From a19f33961c979b8c0b342971950337f7ed486c0d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 26 Jan 2013 19:07:17 +0100 Subject: [PATCH] update accelerator: Don't change owner of ALL files in cache. When a file has been downloaded, all files in the update accelerator cache directory have been chowned which causes huge IO load. It is only required to set permissions that members of the group can delete the files (purge function on the web user interface). Changing the owner is completely unnecessary as only the squid user needs write access and the web server is able to deliver any file in the update cache anyways. --- config/etc/group | 2 +- config/rootfiles/common/misc-progs | 1 - config/rootfiles/core/66/update.sh | 7 +++++++ config/updxlrator/download | 17 ++++++++++++----- src/misc-progs/Makefile | 11 ++--------- 5 files changed, 22 insertions(+), 16 deletions(-) diff --git a/config/etc/group b/config/etc/group index 3b155fa88..46e4b8029 100644 --- a/config/etc/group +++ b/config/etc/group @@ -14,7 +14,7 @@ dialout:x:16: floppy:x:19: tape:x:20: utmp:x:22: -squid:x:23: +squid:x:23:nobody ntp:x:38: dip:x:40: mysql:x:41: diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 2d6b2e2cb..d2cf7102c 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl usr/local/bin/timectrl #usr/local/bin/tripwirectrl usr/local/bin/updxlratorctrl -usr/local/bin/updxsetperms usr/local/bin/upnpctrl usr/local/bin/urlfilterctrl usr/local/bin/wirelessctrl diff --git a/config/rootfiles/core/66/update.sh b/config/rootfiles/core/66/update.sh index c76f3c728..c63db02b7 100644 --- a/config/rootfiles/core/66/update.sh +++ b/config/rootfiles/core/66/update.sh @@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo add_to_backup etc/sysconfig/lm_sensors add_to_backup etc/sysconfig/rc.local add_to_backup usr/local/bin/vpn-watch +add_to_backup usr/local/bin/updxsetperms add_to_backup usr/libexec/ipsec # Backup the files @@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then exit 2 fi +# Add user nobody to group squid. +usermod -a -G squid nobody + echo echo Update Kernel to $KVER ... # @@ -184,6 +188,9 @@ rm -rf /lib/libncurses* rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack} rm -f /usr/local/bin/vpn-watch +# Remove update accelerator permissions script. +rm -f /usr/local/bin/updxsetperms + # #Extract files tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / diff --git a/config/updxlrator/download b/config/updxlrator/download index 8b219bcab..1624609f4 100644 --- a/config/updxlrator/download +++ b/config/updxlrator/download @@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/; unless (-d "$repository/download/$vendorid") { system("mkdir -p $repository/download/$vendorid"); - #system("chmod 775 $repository/download/$vendorid"); + chmod 0775, "$repository/download/$vendorid"; } if($restartdl == 0) @@ -159,13 +159,13 @@ if ($_ == 0) unless (-d "$repository/$vendorid") { system("mkdir -p $repository/$vendorid"); - #system("chmod 775 $repository/$vendorid"); + chmod 0775, "$repository/$vendorid"; } unless (-d "$repository/$vendorid/$uuid") { system("mkdir -p $repository/$vendorid/$uuid"); - #system("chmod 775 $repository/$vendorid/$uuid"); + chmod 0775, "$repository/$vendorid/$uuid"; } &writelog("Moving file to the cache directory: $vendorid/$uuid"); @@ -180,8 +180,15 @@ if ($_ == 0) &UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time); &UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time); - system("/usr/local/bin/updxsetperms"); - #system("chmod 775 $repository/$vendorid/$uuid/*"); + # Update permissions of all files in the download directory. + my @files = ( + "$repository/$vendorid/$uuid/source.url", + "$repository/$vendorid/$uuid/status", + "$repository/$vendorid/$uuid/checkup.log", + "$repository/$vendorid/$uuid/access.log", + "$repository/$vendorid/$uuid/$updatefile" + ); + chmod 0664, @files; unlink ("$repository/download/$vendorid/$updatefile.info"); diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 33d1d667e..cc33266d0 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ getconntracktable -SUID_UPDX = updxsetperms install : all install -m 755 $(PROGS) /usr/local/bin install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin - install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin -all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX) +all : $(PROGS) $(SUID_PROGS) clean : - -rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core + -rm -f $(PROGS) $(SUID_PROGS) *.o core ###### @@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o $(PROGS): setuid.o -$(SUID_UPDX): setuid.o - logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@ @@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@ -updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o - $(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@ - fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@ -- 2.39.2