[systemd-devel] [PATCH] Add usernames as arguments to tmpfiles ignore directives.

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Fri Jan 30 18:57:00 PST 2015


On Mon, Jan 12, 2015 at 06:03:31PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Jan 12, 2015 at 03:11:08PM +0100, Thomas Blume wrote:
> > On Donnerstag 2015-01-08 21:29, Zbigniew Jędrzejewski-Szmek wrote:
> > 
> > >On Thu, Jan 08, 2015 at 01:37:57PM +0100, Thomas Blume wrote:
> > >>Currently, systemd can only ignore files specified by their path, during
> > >>tmpdir cleanup. This patch adds the feature to give usernames as argument.
> > >>
> > >>During cleanup the file ownership is checked and files that match the specified
> > >>usernames are ignored.
> > >>
> > >>For example, you could give:
> > >>
> > >>X /tmp/* - - - - testuser3,testuser2
> > >I think the patch is useful, but the syntax is wrong. We already have a field
> > >for user name - it is the 4th column. The advantage is that it would be natually
> > >possible to extend it to groups.
> > 
> > I was looking at the UID column, but it seems that only one username can
> > be passed that way.
> > For a list of usernames, I'd have to tweak the get_user_creds function, which
> > seemed too intrusive to me.
> > In addition i->uid_set is set when UID is present, and I didn't want to have
> > some undesired side effects from this.
> I started refactoring the code because I want to add ACL setting functionality.
> I tried to add new functionality to the current code, but it was very messy.
> I'm maybe halfway done, so you can expect an update to this code within a week.
> One of the changes I'm doing is to allow multiple Items for the same path.
> This should make it very easy to support multiple UIDs (and GIDs) by simply
> parsing multiple lines, each specifying a single UID.
This part has now been merged. I also fixed a fairly interesting bug
where tmpfiles would bump the access time of the directories it was looking
at and prevent their cleanup. Now there are also debug statements attached
to all operations, so it is possible to follow what tmpfiles is doing more
easily. I think it should be fairly easy to rebase your patch on top of that.

Zbyszek



More information about the systemd-devel mailing list