> This is not a bug, "-mtime +0" assumes that you are using GNU find. > "-mtime +1", while more lax, will work correctly with all versions > of find. In practice, it is not a problem if some cookies/tickets > hang around for an extra day.
Ah, got it, thanks, that was byond my unix knowledge. Maybe updating the comment in that file would be good. > That's fine. Most people don't keep other stuff under /var/cosign, > hence the simpler example script in the cosign distribution. I keep crts in a subdir, as well as the templates and html for my site. Is there any reason not to do this, assuming permissions and selinux contexts are set correctly? I was mostly just worried about somebody doing it, running that cleanup file, and losing other stuff not in daemon, tickets, and filter. Chris On 2013-05-30 07:40, Mark Montague wrote: > On May 29, 2013 18:28 , Chris Hecker <chec...@d6.com> wrote: >> Oh, and the one in scripts/cron has a bug, it uses +1 instead of +0 for >> -mtime. > > This is not a bug, "-mtime +0" assumes that you are using GNU find. > "-mtime +1", while more lax, will work correctly with all versions of > find. In practice, it is not a problem if some cookies/tickets hang > around for an extra day. > > >> Okay, is there any reason this is a bad idea? >> >> [root] /var/cosign# cat /etc/cron.hourly/cosign >> #!/bin/bash >> dirs=( /var/cosign/filter /var/cosign/daemon /var/cosign/tickets ) >> for d in ${dirs[@]}; do >> [ -d $d ] && /usr/bin/find $d -type f -mtime +0 | >> /usr/bin/xargs /bin/rm -f >> done >> exit 0 >> >> I have other related stuff in /var/cosign and your script (and the one >> in scripts) toasts everything old in subdirectories. > > That's fine. Most people don't keep other stuff under /var/cosign, > hence the simpler example script in the cosign distribution. > > >> I want to delete all three of those old files, right, tickets, daemon, >> and filter (on machines running both the daemon and a service)? > > Correct. And on each of your cosign-protected web servers (the machines > running the filter which are not central weblogin servers) you want to > delete old cookie files (/var/cosign/filter) and, if the > cosign-protected web server gets proxied Kerberos tickets from the > central weblogin servers then you want to delete expired ticket files on > these client webservers too. > > -- > Mark Montague > m...@catseye.org > > ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss