Language Selection

English French German Italian Portuguese Spanish

Custom scripting gives users a safe-du

Filed under

My company has a Linux cluster with a terabyte of attached storage. Over time we noticed the head node was becoming more overloaded. Inspection of the system showed that users were starting dozens of copies of the du utility to determine disk space usage. This was a natural thing for them to do, because they had a need to know how much disk space was available. A lack of disk space would cause their software builds and tests to fail. The problem was that it takes five to seven hours for a du of the entire shared filesystem. Thus, when the filesystem was nearly full (as it of course usually was), the number of du processes would increase almost exponentially.

To address this problem, we first set up automated nightly disk space reports, so that users could check the status without running du. This still did not solve the problem, as the amount of used space could fluctuate dramatically over the course of 24 hours. Users still wanted and needed to run their own du processes throughout the workday.

While adding more disk space would have solved the problem, we are using a large disk array that is already filled to maximum capacity. In general, users tend to fill up all available disk space anyway, no matter how much you give them.

We then developed a policy: users could run du on any directory they owned. In addition, user du processes would be allowed to run for a maximum of one hour of wall time. Users in the wheel group would be exempt from these restrictions.

I was given the task of developing a tool to implement this policy. Some sort of wrapper around the existing du seemed like an obvious choice: the script could validate the input, abort if an invalid path was given, and terminate the du process if it ran too long.

I wrote a basic bash script in perhaps an hour's time. Then I thought about how to run it, and that is where I ran into trouble. I had thought that I would make the script set user id (setuid) or set group id (setgid) root, i.e. when run by any user it would actually run in the root group. Then, I could change the permissions on the real du so that only root could run it. The result would be that normal users could only access the real du through the wrapper script.

Of course that would make a pretty boring article, and in reality it didn't turn out to be that simple:

Full Story.

More in Tux Machines

Bang & Olufsen’s RPi add-on brings digital life to old speakers

B&O and HiFiBerry have launched an open source, DIY “Beocreate 4” add-on for the Raspberry Pi that turns vintage speakers into digitally amplified, wireless-enabled smart speakers with the help of a 180-Watt 4-channel amplifier, a DSP, and a DAC. Bang & Olufsen has collaborated with HiFiBerry to create the open source, $189 Beocreate 4 channel amplifier kit. The 180 x 140 x 30mm DSP/DAC/amplifier board pairs with your BYO Raspberry Pi 3 with a goal of upcycling vintage passive speakers. Read more

Gemini PDA will ship with Android, but it also supports Debian, Ubuntu, Sailfish, and Postmarket OS (crowdfunding, work in progress)

The makers of the Gemini PDA plan to begin shipping the first units of their handheld computer to their crowdfunding campaign backers any day now. And while the folks at Planet Computer have been calling the Gemini PDA a dual OS device (with Android and Linux support) from the get go, it turns out the first units will actually just ship with Android. Read more

Red Hat: CO.LAB, Kubernetes/OpenShift, Self-Serving 'Study' and More

Browsers: Mozilla and Iridium

  • Best Web Browser
    When the Firefox team released Quantum in November 2017, they boasted it was "over twice as fast as Firefox from 6 months ago", and Linux Journal readers generally agreed, going as far as to name it their favorite web browser. A direct response to Google Chrome, Firefox Quantum also boasts decreased RAM usage and a more streamlined user interface.
  • Share Exactly What You See On-Screen With Firefox Screenshots
    A “screenshot” is created when you capture what’s on your computer screen, so you can save it as a reference, put it in a document, or send it as an image file for others to see exactly what you see.
  • What Happens when you Contribute, revisited
    I sat down to write a post about my students' experiences this term contributing to open source, and apparently I've written this before (and almost exactly a year ago to the day!) The thing about teaching is that it's cyclic, so you'll have to forgive me as I give a similar lecture here today. I'm teaching two classes on open source development right now, two sections in an introductory course, and another two in a follow-up intermediate course. The students are just starting to get some releases submitted, and I've been going through their blogs, pull requests, videos (apparently this generation likes making videos, which is something new for me), tweets, and the like. I learn a lot from my students, and I wanted to share some of what I'm seeing.
  • Iridium Browser: A Browser for the Privacy Conscience
    Iridium is a web browser based on Chromium project. It has been customized to not share your data and thus keeping your privacy intact.