Language Selection

English French German Italian Portuguese Spanish

Custom scripting gives users a safe-du

Filed under

My company has a Linux cluster with a terabyte of attached storage. Over time we noticed the head node was becoming more overloaded. Inspection of the system showed that users were starting dozens of copies of the du utility to determine disk space usage. This was a natural thing for them to do, because they had a need to know how much disk space was available. A lack of disk space would cause their software builds and tests to fail. The problem was that it takes five to seven hours for a du of the entire shared filesystem. Thus, when the filesystem was nearly full (as it of course usually was), the number of du processes would increase almost exponentially.

To address this problem, we first set up automated nightly disk space reports, so that users could check the status without running du. This still did not solve the problem, as the amount of used space could fluctuate dramatically over the course of 24 hours. Users still wanted and needed to run their own du processes throughout the workday.

While adding more disk space would have solved the problem, we are using a large disk array that is already filled to maximum capacity. In general, users tend to fill up all available disk space anyway, no matter how much you give them.

We then developed a policy: users could run du on any directory they owned. In addition, user du processes would be allowed to run for a maximum of one hour of wall time. Users in the wheel group would be exempt from these restrictions.

I was given the task of developing a tool to implement this policy. Some sort of wrapper around the existing du seemed like an obvious choice: the script could validate the input, abort if an invalid path was given, and terminate the du process if it ran too long.

I wrote a basic bash script in perhaps an hour's time. Then I thought about how to run it, and that is where I ran into trouble. I had thought that I would make the script set user id (setuid) or set group id (setgid) root, i.e. when run by any user it would actually run in the root group. Then, I could change the permissions on the real du so that only root could run it. The result would be that normal users could only access the real du through the wrapper script.

Of course that would make a pretty boring article, and in reality it didn't turn out to be that simple:

Full Story.

More in Tux Machines

openSUSE Leap 15 Will Succeed 42.3

What comes after openSUSE Leap 42.3 for SUSE's community non-rolling distribution? Version 15. Richard Brown announced on the behalf of the openSUSE Board and Leap Release Manager that the next version after openSUSE Leap 42.3 will be openSUSE Leap 15. Yes, that's after pre-42 was openSUSE 13.2. Read more Also: Mailinglist Archive: opensuse-project (15 mails)

Leftovers: Software

  • GNU Guile 2.2.1 released
    We are happy to announce GNU Guile release 2.2.1, the first bug-fix release in the new 2.2 stable release series.
  • Announcing Nylas Mail 2.0 [Ed: just Electron]
  • Cerebro Is An Amazing Open Source OS X Spotlight Alternative For Linux [Ed: also just Electron]
    You may be fed up with traditional way of searching/opening applications on your system. Cerebro is an amazing utility built using Electron and available for Linux, Windows, and Mac. It is open-source and released under MIT license.
  • Flowblade Another Video Editor for Linux? Give It A Try!
    You may have favorite video editor to edit your videos but there is no harm to try something new, its initial release was not that long, with time it made some great improvements. It can be bit hard to master this video editor but if you are not new in this field you can make it easily and will be total worth of time.
  • Get System Info from CLI Using `NeoFetch` Tool in Ubuntu/Linux Mint
  • Ukuu Kernel Manager Utility lets You Upgrade or Install Kernels in Ubuntu/Linux Mint
    There are many ways to upgrade your Linux Kernel using Synaptics, command line and so. The Ukuu utility is the simply solution to manager your Ubuntu/Linux Mint kernels. If you want to test new fixes in the Linux Kernel then you can install Mainline Kernels released by Ubuntu team but mainline Kernels are intended to use for testing purposes only (so be careful).
  • 10 Reasons Why You Should Use Vi/Vim Text Editor in Linux
    While working with Linux systems, there are several areas where you’ll need to use a text editor including programming/scripting, editing configuration/text files, to mention but a few. There are several remarkable text editors you’ll find out there for Linux-based operating systems.
  • OpenShot 2.3 Linux Video Editor New Features
    It’s been quite some time since we last talked about OpenShot, and more specifically when it had its second major release. Recently, the team behind the popular open source video editor has made its third point release available which happens to come with a couple of exciting new features and tools, so here is a quick guide on where to find them and how to use them.
  • Boostnote: Another Great Note Taking App for Developers? Find Out By Yourself
    Boostnote is an open-source note-taking application especially made for programmers and developers, it is build up with Electron framework and cross-platform available for Linux, Windows and Mac. Being programmers, we take lots of notes which includes commands, code snippets, bug information and so on. It all comes in handy when you have organized them all in one place, Boostnote does this job very well. It lets you organize your notes in folders with tags, so you can find anything you are looking for very quickly.
  • Collabora Office 5.3 Released
    Today we released Collabora Office 5.3 and Collabora GovOffice 5.3, which contain great new features and enhancements. They also contains all fixes from the upstream libreoffice-5-3 branch and several backported features.

Virtualization and Containers