On Sun, May 06, 2012 at 11:20:42AM +0300, Daniel Kalchev wrote:
>
> On May 4, 2012, at 7:05 PM, Freddie Cash wrote:
>
> > A few of the periodic(8) scripts in FreeBSD have constructs similar to
> > the following to get which filesystems to scan for various things:
> > MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
> >
> > For systems with large ZFS pools, and many ZFS filesystems, these
> > periodic scripts can grind it to its knees, and then some. For
> > backups servers where we don't really care about the
> > ownership/permissions of files from the FreeBSD perspective, we really
> > don't want the ZFS filesytems to be scanned;
> […]
>
> The script already accommodates this scenario. Just mount your storage
> filesystems with 'nosuidexec' and they won't be scanned.
> You all may be interested in this [1] but I have not touched it in a while and backed it out of a working source tree about a month ago so I am no longer tracking it. But last I used it, it was working cleanly. Configuration was like so... daily_status_security_chknoid_enable="YES" daily_status_security_chknoid_dirs="/ /home /tmp /var /usr/local" The same thing should also be done for anything that traverses multiple filesystems by default configuration and reporting output should remain consistent. The current reporting format of these scripts is nearly rediculous in its current use of diff(1). 1). http://code.google.com/p/jhell/source/browse/340.noid.patch?repo=patches -- - (2^(N-1))
pgpynu62gVQ1d.pgp
Description: PGP signature
