6:56 p.m.
https://github.com/clearlinux-pkgs/findutils/blob/master/findutils.spec
There's no .timer file. That means locate's database is never automatically
updated. Should we run updatedb?
findutils is part of sysadmin-basic.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
7:32 p.m.
-----Original Message-----
From: Dev [mailto:dev-bounces@lists.clearlinux.org] On Behalf Of Thiago
Macieira
Sent: Tuesday, September 25, 2018 11:57 AM
To: dev(a)lists.clearlinux.org
Subject: [Clr-dev] Run updatedb every once in a while?
https://github.com/clearlinux-pkgs/findutils/blob/master/findutils.spec
There's no .timer file. That means locate's database is never
automatically
updated. Should we run updatedb?
findutils is part of sysadmin-basic.
It seems like we should ship a sensible .timer even if it's not enabled by default; at
least give users the option.
-- Brett
8:15 p.m.
On Tue, Sep 25, 2018 at 12:32 PM, Warden, Brett T
<brett.t.warden(a)intel.com> wrote:
> -----Original Message-----
> From: Dev [mailto:dev-bounces@lists.clearlinux.org] On Behalf Of Thiago
> Macieira
> Sent: Tuesday, September 25, 2018 11:57 AM
> To: dev(a)lists.clearlinux.org
> Subject: [Clr-dev] Run updatedb every once in a while?
>
> https://github.com/clearlinux-pkgs/findutils/blob/master/findutils.spec
>
> There's no .timer file. That means locate's database is never
> automatically
> updated. Should we run updatedb?
>
> findutils is part of sysadmin-basic.
It seems like we should ship a sensible .timer even if it's not enabled by default;
at least give users the option.
A timer would be fine with me though I'd consider having this run
every update too.
8:19 p.m.
On 9/25/2018 11:56 AM, Thiago Macieira wrote:
https://github.com/clearlinux-pkgs/findutils/blob/master/findutils.spec
There's no .timer file. That means locate's database is never automatically
updated. Should we run updatedb?
findutils is part of sysadmin-basic.
if we do this right we arm the timer the first time the user runs locate
so that if a system never ever runs locate, we don't pay the price
if we do this super nice we have swupd write out the db file from it's in memory data
;)
9:13 p.m.
On Tuesday, 25 September 2018 13:19:03 PDT Arjan van de Ven wrote:
On 9/25/2018 11:56 AM, Thiago Macieira wrote:
> https://github.com/clearlinux-pkgs/findutils/blob/master/findutils.spec
>
> There's no .timer file. That means locate's database is never
> automatically
> updated. Should we run updatedb?
>
> findutils is part of sysadmin-basic.
if we do this right we arm the timer the first time the user runs locate
so that if a system never ever runs locate, we don't pay the price
if we do this super nice we have swupd write out the db file from it's in
memory data ;)
Suggestion from discussion F2F with Arjan:
1) provide a .timer, which is enabled by default
2) modify updatedb:
a) if the database file does not exist, just create an empty file with atime
= time_t(0)
b) if the database file atime is still time_t(0), do nothing
c) otherwise, do update
That way, when the user runs locate, it'll update the database file's atime,
indicating that the user does want to run it. This allows a non-root user to
indicate that they want updatedb support.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
9:24 p.m.
Doesn't this result in a sub-par user experience on the first run?
-Rob
On 9/25/18, 2:14 PM, "Dev on behalf of Thiago Macieira"
<dev-bounces(a)lists.clearlinux.org on behalf of thiago.macieira(a)intel.com> wrote:
On Tuesday, 25 September 2018 13:19:03 PDT Arjan van de Ven wrote:
On 9/25/2018 11:56 AM, Thiago Macieira wrote:
> https://github.com/clearlinux-pkgs/findutils/blob/master/findutils.spec
>
> There's no .timer file. That means locate's database is never
> automatically
> updated. Should we run updatedb?
>
> findutils is part of sysadmin-basic.
if we do this right we arm the timer the first time the user runs locate
so that if a system never ever runs locate, we don't pay the price
if we do this super nice we have swupd write out the db file from it's in
memory data ;)
Suggestion from discussion F2F with Arjan:
1) provide a .timer, which is enabled by default
2) modify updatedb:
a) if the database file does not exist, just create an empty file with atime
= time_t(0)
b) if the database file atime is still time_t(0), do nothing
c) otherwise, do update
That way, when the user runs locate, it'll update the database file's atime,
indicating that the user does want to run it. This allows a non-root user to
indicate that they want updatedb support.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
_______________________________________________
Dev mailing list
Dev(a)lists.clearlinux.org
https://lists.clearlinux.org/mailman/listinfo/dev
9:36 p.m.
On 09/25/2018 02:24 PM, Nesius, Robert A wrote:
Doesn't this result in a sub-par user experience on the first
run?
only for users that don't have sudo access, really (the others will just
`sudo updatedb` instead).
But really, I've never liked this mechanism at all. Why can't we just
have a simple DBus service instead for this? None of it should ever run
as root (avoids potentially scraping private folders) etc...
