Language Selection

English French German Italian Portuguese Spanish

Custom scripting gives users a safe-du

Filed under
HowTos

My company has a Linux cluster with a terabyte of attached storage. Over time we noticed the head node was becoming more overloaded. Inspection of the system showed that users were starting dozens of copies of the du utility to determine disk space usage. This was a natural thing for them to do, because they had a need to know how much disk space was available. A lack of disk space would cause their software builds and tests to fail. The problem was that it takes five to seven hours for a du of the entire shared filesystem. Thus, when the filesystem was nearly full (as it of course usually was), the number of du processes would increase almost exponentially.

To address this problem, we first set up automated nightly disk space reports, so that users could check the status without running du. This still did not solve the problem, as the amount of used space could fluctuate dramatically over the course of 24 hours. Users still wanted and needed to run their own du processes throughout the workday.

While adding more disk space would have solved the problem, we are using a large disk array that is already filled to maximum capacity. In general, users tend to fill up all available disk space anyway, no matter how much you give them.

We then developed a policy: users could run du on any directory they owned. In addition, user du processes would be allowed to run for a maximum of one hour of wall time. Users in the wheel group would be exempt from these restrictions.

I was given the task of developing a tool to implement this policy. Some sort of wrapper around the existing du seemed like an obvious choice: the script could validate the input, abort if an invalid path was given, and terminate the du process if it ran too long.

I wrote a basic bash script in perhaps an hour's time. Then I thought about how to run it, and that is where I ran into trouble. I had thought that I would make the script set user id (setuid) or set group id (setgid) root, i.e. when run by any user it would actually run in the root group. Then, I could change the permissions on the real du so that only root could run it. The result would be that normal users could only access the real du through the wrapper script.

Of course that would make a pretty boring article, and in reality it didn't turn out to be that simple:

Full Story.

More in Tux Machines

This Is How the New Linux Mint 18 Cinnamon Theme Looks Like

Linux Mint project leader and maintainer Clement Lefebvre dropped some exciting news today about what users should expect from the upcoming Linux Mint 18 "Sarah" operating system. Read more

The May 2016 Issue of the PCLinuxOS Magazine

The PCLinuxOS Magazine staff is pleased to announce the release of the May 2016 issue. With the exception of a brief period in 2009, The PCLinuxOS Magazine has been published on a monthly basis since September, 2006. The PCLinuxOS Magazine is a product of the PCLinuxOS community, published by volunteers from the community. The magazine is lead by Paul Arnote, Chief Editor, and Assistant Editor Meemaw. The PCLinuxOS Magazine is released under the Creative Commons Attribution- NonCommercial-Share-Alike 3.0 Unported license, and some rights are reserved. In the May 2016 issue: * Netflix On PCLinuxOS: 18 Months Later * TubiTV: A Free Streaming Alternative * ms_meme's Nook: PCLinuxOS Is The Top * PCLinuxOS Family Member Spotlight: jlane01 * GIMP Tutorial: Make A Folded Map * Game Zone: Zombasite * PCLinuxOS Recipe Corner * Tip Top Tips: Update Your BIOS The Easy Way * PCLinuxOS Puzzled Partitions * And much more inside! This month’s magazine cover image was designed by Paul Arnote. Download the PDF (8.1 MB) http://pclosmag.com/download.php?f=2016-05.pdf Download the EPUB Version (4.9 MB) http://pclosmag.com/download.php?f=201605epub.epub Download the MOBI Version (9.0 MB) http://pclosmag.com/download.php?f=201605mobi.mobi Visit the HTML Version http://pclosmag.com/html/enter.html

