webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

update accelerator: Don't change owner of ALL files in cache.

Browse Source 
When a file has been downloaded, all files in the update accelerator
cache directory have been chowned which causes huge IO load.
It is only required to set permissions that members of the group
can delete the files (purge function on the web user interface).

Changing the owner is completely unnecessary as only the squid
user needs write access and the web server is able to deliver
any file in the update cache anyways.
This commit is contained in:
Michael Tremer
2013-01-26 19:07:17 +01:00
parent 5114bcb3cd
commit a19f33961c
5 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/etc/group
View File

@@ -14,7 +14,7 @@ dialout:x:16:
floppy:x:19:
tape:x:20:
utmp:x:22:
squid:x:23:
squid:x:23:nobody
ntp:x:38:
dip:x:40:
mysql:x:41:

1
config/rootfiles/common/misc-progs
View File

@@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
usr/local/bin/updxsetperms
usr/local/bin/upnpctrl
usr/local/bin/urlfilterctrl
usr/local/bin/wirelessctrl

7
config/rootfiles/core/66/update.sh
View File

@@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo
add_to_backup etc/sysconfig/lm_sensors
add_to_backup etc/sysconfig/rc.local
add_to_backup usr/local/bin/vpn-watch
add_to_backup usr/local/bin/updxsetperms
add_to_backup usr/libexec/ipsec
# Backup the files
@@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then
exit 2
fi
# Add user nobody to group squid.
usermod -a -G squid nobody
echo
echo Update Kernel to $KVER ...
#
@@ -184,6 +188,9 @@ rm -rf /lib/libncurses*
rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
rm -f /usr/local/bin/vpn-watch
# Remove update accelerator permissions script.
rm -f /usr/local/bin/updxsetperms
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /

17
config/updxlrator/download
View File

@@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/;
unless (-d "$repository/download/$vendorid")
{
system("mkdir -p $repository/download/$vendorid");
#system("chmod 775 $repository/download/$vendorid");
chmod 0775, "$repository/download/$vendorid";
}
if($restartdl == 0)
@@ -159,13 +159,13 @@ if ($_ == 0)
unless (-d "$repository/$vendorid")
{
system("mkdir -p $repository/$vendorid");
#system("chmod 775 $repository/$vendorid");
chmod 0775, "$repository/$vendorid";
}
unless (-d "$repository/$vendorid/$uuid")
{
system("mkdir -p $repository/$vendorid/$uuid");
#system("chmod 775 $repository/$vendorid/$uuid");
chmod 0775, "$repository/$vendorid/$uuid";
}
&writelog("Moving file to the cache directory: $vendorid/$uuid");
@@ -180,8 +180,15 @@ if ($_ == 0)
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
system("/usr/local/bin/updxsetperms");
#system("chmod 775 $repository/$vendorid/$uuid/*");
# Update permissions of all files in the download directory.
my @files = (
"$repository/$vendorid/$uuid/source.url",
"$repository/$vendorid/$uuid/status",
"$repository/$vendorid/$uuid/checkup.log",
"$repository/$vendorid/$uuid/access.log",
"$repository/$vendorid/$uuid/$updatefile"
);
chmod 0664, @files;
unlink ("$repository/download/$vendorid/$updatefile.info");

11
src/misc-progs/Makefile
View File

@@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable
SUID_UPDX = updxsetperms
install : all
install -m 755 $(PROGS) /usr/local/bin
install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX)
all : $(PROGS) $(SUID_PROGS)
clean :
-rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core
-rm -f $(PROGS) $(SUID_PROGS) *.o core
######
@@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o
$(PROGS): setuid.o
$(SUID_UPDX): setuid.o
logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
@@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o
setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@
fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@