Language Selection

English French German Italian Portuguese Spanish

Custom scripting gives users a safe-du

Filed under
HowTos

My company has a Linux cluster with a terabyte of attached storage. Over time we noticed the head node was becoming more overloaded. Inspection of the system showed that users were starting dozens of copies of the du utility to determine disk space usage. This was a natural thing for them to do, because they had a need to know how much disk space was available. A lack of disk space would cause their software builds and tests to fail. The problem was that it takes five to seven hours for a du of the entire shared filesystem. Thus, when the filesystem was nearly full (as it of course usually was), the number of du processes would increase almost exponentially.

To address this problem, we first set up automated nightly disk space reports, so that users could check the status without running du. This still did not solve the problem, as the amount of used space could fluctuate dramatically over the course of 24 hours. Users still wanted and needed to run their own du processes throughout the workday.

While adding more disk space would have solved the problem, we are using a large disk array that is already filled to maximum capacity. In general, users tend to fill up all available disk space anyway, no matter how much you give them.

We then developed a policy: users could run du on any directory they owned. In addition, user du processes would be allowed to run for a maximum of one hour of wall time. Users in the wheel group would be exempt from these restrictions.

I was given the task of developing a tool to implement this policy. Some sort of wrapper around the existing du seemed like an obvious choice: the script could validate the input, abort if an invalid path was given, and terminate the du process if it ran too long.

I wrote a basic bash script in perhaps an hour's time. Then I thought about how to run it, and that is where I ran into trouble. I had thought that I would make the script set user id (setuid) or set group id (setgid) root, i.e. when run by any user it would actually run in the root group. Then, I could change the permissions on the real du so that only root could run it. The result would be that normal users could only access the real du through the wrapper script.

Of course that would make a pretty boring article, and in reality it didn't turn out to be that simple:

Full Story.

More in Tux Machines

Sabayon 15.04 Linux Distro Brings Xfce 4.12, Native Nvidia and AMD Video Drivers Support

The Sabayon development team had the pleasure of informing its users about the immediate availability for download of the latest monthly release of their Sabayon Linux operating system derived from the well-known Gentoo distribution. Read more

Fedora 22 Alpha Now Available For AArch64 & PowerPC64

The alpha release of Fedora 22 was released a few weeks ago for the primary CPU architectures while finally coming out today is the F22 Alpha for 64-bit ARM and PowerPC architectures. Peter Robinson announced this afternoon the Fedora 22 Alpha release for AArch64 and Power64 architectures. These alternative architecture spins of the very promising Fedora 22 are primarily focused on the Server Edition of Fedora Linux. AArch64 and Power64 users of Fedora can learn more about this first Fedora 22 development release via the mailing list announcement. Fedora 22 is expected to be officially released in May. Read more

SME Server 9.1 Beta 1 Is Now Available for Download, Based on CentOS 6.6

The Koozali SME Server development team, through Terry Fage, was pleased to announce today, March 30, the immediate availability for download and testing of the SME Server 9.1 Beta 1 computer operating system, which is now based on the upstream CentOS distribution, which in turn is based on Red Hat Enterprise Linux. Read more

4MLinux Allinone Edition 12.0 Operating System Has It All

4MLinux Allinone Edition, a Linux operating system built from scratch that wants to provide a complete desktop experience while keeping the smallest size possible, has been upgraded to version 12.0. Read more