Language Selection

English French German Italian Portuguese Spanish

Custom scripting gives users a safe-du

Filed under
HowTos

My company has a Linux cluster with a terabyte of attached storage. Over time we noticed the head node was becoming more overloaded. Inspection of the system showed that users were starting dozens of copies of the du utility to determine disk space usage. This was a natural thing for them to do, because they had a need to know how much disk space was available. A lack of disk space would cause their software builds and tests to fail. The problem was that it takes five to seven hours for a du of the entire shared filesystem. Thus, when the filesystem was nearly full (as it of course usually was), the number of du processes would increase almost exponentially.

To address this problem, we first set up automated nightly disk space reports, so that users could check the status without running du. This still did not solve the problem, as the amount of used space could fluctuate dramatically over the course of 24 hours. Users still wanted and needed to run their own du processes throughout the workday.

While adding more disk space would have solved the problem, we are using a large disk array that is already filled to maximum capacity. In general, users tend to fill up all available disk space anyway, no matter how much you give them.

We then developed a policy: users could run du on any directory they owned. In addition, user du processes would be allowed to run for a maximum of one hour of wall time. Users in the wheel group would be exempt from these restrictions.

I was given the task of developing a tool to implement this policy. Some sort of wrapper around the existing du seemed like an obvious choice: the script could validate the input, abort if an invalid path was given, and terminate the du process if it ran too long.

I wrote a basic bash script in perhaps an hour's time. Then I thought about how to run it, and that is where I ran into trouble. I had thought that I would make the script set user id (setuid) or set group id (setgid) root, i.e. when run by any user it would actually run in the root group. Then, I could change the permissions on the real du so that only root could run it. The result would be that normal users could only access the real du through the wrapper script.

Of course that would make a pretty boring article, and in reality it didn't turn out to be that simple:

Full Story.

More in Tux Machines

Parental Controls for Linux Unleashed

For years, one of the overlooked areas for the Linux desktop was access to “effective” parental controls. Back in 2003, I remember the now defunct Linspire (then known as Lindows) offered a proprietary option called SurfSafe. Surprisingly, at least back then, the product worked very well in providing accurate content filtering capabilities; something that was not,in fact, available and easy-to-use at that time. Years later, an open-source alternative was released to the greater Linux community known as GNOME Nanny. Fantastic in terms of usage control, its web content web filter was laughably terrible. As expected, crowd-sourcing a filtering list isn’t a great solution. And like SurfSafe, the project is now defunct. Read more

Chapeau 24 Cancellara - Same same but different

Fedora plus Moka icons plus some extra software, mainly coming from proprietary sources. I guess that's the best way to describe Chapeau. But then, what separates one distro from another if not a collection of decorations, as software is essentially the same, apart from a very small number of standalone distributions trying to develop their own identity with their own desktop environments and app stack, re: elementary or Solus + Budgie? Except they struggle, too. Chapeau 24 is a nice effort to make Fedora friendlier, but then it does not achieve the needed result without pain. The biggest issues included a botched smartphone support. Samba woes and the horrible bootloader bug. Other than that, it behaved more or less the same way as the parent distro. Then again, why bother if you can pimp up Fedora without any loss of functionality? I do like Chapeau Cancellara, but I cannot ignore the fact Fedora does the same with fewer problems. All in all, it's a welcome effort, but it needs more polish. It does not quite capture the heart the way Fuduntu did. And with some issues looming high above the distro, the grade can only be about 6/10. Most importantly, the bootloader setup must be flawless, and there's not excuse for small app errors that we've seen. We know it can do more. Anyhow, if you're not keen on any self-service round Fedora, this could be a good test bed for your games. A moderately worthy if somewhat risky and flawed experience. Read more

Mofo Linux: The Raw Materials for Security

The developers of Mofo Linux talk a good game. From the name’s origin in abusive street slang to its self-description on the home page as “Linux designed to defeat state censorship and surveillance,” Mofo presents itself as a champion of security and privacy. Nor is the claim unjustified. However, rather than putting security and privacy into the hands of ordinary users, Mofo simply presents the tools and leaves users to figure them out with a minimum of help. The result is a promising distribution that with only slightly more work, could be a leading one. Just possibly, though, this approach is a deliberate tactic, and not the carelessness it appears. Based on Ubuntu, the current release of Mofo offers nothing different in the way of productivity tools. It uses Unity for a desktop, and its applications are the standard GNOME ones. In fact, Mofo shows such little interest in such matters that it does not bother to change the title bar in the installer from Ubuntu. Read more

Happily Announcing Mageia 5.1

As we’re getting closer to the end of the year, Mageia has a present for you! We are very pleased to announce the release of Mageia 5.1! This release – like Mageia 4.1 was in its time – is a respin of the Mageia 5 installation and Live ISO images, based on the Mageia 5 repository and incorporating all updates to allow for an up to date installation without the need to install almost a year and a half worth of updates. It is therefore recommended for new installations and upgrades from Mageia 4. The new images are available from the downloads page, both directly and through torrents. Read more Also: After a long wait, Mageia was released! Well, sort of...