On May 29, 2013 18:28 , Chris Hecker <chec...@d6.com> wrote:
> Oh, and the one in scripts/cron has a bug, it uses +1 instead of +0 for
> -mtime.
This is not a bug, "-mtime +0" assumes that you are using GNU find.
"-mtime +1", while more lax, will work correctly with all versions of
find. In practice, it is not a problem if some cookies/tickets hang
around for an extra day.
> Okay, is there any reason this is a bad idea?
>
> [root] /var/cosign# cat /etc/cron.hourly/cosign
> #!/bin/bash
> dirs=( /var/cosign/filter /var/cosign/daemon /var/cosign/tickets )
> for d in ${dirs[@]}; do
> [ -d $d ] && /usr/bin/find $d -type f -mtime +0 |
> /usr/bin/xargs /bin/rm -f
> done
> exit 0
>
> I have other related stuff in /var/cosign and your script (and the one
> in scripts) toasts everything old in subdirectories.
That's fine. Most people don't keep other stuff under /var/cosign,
hence the simpler example script in the cosign distribution.
> I want to delete all three of those old files, right, tickets, daemon,
> and filter (on machines running both the daemon and a service)?
Correct. And on each of your cosign-protected web servers (the machines
running the filter which are not central weblogin servers) you want to
delete old cookie files (/var/cosign/filter) and, if the
cosign-protected web server gets proxied Kerberos tickets from the
central weblogin servers then you want to delete expired ticket files on
these client webservers too.
--
Mark Montague
m...@catseye.org
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
