On Tue, Apr 07, 2020 at 11:17:23AM -0400, Bryan Steele wrote:
> On Tue, Apr 07, 2020 at 04:56:31PM +0200, Martijn van Duren wrote:
> > This came up during u2k20 while discussing tempfiles for gotweb inside a
> > chroot. At the moment we don't include it by default and ports have to
> > create it themselves. Since I assume we want web applications to run
> > inside a /var/www chroot as much as possible and even some libc
> > functions depend on /tmp being available I'd argue we should include it
> > by default.
>
> WIth FastCGI, perhaps I'm confused, but why do web applications need to
> be inside the /var/www chroot? Can't they be anywhere, or even have a
> seperate chroot directory? Should we be handling things things that
> are not in base?
Both slowcgi(8) and httpd(8) chroot to /var/www and are set to the www
user. The idea was to have /var/www/tmp created by default, but with
www:www ownership. This would eliminate multiple ports from creating the
directory and allow daily to clean the dir.
To Theo's point, how was /var/tmp used in the past that it caused
problems? I'm struggling to find any info in past mailing lists.
>
> > I also choose to make the directory 1777, similar to a normal /tmp,
> > since both multiple slowcgi or php-fpm pools can run simultaneously
> > under different users.
> >
> > The cleanup functions don't reflect the current /tmp cleanup style, but
> > we can move the existing find statements to -delete in a separate patch.
> >
> > I already had some positive feedback during u2k20 on the concept.
> > OK?
> >
> > martijn@
> >
> > Index: etc//daily
> > ===================================================================
> > RCS file: /cvs/src/etc/daily,v
> > retrieving revision 1.93
> > diff -u -p -r1.93 daily
> > --- etc//daily 9 Sep 2019 20:02:26 -0000 1.93
> > +++ etc//daily 7 Apr 2020 14:37:15 -0000
> > @@ -55,6 +55,11 @@ if [ -d /tmp -a ! -L /tmp ]; then
> > ! -path ./.ICE-unix ! -name . \
> > -execdir rmdir -- {} \; >/dev/null 2>&1; }
> > fi
> > +if [ -d /var/www/tmp -a ! -L /var/www/tmp ]; then
> > + cd /var/www/tmp && {
> > + find -x . -type f -atime +7 -delete 2>/dev/null
> > + find -x . -type d -empty -delete 2>/dev/null
> > +fi
> >
> > # Additional junk directory cleanup would go like this:
> > #if [ -d /scratch -a ! -L /scratch ]; then
> > Index: etc//rc
> > ===================================================================
> > RCS file: /cvs/src/etc/rc,v
> > retrieving revision 1.543
> > diff -u -p -r1.543 rc
> > --- etc//rc 24 Jan 2020 06:17:37 -0000 1.543
> > +++ etc//rc 7 Apr 2020 14:37:15 -0000
> > @@ -532,7 +532,7 @@ if [[ -f /etc/ptmp ]]; then
> > 'password file may be incorrect -- /etc/ptmp exists'
> > fi
> >
> > -echo clearing /tmp
> > +echo clearing temporary directories
> >
> > # Prune quickly with one rm, then use find to clean up /tmp/[lqv]*
> > # (not needed with mfs /tmp, but doesn't hurt there...).
> > @@ -540,6 +540,7 @@ echo clearing /tmp
> > (cd /tmp &&
> > find . -maxdepth 1 ! -name . ! -name lost+found ! -name quota.user \
> > ! -name quota.group ! -name vi.recover -execdir rm -rf -- {} \;)
> > +(cd /var/www/tmp && find . -x -delete)
> >
> > # Create Unix sockets directories for X if needed and make sure they have
> > # correct permissions.
> > Index: etc//mtree/4.4BSD.dist
> > ===================================================================
> > RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> > retrieving revision 1.314
> > diff -u -p -r1.314 4.4BSD.dist
> > --- etc//mtree/4.4BSD.dist 29 Nov 2019 03:28:20 -0000 1.314
> > +++ etc//mtree/4.4BSD.dist 7 Apr 2020 14:37:15 -0000
> > @@ -749,6 +749,7 @@ var
> > ..
> > run type=dir uname=root gname=daemon
> > mode=755
> > ..
> > + tmp type=dir uname=root gname=wheel
> > mode=01777
> > ..
> >
> > # ./var/audit
> >
> >
--
Tracey Emery
