diff --git a/drop-caches b/drop-caches new file mode 100755 index 0000000..c6f10e6 --- /dev/null +++ b/drop-caches @@ -0,0 +1,4 @@ +#!/bin/bash +# Used by the mirroring user to refresh the nfs cache before doing a mirroring run. + +echo 3 >/proc/sys/vm/drop_caches diff --git a/mirror b/mirror index 3a28814..201a4c0 100755 --- a/mirror +++ b/mirror @@ -17,7 +17,7 @@ MAX_RUNS="3" # Maximum number of runs IPV4="5.101.171.215" DATADIR="/data/depository" RSYNC_COMMAND="/usr/bin/rsync" -RSYNC_REMOTE_OPTIONS=('-4' "--address=$IPV4" '--no-motd' '--contimeout=30' '--timeout=60' '-aH' '--chmod=go-w,+rX' '--partial' '--partial-dir=.rsync-tmp' '--delete-delay' '--delay-updates') +RSYNC_REMOTE_OPTIONS=('-4' "--address=$IPV4" '--no-motd' '--contimeout=30' '--timeout=60' '-aH' '--no-owner' '--no-group' '--chmod=go-w,+rX' '--partial' '--partial-dir=.rsync-tmp' '--delete-delay' '--delay-updates') RSYNC_LOCAL_OPTIONS=('-aH' '--chmod=go-w,+rX' '--partial' '--partial-dir=.rsync-tmp' '--delay-updates') # RSYNC_VERBOSE=('--verbose' '--human-readable') # RSYNC_VERBOSE=('--progress' '--verbose' '--stats' '--human-readable') @@ -163,6 +163,24 @@ SLACKARCHIVE_FILTER=('--exclude=source/' '--include=/slackware-15.0' '--include= ####################################################################################################################################### +# Only allow the script to be run from the wrapper. +[[ ! -v MIRRORING_USER ]] && { + echo "ERROR: this script should only be run by mirror-wrapper" >&2 + exit 1 +} + +# Make sure the users match. +[[ "$(whoami)" != "$MIRRORING_USER" ]] && { + echo "ERROR: this script should be run by the '$MIRRORING_USER' only - use su to run manually" >&2 + exit 1 +} + +# Move to the depository directory. +cd "$DATADIR" >/dev/null 2>&1 || { + echo "ERROR: $DATADIR does not exist." >&2 + exit 1 +} + # Only allow one copy of the script to run at any time. # shellcheck disable=SC2154 if [[ "$FLOCK" != "$0" ]]; then @@ -178,12 +196,6 @@ if [[ "$FLOCK" != "$0" ]]; then fi fi -# Move to the depository directory. -cd "$DATADIR" >/dev/null 2>&1 || { - echo "ERROR: $DATADIR does not exist." >&2 - exit 1 -} - # Variables declare -a LFTP_LIST RSYNC_LIST diff --git a/mirror-wrapper b/mirror-wrapper index 61be5f4..9f9c532 100755 --- a/mirror-wrapper +++ b/mirror-wrapper @@ -3,6 +3,10 @@ # Configuration. COMMAND="/opt/bin/mirror" +DEPOSITORY="/data/depository" +MIRRORING_USER="mirroring" +SBOSRCARCH_USER="sbosrcarch" +DEPOSITORY_GROUP="depository" LOGSDIR="/var/log/duplication/mirroring/$(printf "%(%Y/%m)T")" LOGFILE="$(printf "%(%Y%m%d-%H%M%S)T")-$$" MIN_LOGFILE_SIZE="650" # Used to prevent unnecessary emails - only messages over this size are sent. @@ -22,9 +26,22 @@ notify() { return 0 } -# Don't run as root! -(( $(id -u) == 0 )) && { - printf "%s: %s\\n" "${0##*/}" "don't run me as root - it messes up permissions!" >&2 +# Only run for the configured mirroring user. +[[ "$(whoami)" != "$MIRRORING_USER" ]] && { + printf "%s: %s\\n" "${0##*/}" "must be run by the '$MIRRORING_USER' user - use su to run manually" >&2 + exit 1 +} + +# Make sure the logs directory exists. +# shellcheck disable=SC2174 +mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || { + printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2 + exit 1 +} + +# Make sure the command to do the work is runnable. +[[ ! -x "$COMMAND" ]] && { + printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2 exit 1 } @@ -46,22 +63,22 @@ fi # Logs are only for root. umask 027 -# Make sure the logs directory exists. -# shellcheck disable=SC2174 -mkdir -p -m 750 "$LOGSDIR" 2>/dev/null || { - printf "%s: %s\\n" "${0##*/}" "Failed to create logs directory '$LOGSDIR'" >&2 - exit 1 -} +# Drop the caches as sometimes old user/groups are cached. +sudo /opt/sbin/drop-caches -# Make sure the command to do the work is runnable. -[[ ! -x "$COMMAND" ]] && { - printf "%s: %s\\n" "${0##*/}" "'$COMMAND' is not executable" >&2 - exit 1 -} - -# Do the mirroring work. -"$COMMAND" "$@" >"$LOGSDIR/$LOGFILE" 2>&1 -ERR="$?" +# Make sure there's no errant ownerships. +WRONG_PERMS="$(find "$DEPOSITORY" \( \( \! -user "$MIRRORING_USER" -a \! -user "$SBOSRCARCH_USER" \) -o \( \! -group "$DEPOSITORY_GROUP" \) \) -a \! -path "$DEPOSITORY" -printf "%u:%g\t%P\n")" +if [[ -n "$WRONG_PERMS" ]]; then + printf "%s\\n" "This sync has been aborted!" >"$LOGSDIR/$LOGFILE" + printf "%s\\n" "The following files in have errant permissions:" >>"$LOGSDIR/$LOGFILE" + printf "%s\\n" "$WRONG_PERMS" >>"$LOGSDIR/$LOGFILE" + ERR=-1 +else + # Do the mirroring work. + export MIRRORING_USER + sg "$DEPOSITORY_GROUP" -c "$COMMAND" "$@" >"$LOGSDIR/$LOGFILE" 2>&1 + ERR="$?" +fi # Tell the sysadmin what went on. if (( "$ERR" == 0 )); then