Various changes to mirror-wrapper.
* Introduce a test to make sure the script is being run by the correct user. * Do all testing before locking. * Drop disk caches before starting work. * Check for files with the wrong owner/group before doing a sync. * Run the mirror script with the configured group as primary.
This commit is contained in:
parent
0ef6396933
commit
ccbfd96242
1 changed files with 35 additions and 18 deletions
|
|
@ -3,6 +3,10 @@
|
|||
|
||||
# Configuration.
|
||||
COMMAND="/opt/bin/mirror"
|
||||
DEPOSITORY="/data/depository"
|
||||
MIRRORING_USER="mirroring"
|
||||
SBOSRCARCH_USER="sbosrcarch"
|
||||
DEPOSITORY_GROUP="depository"
|
||||
LOGSDIR="/var/log/duplication/mirroring/$(printf "%(%Y/%m)T")"
|
||||
LOGFILE="$(printf "%(%Y%m%d-%H%M%S)T")-$$"
|
||||
MIN_LOGFILE_SIZE="650" # Used to prevent unnecessary emails - only messages over this size are sent.
|
||||
|
|
@ -22,9 +26,22 @@ notify() {
|
|||
return 0
|
||||
}
|
||||
|
||||
# Don't run as root!
|
||||
(( $(id -u) == 0 )) && {
|
||||
printf "%s: %s\\n" "${0##*/}" "don't run me as root - it messes up permissions!" >&2
|
||||
# Only run for the configured mirroring user.
|
||||
[[ "$(whoami)" != "$MIRRORING_USER" ]] && {
|
||||
printf "%s: %s\\n" "${0##*/}" "must be run by the '$MIRRORING_USER' user - use su to run manually" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Make sure the logs directory exists.
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || {
|
||||
printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Make sure the command to do the work is runnable.
|
||||
[[ ! -x "$COMMAND" ]] && {
|
||||
printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
|
@ -46,22 +63,22 @@ fi
|
|||
# Logs are only for root.
|
||||
umask 027
|
||||
|
||||
# Make sure the logs directory exists.
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || {
|
||||
printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Make sure the command to do the work is runnable.
|
||||
[[ ! -x "$COMMAND" ]] && {
|
||||
printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2
|
||||
exit 1
|
||||
}
|
||||
# Drop the caches as sometimes old user/groups are cached.
|
||||
sudo /opt/sbin/drop-caches
|
||||
|
||||
# Make sure there's no errant ownerships.
|
||||
WRONG_PERMS="$(find "$DEPOSITORY" \( \( \! -user "$MIRRORING_USER" -a \! -user "$SBOSRCARCH_USER" \) -o \( \! -group "$DEPOSITORY_GROUP" \) \) -a \! -path "$DEPOSITORY" -printf "%u:%g\t%P\n")"
|
||||
if [[ -n "$WRONG_PERMS" ]]; then
|
||||
printf "%s\\n" "This sync has been aborted!" >"$LOGSDIR/$LOGFILE"
|
||||
printf "%s\\n" "The following files in have errant permissions:" >>"$LOGSDIR/$LOGFILE"
|
||||
printf "%s\\n" "$WRONG_PERMS" >>"$LOGSDIR/$LOGFILE"
|
||||
ERR=-1
|
||||
else
|
||||
# Do the mirroring work.
|
||||
"$COMMAND" "$@" >"$LOGSDIR/$LOGFILE" 2>&1
|
||||
export MIRRORING_USER
|
||||
sg "$DEPOSITORY_GROUP" -c "$COMMAND" "$@" >"$LOGSDIR/$LOGFILE" 2>&1
|
||||
ERR="$?"
|
||||
fi
|
||||
|
||||
# Tell the sysadmin what went on.
|
||||
if (( "$ERR" == 0 )); then
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue