> This is not a bug, "-mtime +0" assumes that you are using GNU find.
> "-mtime +1", while more lax, will work correctly with all versions
> of find. In practice, it is not a problem if some cookies/tickets
> hang around for an extra day.
Ah, got it, thanks, that was byond my unix knowledge. Maybe updating
the comment in that file would be good.
> That's fine. Most people don't keep other stuff under /var/cosign,
> hence the simpler example script in the cosign distribution.
I keep crts in a subdir, as well as the templates and html for my site.
Is there any reason not to do this, assuming permissions and selinux
contexts are set correctly?
I was mostly just worried about somebody doing it, running that cleanup
file, and losing other stuff not in daemon, tickets, and filter.
Chris
On 2013-05-30 07:40, Mark Montague wrote:
> On May 29, 2013 18:28 , Chris Hecker <chec...@d6.com> wrote:
>> Oh, and the one in scripts/cron has a bug, it uses +1 instead of +0 for
>> -mtime.
>
> This is not a bug, "-mtime +0" assumes that you are using GNU find.
> "-mtime +1", while more lax, will work correctly with all versions of
> find. In practice, it is not a problem if some cookies/tickets hang
> around for an extra day.
>
>
>> Okay, is there any reason this is a bad idea?
>>
>> [root] /var/cosign# cat /etc/cron.hourly/cosign
>> #!/bin/bash
>> dirs=( /var/cosign/filter /var/cosign/daemon /var/cosign/tickets )
>> for d in ${dirs[@]}; do
>> [ -d $d ] && /usr/bin/find $d -type f -mtime +0 |
>> /usr/bin/xargs /bin/rm -f
>> done
>> exit 0
>>
>> I have other related stuff in /var/cosign and your script (and the one
>> in scripts) toasts everything old in subdirectories.
>
> That's fine. Most people don't keep other stuff under /var/cosign,
> hence the simpler example script in the cosign distribution.
>
>
>> I want to delete all three of those old files, right, tickets, daemon,
>> and filter (on machines running both the daemon and a service)?
>
> Correct. And on each of your cosign-protected web servers (the machines
> running the filter which are not central weblogin servers) you want to
> delete old cookie files (/var/cosign/filter) and, if the
> cosign-protected web server gets proxied Kerberos tickets from the
> central weblogin servers then you want to delete expired ticket files on
> these client webservers too.
>
> --
> Mark Montague
> m...@catseye.org
>
>
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
