0775, "$repository/$vendorid";
        }
 
        unless (-d "$repository/$vendorid/$uuid")
        {
                system("mkdir -p $repository/$vendorid/$uuid");
-               #system("chmod 775 $repository/$vendorid/$uuid");
+               chmod 0775, "$repository/$vendorid/$uuid";
        }
 
        &writelog("Moving file to the cache directory: $vendorid/$uuid");
@@ -180,8 +180,15 @@ if ($_ == 0)
        &UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
        &UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
 
-       system("/usr/local/bin/updxsetperms");
-       #system("chmod 775 $repository/$vendorid/$uuid/*");
+       # Update permissions of all files in the download directory.
+       my @files = (
+               "$repository/$vendorid/$uuid/source.url",
+               "$repository/$vendorid/$uuid/status",
+               "$repository/$vendorid/$uuid/checkup.log",
+               "$repository/$vendorid/$uuid/access.log",
+               "$repository/$vendorid/$uuid/$updatefile"
+       );
+       chmod 0664, @files;
 
        unlink ("$repository/download/$vendorid/$updatefile.info");
 
index 33d1d667e2fa72f3ef98ebe9dddb554b942de0e4..cc33266d0cd36ccb26ee0d88f1404358ca6ed56c 100644 (file)
@@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
        smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
        setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
        getconntracktable
-SUID_UPDX = updxsetperms
 
 install : all
        install -m 755  $(PROGS) /usr/local/bin
        install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
-       install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
 
-all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX)
+all : $(PROGS) $(SUID_PROGS)
 
 clean : 
-       -rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core
+       -rm -f $(PROGS) $(SUID_PROGS) *.o core
 
 ######
 
@@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o
 
 $(PROGS): setuid.o
 
-$(SUID_UPDX): setuid.o
-
 logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
@@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o
 setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
-updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o
-       $(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
 fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@