Prevent periodic/etc/weekly/340.noid from descending into root directories
of jails. Jails have their own user/group databases and this script can produce multiple false warnings, not to mention significant extra load in case of large jailed subtrees. Leave this check for jailed invocations of the same script. MFC after: 1 month
This commit is contained in:
Eugene Grosbein
parent
7b3c65ba1c
commit
ab478b0185
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=340322
@ -16,8 +16,26 @@ case "$weekly_noid_enable" in
|
||||
echo ""
|
||||
echo "Check for files with an unknown user or group:"
|
||||
|
||||
# Host should not test jailed subtrees as jails have their own
|
||||
# databases of users and groups. Leave them for jailed invocations
|
||||
# of this script.
|
||||
|
||||
exclude=''
|
||||
if [ $(sysctl -n security.jail.jailed) = 0 ]; then
|
||||
sep=:
|
||||
OIFS="$IFS"
|
||||
IFS="$sep"
|
||||
for param in $(jail -f "`syscrc jail_conf`" -e "$sep")
|
||||
do
|
||||
case "$param" in
|
||||
path=*) exclude="$exclude -path ${param#path=} -prune -or"
|
||||
esac
|
||||
done
|
||||
IFS="$OIFS"
|
||||
fi
|
||||
|
||||
rc=$(find -H ${weekly_noid_dirs:-/} \
|
||||
\( ! -fstype local -prune -or -name \* \) -and \
|
||||
\( $exclude ! -fstype local -prune -or -name \* \) -and \
|
||||
\( -nogroup -o -nouser \) -print | sed 's/^/ /' |
|
||||
tee /dev/stderr | wc -l)
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user