A step ahead on Drupal 8 with easy accessibility design

The biggest mistake is bigger than Drupal: They don't consider it at all. This isn't a platform thing, it's a problem that is endemic to the web. Big companies get dragged into accessibility via legal threats. Small companies don't even think about it. Just the act of raising accessibility as an issue, and asking your team to keep it in mind throughout the design and development process is a big deal. You have to start somewhere. Read more

today's leftovers

  • Podcast Season 4 Episode 8
    In this episode: Bitcoin scandal. RMS wins an award. Savers and rich people can buy the DragonBox Prya (thanks Canseco!) and Devuan reaches beta. Plus loads of Finds, Neurons and a long-stewing Voice of the Masses.
  • Interop: SDN Growing to $12.5B, SD-WAN to $6B
    "Open source is not just at the bottom of the networking stack, it now goes from layer 2 all the way up to network and security services," Casemore said. "It's significant fact in the market landscape and vendors have to give it due consideration."
  • RcppArmadillo 0.6.700.6.0
    A second Armadillo release 6.700.6 came out in the 6.700 series, and we uploaded RcppArmadillo 0.6.700.6.0 to CRAN and Debian. This followed the usual thorough reverse-dependecy checking of by now 220 packages using.
  • Vivaldi Browser's New Snapshot Adds Editable Mouse Gestures, Tab Improvements
    We've been informed by Vivaldi's Ruarí Ødegaard about the availability of a new snapshot build of the proprietary Vivaldi web browser for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows. Vivaldi Snapshot 1.2.470.11 is now live for those who want to get an early taste of what's coming in the next stable update of the cross-platform web browser, which it looks like it gets a lot of attention lately, especially from those who want to migrate from Chromium-based browsers like Google Chrome or Opera. And today's snapshot introduces editable mouse gestures.
  • GNOME's Nautilus File Manager: "Its Best Moment Since It Was Created"
    At various points in GNOME's history the Nautilus file manager has been less than maintained, but these days the situation is much brighter. GNOME developer Carlos Soriano has come out to write about how great the Nautilus situation is these days. Soriano wrote in a new blog post, "as far as I can see the development status of Nautilus it’s in its best moment since it was created, and part of that is thanks of the status of gtk+ development and the values and vision of GNOME as a project."
  • Neptune Linux 4.5.1 ISO Out Now with USB 3 Boot Support, KDE Plasma 5.6.2
    Neptune developer Leszek Lesner announced the release and general availability of a new Live ISO image for his Neptune Linux rolling operating system, version 4.5.1. The new Neptune Linux 4.5.1 ISO is now ready for download and includes all the updated packages and security patches released in the distribution's main software repositories since Neptune 4.5.
  • My free software activities, April 2016
  • m23 rock 16.2 brings support for Ubuntu 16.04 clients
    From this version on, m23 offers support for m23 clients using Ubuntu 16.04 LTS Xenial Xerus. A set of desktop environments is, of course, included for the new Ubuntu. Friends of the Univention Corporate Servers will be happy to hear that the m23 app is now available in the Univention App Center. As always, several small improvements have also been made to various parts of the software.
  • Unity 8 and Snaps Are the Future of the Ubuntu Desktop, After Ubuntu 16.10
    Today, May 5, 2016, is the last day of the Ubuntu Online Summit 2016, and we've just attended a very exciting session where the Ubuntu developers have discussed the future of the Ubuntu Desktop after Ubuntu 16.10 (Yakkety Yak). You can watch the entire session below if you don't want to read the next paragraphs, but as usual, we'll try to detail and explain a few things for you so that you know now what to expect from future versions of the Ubuntu Linux operating system, on the desktop, of course.
  • Router hackers reach for the fork: LEDE splits from OpenWRT
    A split seems to have emerged in the Linux-router-OS community, with a breakaway group splitting from OpenWRT. OpenWRT is the chief open router firmware implementation, but it has run into headwinds of late. For example, downtime for the group earlier this year was traced back to the small organisation running a single, small, server without redundancy.
  • Samsung’s 360 degree camera will cost just about $350, oh and it runs Tizen !
    Samsung is one of those big guns from the consumer electronics market who has been betting huge on Virtual Reality. After partnering with Oculus for the Gear VR headset which has set its own benchmark for the best untethered VR solution one can buy, now that the headset has been in good shape, Samsung is working out ways to deliver content on it. Samsung have joined hands with multiple partners to provide VR experiences on its Milk VR platform and had also unveiled its own 360 degree camera at Unpacked 2016 event back in february- Gear 360 to let almost anyone to produce 360 degree content that can be viewed on the Gear VR.