Language Selection

English French German Italian Portuguese Spanish

Custom scripting gives users a safe-du

Filed under
HowTos

My company has a Linux cluster with a terabyte of attached storage. Over time we noticed the head node was becoming more overloaded. Inspection of the system showed that users were starting dozens of copies of the du utility to determine disk space usage. This was a natural thing for them to do, because they had a need to know how much disk space was available. A lack of disk space would cause their software builds and tests to fail. The problem was that it takes five to seven hours for a du of the entire shared filesystem. Thus, when the filesystem was nearly full (as it of course usually was), the number of du processes would increase almost exponentially.

To address this problem, we first set up automated nightly disk space reports, so that users could check the status without running du. This still did not solve the problem, as the amount of used space could fluctuate dramatically over the course of 24 hours. Users still wanted and needed to run their own du processes throughout the workday.

While adding more disk space would have solved the problem, we are using a large disk array that is already filled to maximum capacity. In general, users tend to fill up all available disk space anyway, no matter how much you give them.

We then developed a policy: users could run du on any directory they owned. In addition, user du processes would be allowed to run for a maximum of one hour of wall time. Users in the wheel group would be exempt from these restrictions.

I was given the task of developing a tool to implement this policy. Some sort of wrapper around the existing du seemed like an obvious choice: the script could validate the input, abort if an invalid path was given, and terminate the du process if it ran too long.

I wrote a basic bash script in perhaps an hour's time. Then I thought about how to run it, and that is where I ran into trouble. I had thought that I would make the script set user id (setuid) or set group id (setgid) root, i.e. when run by any user it would actually run in the root group. Then, I could change the permissions on the real du so that only root could run it. The result would be that normal users could only access the real du through the wrapper script.

Of course that would make a pretty boring article, and in reality it didn't turn out to be that simple:

Full Story.

More in Tux Machines

Leftovers: Software

  • Calibre 2.29 Includes Small Improvements Only
    As you may already know, Calibre is an open-source book management software, with many interesting features including e-book conversion, e-book viewer, library to ebook reader synchronization and support for the most popular eBook formats, including: epub, cbz, mobi, fb2. Being multi-platform, the app works on Linux, Windows and Mac OS X.
  • 3 Relatively Unknown Open Source Web Browsers for Linux that Packs the Punch
    Browser wars has been going on for more than a decade now and yet, there are no signs of a let down by any parties involved. In fact, things are only hotting up with the big three competing tooth and nail to become the leader of the pack. But that's not the entire story. A host of niche players are also in the market which are equally good and sometimes even better. Here, we'll discuss 3 superb free and open source web browsers you've probably never heard about.
  • Nemo 2.6 Gets A Plugin Manager, More [`Nemo With Unity Patches` PPA Updated]
    While Nemo 2.6 wasn't officially released yet (Cinnamon 2.6 is currently undergoing testing in the Linux Mint Romeo repository), its source has been available for some time on GitHub.
  • WinFF Review - Convert Any Video File with Ease
    WinFF is a tool that uses FFMPEG to convert any kind of video files by using a large number of presets and a ton of other options. It's been around for a long while, so it's time to take a closer look at it and see how it has endured the passage of time.
  • FusionForge 6.0 final release available
    After 4 release candidates, the FusionForge community is proud to announce the new major Fusionforge 6.0 final release.
  • Wine 1.7.44 Brings Support for Numerous Games
    Wine devs have announced that a new version of their application is out and it comes with some very interesting features, including improved support for the 64-bit platform.
  • Wine 1.7.44 Works On More 64-bit ARM Support
    Wine 1.7.44 is out this morning to end out the month of May for the Wine development community.

today's howtos

Raspberry Pi 2 Spotted in Point Break Remake, CSI: Cyber, and Big Hero 6

The movie industry has started to take note that there are very small PCs out there, like the Raspberry Pi 2, and producers have started to add them to film. Point Break is just one example. Read more

Leftovers: Gaming