Auke
9:41 p.m.
On Tuesday, 25 September 2018 14:36:19 PDT Auke Kok wrote:
On 09/25/2018 02:24 PM, Nesius, Robert A wrote:
> Doesn't this result in a sub-par user experience on the first run?
only for users that don't have sudo access, really (the others will just
`sudo updatedb` instead).
But really, I've never liked this mechanism at all. Why can't we just
have a simple DBus service instead for this? None of it should ever run
as root (avoids potentially scraping private folders) etc...
Updatedb needs to run as root so it can find all users' files. If it ran as an
unprivileged user and my $HOME were 0700, it would not find my files.
But one user shouldn't see a listing of another user's files. So you're right:
locate should ask a daemon to get the listing, so daemon filters the listing
to what the user should see. That's a much bigger change than I'm prepared to
make: rewrite / rearchitect locate.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
9:50 p.m.
I've never seen home directories indexed by locate, probably because the db is built
by 'nobody' on other systems and skips anything not world readable.
Root shouldn't be running this.
-Rob
On 9/25/18, 2:41 PM, "Macieira, Thiago" <thiago.macieira(a)intel.com>
wrote:
On Tuesday, 25 September 2018 14:36:19 PDT Auke Kok wrote:
On 09/25/2018 02:24 PM, Nesius, Robert A wrote:
> Doesn't this result in a sub-par user experience on the first run?
only for users that don't have sudo access, really (the others will just
`sudo updatedb` instead).
But really, I've never liked this mechanism at all. Why can't we just
have a simple DBus service instead for this? None of it should ever run
as root (avoids potentially scraping private folders) etc...
Updatedb needs to run as root so it can find all users' files. If it ran as an
unprivileged user and my $HOME were 0700, it would not find my files.
But one user shouldn't see a listing of another user's files. So you're
right:
locate should ask a daemon to get the listing, so daemon filters the listing
to what the user should see. That's a much bigger change than I'm prepared to
make: rewrite / rearchitect locate.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
9:56 p.m.
On Tuesday, 25 September 2018 14:50:00 PDT Nesius, Robert A wrote:
I've never seen home directories indexed by locate, probably
because the db
is built by 'nobody' on other systems and skips anything not world
readable.
On my openSUSE:
$ locate -r bin/gcc\$
/home/tjmaciei/bin/gcc
/usr/bin/gcc
But $HOME is 755.
Root shouldn't be running this.
One solution would be to run as the "locate" user, with CAP_DAC_READ_SEARCH
added. Or run as root with all other privileges dropped. Either is something
systemd can do
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
10:25 p.m.
Why can't we use the nobody user? We have one.
-Rob
On 9/25/18, 2:56 PM, "Dev on behalf of Thiago Macieira"
<dev-bounces(a)lists.clearlinux.org on behalf of thiago.macieira(a)intel.com> wrote:
On Tuesday, 25 September 2018 14:50:00 PDT Nesius, Robert A wrote:
I've never seen home directories indexed by locate, probably
because the db
is built by 'nobody' on other systems and skips anything not world
readable.
On my openSUSE:
$ locate -r bin/gcc\$
/home/tjmaciei/bin/gcc
/usr/bin/gcc
But $HOME is 755.
Root shouldn't be running this.
One solution would be to run as the "locate" user, with CAP_DAC_READ_SEARCH
added. Or run as root with all other privileges dropped. Either is something
systemd can do
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
_______________________________________________
Dev mailing list
Dev(a)lists.clearlinux.org
https://lists.clearlinux.org/mailman/listinfo/dev
9:52 p.m.
On Tuesday, 25 September 2018 14:41:43 PDT Thiago Macieira wrote:
But one user shouldn't see a listing of another user's files.
So you're
right: locate should ask a daemon to get the listing, so daemon filters the
listing to what the user should see. That's a much bigger change than I'm
prepared to make: rewrite / rearchitect locate.
Half-jokingly:
Is this systemd-located?
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
9:53 p.m.
-----Original Message-----
From: Dev [mailto:dev-bounces@lists.clearlinux.org] On Behalf Of Thiago
Macieira
Sent: Tuesday, September 25, 2018 2:53 PM
To: dev(a)lists.clearlinux.org
Subject: Re: [Clr-dev] Run updatedb every once in a while?
On Tuesday, 25 September 2018 14:41:43 PDT Thiago Macieira wrote:
> But one user shouldn't see a listing of another user's files. So
you're
> right: locate should ask a daemon to get the listing, so daemon
filters the
> listing to what the user should see. That's a much bigger change than
I'm
> prepared to make: rewrite / rearchitect locate.
Half-jokingly:
Is this systemd-located?
We currently provide findutils locate. mlocate might be a good alternative.
-- Brett
1335
days inactive
1335
days old
12 comments
6 participants
participants (6)
-
Arjan van de Ven -
Auke Kok -
Douglas, William -
Nesius, Robert A -
Thiago Macieira -
Warden, Brett T